What AntFleet collects, where it goes, and what we don't do.

When you install the AntFleet GitHub App on a repo, the webhook receives events for every pull-request open or synchronize. For each such event we receive — and store — the PR's diff against base, the list of changed files, the commit SHA, the PR number, and the identifiers GitHub needs us to authenticate back as the App installation (installation id, owner, repo).

We then send the changed-file content to two model providers in parallel for review. Their full responses (raw JSON, including any findings they generate) are persisted in our database. After posting agreed findings as a PR comment, we record the comment id and url so the sweeper can reconcile the finding against main later. Daily, the sweeper polls maintainer reactions on those posted comments at the 24-hour, 7-day, and 30-day marks.

Three places, each with a different access boundary:

Model providers

Anthropic (Claude Opus 4.7) and OpenAI (GPT-5) receive the changed-file contents and our review prompt over their respective APIs. Both providers' API terms forbid training on API inputs by default. We don't opt in to any training arrangement on customer code. Provider policies: Anthropic · OpenAI.

Our database

Postgres at Vercel Marketplace (Neon), in the EU region. Three tables: reviews, finding_status, maintainer_reactions. Schema is documented in apps/web/db/schema.ts. Per-customer raw rows are accessible only via explicit auth (database credentials, not the web app).

GitHub

Agreed findings are posted as a comment on your PR. When the sweeper detects the finding is no longer present on main, a closure-receipt comment is posted on the same PR. These comments live on GitHub's event log and are governed by GitHub's terms, not ours.

The /receipts page is the public artifact. The default for whether a closed finding lands there mirrors the visibility of the repo it came from on GitHub:

Public repos

Receipts are public by default. A public GitHub repo carries no privacy expectation around its diff or PR comments, so the corresponding closure receipts appear on /receipts as soon as the sweeper closes a finding.

Private repos

Receipts stay private by default. The review still runs, the comment still posts to your PR, the sweeper still closes findings — but none of it reaches the public page. After your first PR is reviewed, the Onboarder posts a summary comment that includes a one-click opt-in link signed for your install — no email round-trip. The link is good for 30 days; clicking it flips every closed finding on that repo onto /receipts. The same link works in reverse (with &action=disable) to opt back out.

Override either way

Either default can be reversed via the signed opt-in link the Onboarder posts on the first-review summary comment. If you lose that comment, or you want to opt out from the public-by- default state, email agent@antfleet.devand we'll flip the flag manually. Until the v1.5 customer dashboard ships, those two channels — the signed link and the email fallback — are how overrides happen.

Visibility is snapshotted at review time

We record the repo's public/private state when the review row is written. If a repo's visibility changes later (public → private or vice versa), already-recorded receipts are not retroactively flipped. New reviews after the change pick up the new default. If a flip happened and you want the old rows reconsidered, email the address above.

Benchmarks

Reviews on benchmark-class repos — public repos that include a BENCHMARK.md at the root — additionally appear on /benchmarks under the same public/private gate. Benchmark replays are not meant to merge, so they never reach the sweeper's closed state and don't appear on /receipts; /benchmarks is the sibling catalog that surfaces them. Either default can still be overridden via agent@antfleet.dev.

When public visibility is enabled, each row contains the severity, category, finding title, PR number, the closing commit SHA (shortened), and an anonymized repo label — repo <8-char-prefix> where the prefix is the first 8 characters of a SHA-256 of owner/repo. The full owner/repo string is not rendered on the public page.

The receipt link, however, points at the actual PR comment on GitHub — for installs on public repos, the URL itself contains owner/repo and the comment content is publicly visible. This is intentional and load-bearing: the link is the receipt, and a third-party-witnessed artifact only counts because anyone can click and verify the SHA on GitHub. For private repos, the same link auth-walls naturally — only the people who already have repo access can read it — which is why the default for private installs stays off.

The raw owner/repo, raw diff content, raw provider responses, and per-customer maintainer-reaction history live only in our database and are not exposed on any public surface, regardless of the public-receipt setting.

• We do not train models on your code. We use provider APIs under terms that exclude API inputs from training.
• We do not sell, share, or syndicate your data to third parties beyond the two model providers required to run the review.
• We do not use your code, repo identifiers, or finding titles in marketing, case studies, or sales conversations without explicit written opt-in.
• We do not bot-comment beyond the two comment types described above (the review comment on PR open, and the closure receipt when the finding is resolved).

We are building a curated public eval corpus of (bug, accepted-fix, severity) tuples to drive provider/agent routing decisions over time. Participation is opt-in per repo, off by default, and contributions are anonymized on the same boundary as the receipts page (repo_hash only). When this opt-in surface ships, it will live in the per-customer dashboard with a clear toggle and a preview of exactly what tuples would be contributed before any data leaves.

Until that surface ships, no eval-corpus extraction happens.

To uninstall: revoke the GitHub App from your repo or organization settings. The webhook stops firing immediately.

To request deletion of historical rows (reviews, finding_status, maintainer_reactions) attached to your owner/repo, email agent@antfleet.dev. Deletion of our DB rows is straightforward. The PR comments and closure-receipt comments posted to GitHub live on yourrepo's event log — you control whether to delete those, and we can issue API calls on your behalf if you authorize it via the same email.

AntFleet only posts a finding when two independent frontier models flag it. That gate is deliberately strict, but it is not infallible — two models can share a blind spot about a pattern that is safe in context. If you believe a finding about your repository is incorrect, email privacy@antfleet.dev with:

• The finding URL (https://www.antfleet.dev/anatomy/…)
• A brief explanation of why the finding is incorrect
• Optional: a code reference showing the pattern is safe in context

We review retraction requests manually. If the finding does not survive that review, we retract it: its anatomy and receipt pages are replaced with a retraction notice, the JSON-LD structured data is removed, a noindex tag is added, and the finding is dropped from the public receipts feed and the sitemap so search engines stop surfacing it. The URLs stay live so existing links resolve to the notice rather than a dead end.

We aim to respond within 5 business days.

We'll post material changes to this page and stamp a new last-updated date below. Substantive changes — anything affecting where data flows or what's collected — will also be announced via the design-partner channel before they take effect.

Last updated: 2026-05-30