Privacy Policy

Introduction

Bridgeye Private Limited ("Bridgeye," "we," "our," or "us"), a company registered under the Companies Act, 2013 with the Registrar of Companies, Goa, India, values your privacy and is committed to protecting your personal information.

This Privacy Policy explains how we collect, use, disclose, and protect your information when you use NOVA (our "Service"), including our command-line interface tool, API services, and related services (collectively, the "Services").

This Privacy Policy is incorporated into and is subject to our Terms of Service. Your use of our Services and any personal information you provide remains subject to this Privacy Policy and our Terms of Service.

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not use our Services.

Important Notes About NOVA's Architecture

Before detailing our data practices, it's important to understand how NOVA works:

What We DO

• Authenticate you via GitHub OAuth
• Route your debugging requests to third-party AI providers (Groq, OpenAI, Anthropic, DeepSeek)
• Collect minimal usage analytics
• Process your code temporarily during active debugging sessions

What We DO NOT Do

• Store your source code on our servers
• Access your repositories without your explicit debugging action
• Use your code to train our AI models
• Sell your data to third parties
• Monitor your local development activity

1. Information We Collect

1.1 Information You Provide to Us

Account Information (via GitHub OAuth)
When you authenticate with GitHub, we collect:

• GitHub username
• Email address
• GitHub user ID
• Public profile information (name, avatar, bio)
• GitHub authentication tokens (stored securely, encrypted)

We do NOT collect:

• Your GitHub password
• Private repository contents (unless you explicitly send code from them for debugging)
• Commit history or repository activity
• Your SSH keys or personal access tokens beyond OAuth

Payment Information (for Paid Plans)
When you subscribe to a paid plan, we collect:

• Billing name and address
• Payment method details (processed by Stripe/Razorpay, not stored by us)
• GST identification number (if applicable)
• Transaction history

We do NOT store:

• Credit card numbers
• CVV codes
• Bank account details

Our payment processors (Stripe/Razorpay) handle and store payment information according to PCI-DSS standards.

1.2 Information We Collect Automatically

Service Usage Information
When you use NOVA, we automatically collect:

Command Execution Data

• Commands executed (e.g., nova fix, nova test)
• Timestamp of command execution
• Success/failure status
• Error messages (if any)
• Response times

Context Information

• Number of files analyzed
• Size of code context sent (in tokens)
• Programming languages detected
• Third-party AI provider used for the request

Performance Metrics

• CLI tool version
• Operating system and version
• System performance during execution
• Network latency

We do NOT collect:

• Your actual source code (unless during an active debugging session, and it's not stored)
• File names or directory structures
• Environment variables or configuration files
• Local development activity when NOVA is not actively running

Device Information
We collect minimal device information:

• Operating system (macOS, Linux, Windows)
• System architecture (x86, ARM, etc.)
• CLI installation method (npm, Homebrew, etc.)
• IP address (for authentication and security purposes only)

Analytics Information
We use analytics to improve our Services:

• Feature usage patterns (which commands are used most)
• Error rates and types
• Average session duration
• User retention and engagement metrics

All analytics are collected in aggregated, anonymized form.

1.3 Information We Do NOT Collect

To be absolutely clear, we do NOT collect, store, or monitor:

• Your source code files (except temporarily during active debugging)
• Repository contents
• Local file system information
• Environment variables or secrets
• Database credentials or API keys
• Browsing history or activity outside NOVA
• Screenshots or recordings
• Clipboard contents
• Any information from your local machine beyond what's needed to execute NOVA commands

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Improve Our Services

• Authentication: Verify your identity via GitHub OAuth
• Service Delivery: Route your debugging requests to appropriate AI providers
• Code Processing: Temporarily transmit selected code context to AI providers for debugging
• Feature Functionality: Enable CLI commands, context selection, and code fixes
• Performance Optimization: Improve routing algorithms and response times
• Bug Fixes: Identify and resolve technical issues
• Feature Development: Build new features based on usage patterns

2.2 For Communications

• Support: Respond to your inquiries and provide customer support
• Service Notifications: Send important service announcements, security alerts, and updates
• Marketing (with consent): Send promotional emails about new features or plans (you can opt out anytime)
• Billing: Send subscription confirmations, invoices, and payment receipts

2.3 For Security and Compliance

• Security: Detect and prevent fraud, abuse, and unauthorized access
• Monitoring: Identify unusual usage patterns that may indicate security issues
• Legal Compliance: Comply with Indian laws and regulations, including:
  • Information Technology Act, 2000
  • IT Rules 2011 (Sensitive Personal Data)
  • IT Rules 2021 (Intermediary Guidelines)
  • GST regulations
• Terms Enforcement: Enforce our Terms of Service

2.4 For Analytics and Research

• Usage Analytics: Understand how users interact with NOVA
• Service Improvement: Identify which features are most valuable
• Algorithm Optimization: Improve our context selection and routing algorithms
• Market Research: Understand developer needs and pain points

3. How We Share Your Information

We do not sell your personal information to anyone.

We may share your information in the following limited circumstances:

3.1 With Third-Party AI Providers

This is the most important section to understand.

When you use NOVA to debug code, we transmit selected code context to third-party AI providers.

Current Third-Party Providers

• Groq (https://groq.com)
• OpenAI (https://openai.com)
• Anthropic (https://anthropic.com)
• DeepSeek (https://deepseek.com)

What We Share

• Selected code snippets (typically <8,000 tokens)
• Error messages and logs
• Minimal context about your debugging request

What We Do NOT Share

• Your GitHub account information
• Your full repository contents
• Your email address or personal information
• Payment information
• Your complete codebase

Important Provider Considerations

1. Zero-Retention Agreements: We negotiate with providers to not retain your data after processing. However, we cannot guarantee provider compliance.
2. Provider Privacy Policies: Each provider has its own privacy policy and data handling practices. We recommend reviewing:
   • OpenAI Privacy Policy: https://openai.com/privacy
   • Anthropic Privacy Policy: https://www.anthropic.com/privacy
   • Groq Privacy Policy: https://groq.com/privacy-policy
   • DeepSeek Privacy Policy: https://www.deepseek.com/privacy
3. Training Data: We do not authorize providers to use your code for model training, but we cannot control their practices. Most providers state they do not use API data for training, but you should verify this yourself if you have specific concerns.
4. Data Location: Some providers may process data outside India. Your code may be transmitted to servers in the United States, Europe, or other locations.

3.2 With Service Providers

We share minimal information with trusted service providers who help us operate our Services:

Payment Processors

• Stripe (https://stripe.com/privacy)
• Razorpay (https://razorpay.com/privacy)
• Purpose: Process payments and subscriptions
• Data shared: Billing information, transaction amounts

Analytics Providers

• PostHog (self-hosted or cloud)
• Mixpanel
• Purpose: Understand product usage
• Data shared: Aggregated, anonymized usage metrics

Infrastructure Providers

• Cloud hosting (AWS, Google Cloud, or similar)
• Purpose: Host our API and authentication services
• Data shared: Authentication tokens, minimal user metadata

All service providers are contractually obligated to:

• Use your data only for providing services to us
• Protect your data with appropriate security measures
• Not use your data for their own purposes
• Comply with applicable data protection laws

3.3 For Legal Purposes

We may disclose information if required to do so by law or in good faith belief that such action is necessary to:

• Comply with Indian legal obligations, including:
  • Court orders or subpoenas
  • Government investigations
  • Law enforcement requests
  • Tax authority requirements
• Protect and defend Bridgeye's rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Prevent or investigate possible wrongdoing
• Enforce our Terms of Service

We will notify you of legal requests for your information unless prohibited by law.

3.4 In Business Transfers

In the event of a merger, acquisition, bankruptcy, or other sale of all or a portion of our assets, user information may be transferred as part of the business transaction.

We will notify you via email or a prominent notice on our Service of:

• Any change in ownership
• Any changes to how your personal information will be used
• Your choices regarding your information

3.5 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

4. Your Rights and Choices

Under Indian law, including the Information Technology Act, 2000 and its rules, you have several rights regarding your personal information:

4.1 Access Your Information

• Access your account information at any time
• Request a copy of your personal information we hold
• Understand how we process your information

How to exercise: Email bridgeye.ai@gmail.com with your request.

4.2 Correct Your Information

• Update your account information
• Correct inaccurate or incomplete information

How to exercise: Update via your account settings or email bridgeye.ai@gmail.com.

4.3 Delete Your Information

• Request deletion of your account and associated data
• Withdraw consent for data processing

How to exercise: Email bridgeye.ai@gmail.com with "Account Deletion Request" in the subject line.

What happens when you delete your account:

• Your GitHub authentication tokens are immediately revoked
• Your account information is deleted within 30 days
• Usage analytics are retained in anonymized, aggregated form
• We may retain certain information as required by Indian law (e.g., GST invoices, payment records)

4.4 Control Third-Party Sharing

Regarding AI Provider Sharing:

• You cannot use NOVA without your code being sent to AI providers (this is how the service works)
• If you're uncomfortable with this, you should not use NOVA
• Consider using NOVA only with non-sensitive, non-proprietary code if you have concerns

4.5 Communication Preferences

Service Announcements (cannot opt out):

• Critical security updates
• Service disruptions
• Changes to Terms or Privacy Policy
• Billing notifications

Marketing Communications (can opt out):

• New feature announcements
• Promotional offers
• Product updates

How to opt out: Click "Unsubscribe" in any marketing email or email bridgeye.ai@gmail.com.

4.6 GitHub Account Disconnection

You can disconnect your GitHub account at any time:

• Via your NOVA account settings
• By revoking OAuth access in GitHub settings (https://github.com/settings/applications)
• Disconnecting will terminate your access to NOVA until you re-authenticate

4.7 Data Portability

You have the right to receive your personal information in a structured, commonly used, machine-readable format.

How to exercise: Email bridgeye.ai@gmail.com with "Data Export Request."

We will provide:

• Your account information (JSON format)
• Your usage statistics (CSV format)
• Your subscription history (PDF format)

We cannot provide:

• Code you submitted (we don't store it)
• Data held by third-party AI providers

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

5.1 Technical Measures

Encryption

• TLS 1.3 for data in transit
• AES-256 encryption for sensitive data at rest
• Encrypted storage of GitHub authentication tokens

Access Controls

• Role-based access control (RBAC)
• Multi-factor authentication for internal systems
• Principle of least privilege
• Regular access audits

Infrastructure Security

• Secure cloud hosting with reputable providers
• Regular security assessments and penetration testing
• Automated vulnerability scanning
• Security monitoring and logging
• Intrusion detection systems

Application Security

• Secure coding practices
• Regular security audits
• Dependency vulnerability scanning
• Security headers and CSP

5.2 Organizational Measures

• Data protection and privacy policies
• Security incident response plan
• Employee confidentiality agreements
• Regular security training
• Only authorized personnel have access to personal information
• Access is logged and monitored
• Background checks for employees handling sensitive data

5.3 Limitations of Security

However, no method of transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

You acknowledge and accept that:

• Internet transmission is inherently insecure
• Third-party AI providers have their own security practices (which we cannot control)
• Your own device security affects overall security
• Social engineering or phishing could compromise your account

Your Responsibilities

• Keep your GitHub credentials secure
• Use strong, unique passwords
• Enable two-factor authentication on GitHub
• Keep your system and NOVA CLI updated
• Don't share your account with others
• Report security incidents immediately to bridgeye.ai@gmail.com

6. Data Retention

We retain your information for different periods depending on the type of data and legal requirements:

6.1 Account Information

While Your Account is Active

• GitHub authentication tokens: Retained until you disconnect or delete account
• Profile information: Retained while account is active
• Subscription information: Retained while subscription is active

After Account Deletion

• Most account data: Deleted within 30 days
• Financial records: Retained for 7 years (as required by Indian tax laws)
• Aggregated analytics: Retained indefinitely in anonymized form

6.2 Usage Data

• Detailed usage logs: 12 months
• Aggregated analytics: Indefinitely (anonymized)
• Error logs: 90 days
• Performance metrics: 12 months

6.3 Code Submissions

• Code is transmitted to AI providers during active debugging sessions
• Code is immediately discarded after the session ends
• We do not create backups or archives of submitted code
• We cannot recover code you've submitted in the past

6.4 Legal and Compliance

We may retain certain information longer if required by:

• Indian law and regulations
• Tax authorities (GST, Income Tax)
• Court orders or legal proceedings
• Contractual obligations

7. Children's Privacy

NOVA is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are under 13, you may not use NOVA without parental consent. If you are between 13 and 18, you may use NOVA only with the consent and supervision of a parent or legal guardian.

If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information as quickly as possible.

If you believe we have collected information from a child under 13, please contact us immediately at bridgeye.ai@gmail.com.

8. International Data Transfers

Bridgeye Private Limited is based in India. However, our Services involve data transfers outside India:

8.1 Where Your Data Goes

• Your code may be transmitted to third-party AI providers in the United States (OpenAI, Anthropic, Groq)
• Your code may be transmitted to third-party AI providers in China (DeepSeek)
• Your code may be transmitted to cloud infrastructure providers (AWS, Google Cloud) in various regions

Your account information may be stored in:

• India (primary)
• United States (backup and redundancy)

8.2 Legal Basis for Transfers

We transfer data internationally based on:

• Your explicit consent (by using the Services)
• Necessity for contract performance (to provide debugging services)
• Legitimate interests (to operate and improve our Services)

8.3 Data Protection Standards

When transferring data internationally, we ensure appropriate safeguards:

• Standard contractual clauses with service providers
• Encryption of data in transit
• Data processing agreements
• Regular security assessments

8.4 Your Rights

If you are concerned about international data transfers:

• You may choose not to use NOVA
• You may use NOVA only with non-sensitive code
• You may request information about specific transfers by emailing bridgeye.ai@gmail.com

By using NOVA, you consent to the international transfer of your information as described in this Privacy Policy.

9. Compliance with Indian Laws

9.1 Information Technology Act, 2000

We comply with the Information Technology Act, 2000, and all applicable rules and amendments, including:

IT (Reasonable Security Practices) Rules, 2011

• We implement reasonable security practices
• We maintain comprehensive privacy policies
• We obtain consent for sensitive personal data processing
• We provide mechanisms for data access and correction

IT (Intermediary Guidelines) Rules, 2021

• We act as an intermediary providing debugging services
• We do not actively select or modify user content
• We comply with takedown and reporting requirements
• We have a grievance redressal mechanism

9.2 Sensitive Personal Data

Under Indian law, sensitive personal data includes passwords, financial information, and biometric data.

What we collect

• Passwords: Only GitHub OAuth tokens (encrypted)
• Financial information: Via payment processors (not stored by us)
• Biometric data: None

We handle sensitive personal data with heightened security measures as required by law.

9.3 Data Localization

We are monitoring developments in Indian data protection laws, including:

• Personal Data Protection Bill (pending legislation)
• RBI data localization requirements (not applicable to us)
• Potential future localization requirements

We may adjust our data practices to comply with new laws as they come into effect.

10. Third-Party Links and Services

10.1 GitHub Integration

NOVA integrates with GitHub for authentication. When you connect your GitHub account:

• You are subject to GitHub's Terms of Service (https://docs.github.com/en/site-policy/github-terms/github-terms-of-service)
• You are subject to GitHub's Privacy Statement (https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement)
• GitHub may collect additional information about your NOVA usage

We recommend reviewing GitHub's policies to understand how they handle your information.

10.2 Third-Party AI Providers

When NOVA sends your code to third-party AI providers, you are subject to their respective policies:

• OpenAI: https://openai.com/terms / https://openai.com/privacy
• Anthropic: https://www.anthropic.com/terms / https://www.anthropic.com/privacy
• Groq: https://groq.com/terms / https://groq.com/privacy-policy
• DeepSeek: https://www.deepseek.com/terms / https://www.deepseek.com/privacy

We are not responsible for the privacy practices of these third parties. You use their services at your own risk.

10.3 No Endorsement

Mentioning third-party services does not imply endorsement. We do not guarantee the privacy practices or security of any third-party service.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our data practices
• New features or services
• Changes in applicable laws
• Feedback from users or regulators

11.1 How We Notify You

For material changes, we will notify you by:

• Email to your registered address (at least 30 days before changes take effect)
• Prominent notice in the NOVA CLI tool
• Notice on our website (nova.bridgeye.ai)

For minor changes, we will:

• Update the "Last Updated" date at the top
• Post the revised policy on our website

11.2 Your Acceptance

Your continued use of NOVA after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

If you do not agree with the changes:

• You must stop using NOVA
• You may request deletion of your account
• We will process your deletion request under the previous policy if requested within 30 days of the change

11.3 Version History

We maintain a version history of our Privacy Policy. You can request previous versions by emailing bridgeye.ai@gmail.com.

12. Grievance Redressal

In compliance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer to address your concerns:

Grievance Officer
Name: [Grievance Officer Name]
Email: bridgeye.ai@gmail.com
Address: [Ponda], Goa, India

How to File a Grievance

1. Email bridgeye.ai@gmail.com with:
   • Your name and contact information
   • Description of your grievance
   • Any supporting documentation
   • Your desired resolution
2. Acknowledgment: We will acknowledge your grievance within 24 hours
3. Resolution: We will resolve your grievance within 15 days of receipt

Types of Grievances We Address

• Privacy violations or data breaches
• Unauthorized access to your account
• Violations of our Terms of Service or Privacy Policy
• Complaints about content or conduct
• Technical issues affecting your privacy
• Requests for data access, correction, or deletion

Escalation: If you are not satisfied with our resolution, you may:

• Contact our senior management at bridgeye.ai@gmail.com
• File a complaint with appropriate Indian authorities
• Seek legal remedies under Indian law

13. Contact Information

General Privacy Inquiries

• Email: bridgeye.ai@gmail.com
• Response time: 7 business days

Security Issues

• Email: bridgeye.ai@gmail.com
• Subject: "SECURITY URGENT" for critical issues
• Response time: 24 hours for urgent matters

Data Subject Rights

• Email: bridgeye.ai@gmail.com
• Subject: "Data Rights Request"
• Response time: 30 days (as required by law)

Grievances

• Email: bridgeye.ai@gmail.com
• Response time: 24 hours acknowledgment, 15 days resolution

Registered Office

Bridgeye Private Limited
[Goa, India]
Goa, India
CIN: [U62010GA2026PTC017840]

Mailing Address

[Ponda, Goa-India]

14. Your Consent

By using NOVA, you consent to:

1. Collection of information as described in this Privacy Policy
2. Processing of your information for the purposes stated
3. Transmission of your code to third-party AI providers
4. International transfer of your information as described
5. Storage of your information in India and other locations
6. Sharing of your information with service providers as described
7. Use of cookies and similar technologies (if applicable)

If you do not consent, you may not use NOVA.

You may withdraw your consent at any time by:

• Deleting your account
• Discontinuing use of NOVA
• Emailing bridgeye.ai@gmail.com with "Withdraw Consent"

However, withdrawal of consent may prevent us from providing Services to you.

15. Updates and Notices

• Last Updated: February 22, 2026
• Effective Date: February 22, 2026
• Version: 1.0

16. Legal Framework

This Privacy Policy is governed by:

Indian Laws

• Information Technology Act, 2000
• IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
• Any other applicable Indian laws and regulations

International Frameworks (for reference)

• We strive to align with GDPR principles where applicable
• We follow PCI-DSS standards for payment processing
• We adopt ISO 27001 security practices

In case of conflict: Indian law shall prevail.

17. Transparency Report

We believe in transparency. We may publish periodic transparency reports disclosing:

• Number of data requests from government authorities
• Number of accounts affected
• Types of data requested
• Our response to requests

Transparency reports will be published at nova.bridgeye.ai/transparency (when available).

© 2026 Bridgeye Private Limited. All rights reserved.
Company registered under the Companies Act, 2013
Registrar of Companies: Goa, India
CIN: [U62010GA2026PTC017840]

Acknowledgment: By signing up or by using NOVA, you acknowledge that you have read, understood, and agree to this Privacy Policy.