Privacy Policy

Last updated: March 22, 2026

1. Introduction

This privacy policy explains how the PR macOS application (“Application”) handles your data. This policy applies only to the Application and not to the PR marketing website, which has its own privacy policy.

The Application is developed and published by Instoll Inc.

2. Operator

The Application is developed and published by Instoll Inc. For operator identification required under Japanese law, including representative name, address, and contact details, please visit https://instoll.com.

3. Our Privacy Principle

The Application is designed with a local-first architecture. Your code, pull request data, and review information are processed and stored on your device. Instoll Inc. operates a licensing server to manage subscriptions and application licenses, which stores minimal account information as described below. Your source code and repository contents are never transmitted to Instoll Inc.

4. Data Processed by the Application

4.1 GitHub Data

The Application retrieves the following data from GitHub using your existing gh CLI authentication:

• Pull request metadata (title, description, author, reviewers, status)
• File diffs and change statistics
• Review comments, inline comments, and review status
• Repository metadata (name, organization)
• Collaborator information (usernames, avatars)

This data is fetched directly from the GitHub API using your own credentials. Instoll Inc. never sees or accesses this data.

4.2 AI Processing Data

When using AI-powered features, the Application sends code and pull request content to AI providers for processing:

• Claude AI — data is processed through your preinstalled Claude CLI, which communicates with Anthropic’s services using your own subscription. The Application invokes the CLI as a subprocess and does not directly access Anthropic’s API. Instoll Inc. does not proxy, intercept, or store this data.
• Gemini — data is processed through your preinstalled Gemini CLI, which communicates with Google’s services using your own subscription. The Application invokes the CLI as a subprocess and does not directly access Google’s API. Instoll Inc. does not proxy, intercept, or store this data.
• Codex — data is processed through your preinstalled Codex CLI, which communicates with OpenAI’s services using your own subscription. The Application invokes the CLI as a subprocess and does not directly access OpenAI’s API. Instoll Inc. does not proxy, intercept, or store this data.
• Apple Intelligence — processing occurs entirely on your device using Apple’s FoundationModels framework. No data leaves your device for this provider.

Your use of these AI services is subject to their respective privacy policies.

4.3 Locally Stored Data

The Application stores the following data on your device:

• Token usage logs — stored in a SQLite database at ~/Library/Application Support/PR/token_usage.sqlite, tracking AI token consumption for your reference
• Cached data — pull request data is cached in memory (NSCache, up to 100 MB) with a default TTL of 5 minutes, automatically evicted under memory pressure
• User preferences — settings such as font size, appearance mode, and vim keybinding preferences, stored in macOS UserDefaults
• Session identifiers — deterministic UUIDs generated using SHA-1 (CommonCrypto) for session tracking within the Application; these never leave your device
• Viewed file state — tracks which files you have reviewed, synchronized bidirectionally with GitHub’s viewed state

4.4 Account and Subscription Data

If you subscribe to a paid plan, Instoll Inc. collects and stores the following data on its licensing server:

• Email address — used for account identification, transactional communications, and marketing communications (if you opt in)
• License key — a unique identifier for your subscription
• Subscription status — whether your subscription is active, expired, or cancelled
• Payment metadata — subscription plan, billing cycle, and transaction identifiers (Instoll Inc. does not store your credit card number or full payment details; payment processing is handled by Stripe)

4.5 Email Communications

Instoll Inc. may send you the following types of email:

• Transactional emails — important notices about your account, subscription, license changes, policy updates, and security alerts. These emails are necessary for the operation of your account and cannot be opted out of while your account is active.
• Marketing and promotional emails — product updates, feature announcements, and other promotional content. These emails are sent only with your prior consent (opt-in). You may unsubscribe at any time using the unsubscribe link included in each email.

4.6 Crash Reporting and Performance Monitoring

The Application uses Sentry to collect crash reports and performance data. This helps us identify and fix bugs, monitor app stability, and improve performance. Data sent to Sentry may include:

• Crash stack traces and error messages
• App version, macOS version, and device model
• Performance metrics (app launch time, screen load durations)
• Breadcrumbs (recent user interactions leading up to a crash)

Sentry does not receive your source code, pull request content, review comments, GitHub credentials, or AI provider API keys. Crash reporting is disabled in debug builds and only active in release builds distributed to users.

Sentry’s data processing is governed by Sentry’s Privacy Policy and Data Processing Agreement. Sentry stores data in the United States.

4.7 Data We Do Not Collect

Instoll Inc. does not collect:

• Your GitHub, AI provider, or CLI credentials or access tokens
• Your source code or repository contents
• Analytics or telemetry data from the Application (other than crash and performance data collected via Sentry as described in section 4.6)
• Location data

5. Data Transmission

The Application communicates with external services as described below.

Service	Accessed Via	Purpose
Instoll licensing server	HTTPS	License validation and subscription management
Stripe	HTTPS (via Instoll server)	Payment processing
GitHub	gh CLI	Fetching PR data, posting comments and reviews
Anthropic (Claude)	Claude CLI	AI-powered code review and summarization
Google (Gemini)	Gemini CLI	AI-powered code review and summarization
OpenAI (Codex)	Codex CLI	AI-powered code review and summarization
Apple Intelligence	FoundationModels framework	On-device AI processing
Sentry	HTTPS	Crash reporting and performance monitoring

Your source code and repository contents are not transmitted to Instoll Inc. or any Instoll-operated infrastructure.

6. Data Retention

• Account data — retained on the Instoll licensing server for the duration of your subscription and for a reasonable period after cancellation to fulfill legal and accounting obligations, after which it is deleted
• Payment data — Stripe retains payment data in accordance with its own data retention policy and applicable financial regulations
• In-memory cache — automatically evicted after 5 minutes (configurable) or when macOS reclaims memory
• SQLite database — persists on your device until you delete the Application or the database file
• UserDefaults — persists until you delete the Application or reset preferences
• Sentry crash data — retained for 90 days, after which it is automatically deleted
• Third-party services — data sent to GitHub, Anthropic, Google, and OpenAI is subject to their respective retention policies

7. Data Security

The Application relies on the following security measures:

• macOS sandboxing and file system permissions for local data protection
• HTTPS for all network communication with GitHub (via gh CLI)
• Credential delegation — the Application does not store credentials directly; it delegates all authentication and network communication to preinstalled CLIs (gh, Claude CLI, Gemini CLI, Codex CLI), which manage credentials and transport security through their own mechanisms
• Server-side encryption — account and subscription data stored on the Instoll licensing server is encrypted at rest and in transit
• Payment security — payment processing is handled entirely by Stripe, which is PCI DSS compliant; Instoll Inc. does not store or process credit card numbers

8. Children’s Privacy

The Application is not directed at children under 13 or minors as defined under the Civil Code of Japan. We do not knowingly collect information from children. If you are a minor, please use the Application with the consent of your parent or legal guardian.

9. Your Rights

For data stored on your device by the Application, you have full control to access, modify, or delete it at any time.

For account and subscription data held by Instoll Inc. on its licensing server, you may request access, correction, or deletion by visiting https://instoll.com. We will respond to your request within a reasonable period in accordance with applicable law. Deletion of account data may result in termination of your subscription and license.

For data held by third-party services (GitHub, Anthropic, Google, OpenAI, Apple, Stripe), please refer to their respective privacy policies and data management tools.

For additional rights under the GDPR or other data protection regulations, please refer to our GDPR Compliance documentation.

10. Compliance with the Act on the Protection of Personal Information

Instoll Inc. complies with the Act on the Protection of Personal Information of Japan (“APPI”). For code review functionality, the Application processes data locally on your device. For subscription and licensing features, Instoll Inc. collects and stores minimal personal information as described in this policy, acting as a business operator handling personal information under APPI.

10.1 Purpose of Use

To the extent that any information processed by the Application constitutes personal information, it is processed solely for the following purposes:

• Displaying and reviewing GitHub pull requests and associated metadata
• Providing AI-powered code review and summarization features
• Tracking AI token usage for the user’s own reference
• Storing user preferences for Application functionality
• Managing your subscription, license validation, and account
• Processing payments through Stripe
• Sending transactional emails related to your account and subscription
• Sending marketing and promotional emails (only with your opt-in consent)

10.2 Your Rights under APPI

Under APPI, you have the right to request disclosure, correction, addition, deletion, suspension of use, and erasure of your personal information. For data stored locally on your device, you can exercise these rights directly. For account and subscription data held by Instoll Inc., you may submit a request through https://instoll.com.

10.3 Supervisory Authority

The supervisory authority for personal information protection in Japan is the Personal Information Protection Commission (https://www.ppc.go.jp/).

11. Changes to This Policy

We may update this policy from time to time. We will provide at least thirty (30) days’ advance notice before material changes take effect, through the PR website, the Application, or other reasonable means. If you do not agree with the revised policy, you may stop using the Application before the changes take effect. Continued use of the Application after the effective date of the changes constitutes acceptance.

12. Governing Law and Jurisdiction

This policy is governed by and construed in accordance with the laws of Japan. Any legal action or proceeding arising out of or relating to this policy shall be subject to the non-exclusive jurisdiction of the Tokyo District Court as the court of first instance. This does not affect any mandatory jurisdiction rights you may have under the Code of Civil Procedure of Japan or other applicable law.

13. Contact

For questions about this privacy policy or operator identification required under Japanese law, please visit https://instoll.com.