Data & Privacy
Dev Herald is designed to process automation signals from CI and post structured feedback into pull requests. We intentionally minimize the data we collect and store.
Code Blindness
Dev Herald does not access or store your source code.
All data formatting and processing happens inside the Dev Herald GitHub Action, which runs in your own CI environment.
The Dev Herald API only receives structured data that your CI pipeline explicitly sends.
For example, a workflow may send data such as:
- Test summary counts (passed / failed)
- Deployment URLs
- Bundle size metrics
- Custom structured tables
Dev Herald does not receive raw repository data such as:
- Source files
- package.json or dependency manifests
- Test files
- Build artifacts
- Git history
Dev Herald also does not clone repositories or inspect commits.
This architecture ensures Dev Herald operates without visibility into your codebase, and only receives the structured signals you choose to send.
GitHub Permissions
Dev Herald operates through a GitHub integration with minimal permissions.
Required permissions:
- Pull Requests (Read) - to identify PRs and update comments
- Pull Requests (Write) - to post automation comments
- Issues (Write) - required by GitHub for PR comments (PRs use the Issues API)
Dev Herald does not request access to:
- Repository source code
- Commit contents
- Repository secrets
- GitHub Actions artifacts
The integration is limited to what is required to create and update pull request comments.
What Data Dev Herald Stores
To support features like sticky comments and structured automation signals, Dev Herald stores a small amount of metadata.
This may include:
- Repository name
- Pull request number
- Comment template used
- Template data sent from CI
- Generated comment content
- Internal comment identifiers for updating sticky comments
No repository source code or commit history is stored.
Data Residency
Dev Herald stores operational data in secure cloud infrastructure hosted in AWS.
All data is:
- Encrypted in transit (HTTPS / TLS)
- Encrypted at rest
Stored data consists only of automation metadata required to generate and maintain PR comments.
Data Retention
Dev Herald retains comment history to support sticky comments and historical context.
By default:
- Comment records are retained indefinitely
Future versions may introduce configurable retention policies for teams with stricter compliance requirements.
Data Deletion Requests
Repository owners may request permanent deletion of stored Dev Herald data.
To request deletion, contact: