privacy policy.

effective 2026-05-17

this policy explains what data schema labs oy ("schema", "we") collects, why, and what your rights are. we keep this short on purpose. if anything is unclear, email privacy@schema.dev.

1. the oss core collects nothing

the schema oss engine, installed locally, sends us zero telemetry. no usage events, no error reports, no machine identifiers. samplers are byok; your llm api calls go from your machine to your llm vendor (anthropic, openai, google) without passing through any schema server. this is a hard rule we will not change. the engine is mit licensed; you can verify this in the source.

2. what schema hub collects (founder, team, enterprise)

2.1 from you directly

  • email address (to sign in and contact you about your subscription)
  • stripe customer id and subscription status (to bill you)
  • company name (optional, for invoices)

2.2 from your github app installation

  • organisation and repo names you grant the app access to
  • pr metadata: pr number, author, base and head sha, title, file paths changed
  • commit shas referenced in the pr
  • the source files needed to extract the architectural graph for the changed scope

2.3 product usage we record for billing and reliability

  • count of prs reviewed per period
  • count of rule-pack evaluations
  • count of agents.md publishes
  • aggregated latency and error rates

we do not track which files you view in studio, which terminal commands you run, or any keystroke-level activity.

3. how long we keep it

  • source code: deleted after extraction. we do not retain a copy of your repo. ephemeral working storage is purged within 24 hours of the pr being closed or the extraction completing.
  • extracted graph: retained while your subscription is active so subsequent prs can reuse it. deleted within 30 days of subscription cancellation.
  • pr review comments: the comment text lives in your github account, not ours. our copy is kept for 90 days for debugging then deleted.
  • billing records: kept for 7 years as required by finnish bookkeeping law.
  • account email and subscription status: kept until you delete your account.

4. what we do not do

  • we do not sell your data to anyone.
  • we do not train any model on your code.
  • we do not share your code with any third party except the sub-processors named in section 5.
  • we do not run ads on schema.

5. sub-processors

we use these third parties to run hub. each is bound by a data-processing agreement and processes only the minimum data necessary:

  • stripe, inc. · payments and customer billing data.
  • resend · transactional emails (sign-in links, welcome, billing notifications).
  • neon, inc. · managed postgres for our application database.
  • vercel, inc. · hosting for our marketing site and api routes.
  • github, inc. · to the extent we make api calls to read your repo and post pr comments on your behalf.

we will update this list when we add or replace a sub-processor. material changes are announced 30 days in advance for paying subscribers.

6. your rights (gdpr, ccpa, and similar)

you can ask us to:

  • show you what personal data we hold on you (right of access);
  • correct anything wrong (right to rectification);
  • delete your account and all associated data (right to erasure);
  • export your data in a portable format (right to data portability);
  • stop using your data for any particular purpose (right to object).

email privacy@schema.dev and we will respond within 30 days. you also have the right to lodge a complaint with the finnish data protection ombudsman (tietosuoja.fi) or your local supervisory authority.

7. cookies

the marketing site sets no third-party tracking cookies. the app sets one strictly-necessary cookie called schema_session after you sign in. it is an http-only signed jwt and is required for the product to work; we do not ask for consent because no consent is required for strictly-necessary cookies under eu law.

8. data transfers

our sub-processors (stripe, resend, neon, vercel, github) process data primarily in the european union and the united states. transfers outside the eea rely on the standard contractual clauses approved by the european commission.

9. security

we encrypt data in transit (tls 1.3) and at rest (provider defaults at neon, vercel, stripe). we operate least-privilege access controls and log administrative actions. we will notify you of any breach affecting your personal data within 72 hours of discovery, per gdpr article 33.

10. children

schema is not for use by anyone under 18. we do not knowingly collect data from minors.

11. changes

material changes to this policy are announced 30 days in advance for paying subscribers. the effective date at the top of this page reflects the latest revision.

12. contact

controller: schema labs oy · helsinki, finland · privacy@schema.dev