We collect the minimum necessary to run Stoney. No tracking pixels, no ad networks, no selling your data.
When you sign up, we collect your name and email address via OAuth (Google or GitHub) or magic-link email. We do not store passwords.
Org name, plan tier, member roles, and the product description you optionally provide during setup. Member roles enforce plan limits and access control.
With your permission, Stoney's GitHub App reads the repositories you select. We process route definitions, handler source snippets, pull-request titles/bodies/diffs, and commit authorship. We do not persist your full source code; we persist the derived rules and the specific diff excerpts that appear in drift-forensics reports.
For every PR we analyze, we store: PR number, title, author handle, head SHA, the findings Stoney's pre-merge rule check produced, and the GitHub Check Run link. The underlying diff is sent to Anthropic for analysis (see Sub-processors) but is not persisted on our side except as short excerpts inside drift-forensics reports.
If you connect Jira, Stoney syncs ticket keys, summaries, descriptions, issue types, statuses, labels, reporter + assignee emails, and timestamps for the projects you grant access to. We also generate vector embeddings (via Voyage AI) so tickets can be correlated with code and PR data.
Rules, rule contracts, contract suggestions, and their provenance links (to tickets and PRs) are stored to power the dashboard, audit trail, and SOC 2 export.
Every drift violation, its cached forensic report (PR attribution, diff excerpt, contradicted ticket, confidence), every escalation dispatched (Slack DM / Jira comment), and acknowledgements. Escalation payloads are stored for the audit trail.
Every rule approval, dismissal, owner override, and admin action is recorded with actor id, actor email (when available), IP, user agent, and timestamp. This powers the compliance export.
When your CI pushes a contract run, we store which contracts passed or failed, the Git SHA, branch name, actor, duration, and timestamp. We do not store HTTP request/response payloads.
Only the SHA-256 hash of API tokens is stored. The raw token is shown once at creation and never retrievable.
OAuth tokens + bot tokens for Jira, Slack, and GitHub App installation identifiers are stored AES-256-GCM encrypted at rest, keyed by a server-side secret. Credentials are never rendered back to the UI.
Billing is handled by Lemon Squeezy (Merchant of Record). We store your Lemon Squeezy customer id and subscription status. We never see or store card numbers, CVVs, or bank details.
Server-side logs for debugging and reliability. These may include IP addresses and are retained for 30 days before automatic purge.