Last modified: February 25, 2026.
Privacy Policy
Privacy Policy Overview
Scitor (scitor.io / scitorapp.com) is owned and operated by MindByte. Scitor ("we", "us" or "our") applies this policy to the Subscriber (the "Subscriber", "user", "you" or "your"). By using Scitor, you expressly consent to the data handling practices described in this notice.
We collect minimal information when you install Scitor: the name of the repositories, the owner organisation, and the GitHub user who initiates the installation. We also collect aggregate information on what pages visitors access on our website. The information we collect is used to improve the content of our web pages and the quality of our service, and is not shared with or sold to other organisations for commercial purposes, except to provide products or services you have requested, when we have your permission, or under the following circumstances: it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law. We transfer information about you if Scitor is acquired by or merged with another company. In this event, Scitor will notify you before information about you is transferred and becomes subject to a different privacy policy.
Platform Scope
Scitor is designed exclusively for use with GitHub.com. We do not support GitHub Enterprise Server, self-hosted GitHub instances, or other source code hosting platforms. By using Scitor, you acknowledge that your data flows through GitHub.com and is subject to GitHub's privacy policy in addition to this policy.
Information Gathering and Usage
You may provide personal information to Scitor when you sign up to use the service. Scitor uses collected information for the following general purposes: product and service provision, identification and authentication, service improvement, contact, and research. We do not persistently store email contents or email headers. Incoming email content is processed in-memory to create GitHub Issues or Discussions, then discarded. Email addresses used for sender blocking are stored in a hashed format and cannot be retrieved or reversed.
AI Processing
Incoming messages may be processed by AI to generate summaries, detect sentiment, classify request types, and suggest matching saved replies. This processing runs on Cloudflare Workers AI — the same edge infrastructure as the rest of the service. AI processing is used solely to apply labels, metadata, and agent-facing suggestions to the resulting GitHub Issue or Discussion. Message content is not stored, logged, or used for model training by Scitor. Cloudflare's Workers AI processes data in accordance with Cloudflare's privacy policy and does not use customer data for model training.
Cookies
The Scitor website uses minimal cookies. We do not use permanent cookies or third-party tracking cookies. Analytics, if enabled, are handled through privacy-respecting methods. You may use your browser settings to disable non-essential cookies.
Data Storage
Scitor runs on Cloudflare's global edge network. Cloudflare acts as a data processor on behalf of Scitor. Customer account data (installation details, configuration, metrics) is stored in Cloudflare D1. Email attachments are stored in Cloudflare R2. Temporary data such as cached configuration and authentication tokens is stored in Cloudflare Workers KV. All data is encrypted in transit and at rest. Although Scitor owns the code, databases, and all rights to the application, you retain all rights to your data.
Saved Replies & Configuration Data
Saved reply templates and configuration files (e.g.
.github/scitor.yaml)
are read from your GitHub repository via the GitHub API and cached
at the edge (Cloudflare Workers KV) for up to 5 minutes for
performance. These files are not permanently stored outside of your
GitHub repository. Cache entries are automatically invalidated when
you push changes to the relevant files.
Source Code
Scitor does not store any of your private source code unless given explicit, written permission to access it in order to provide support. Scitor does not store GitHub credentials. As a GitHub App, Scitor uses certificate authentication to obtain temporary tokens scoped to the permissions you grant during installation. You can revoke access at any time from your GitHub settings.
Email Delivery
Outbound emails (replies sent via slash commands) are delivered through a third-party email provider (currently Resend). The email provider processes the message content solely for the purpose of delivery and is subject to its own privacy policy. Scitor does not retain copies of outbound email content after delivery.
GitHub Actions & Workflows
Scitor triggers GitHub events (Issues, Discussions, labels) that may in turn trigger GitHub Actions workflows configured in your repository. Any data processing performed by your own GitHub Actions workflows is outside the scope of this policy and is your responsibility. Scitor does not control, monitor, or have access to the execution environment of your GitHub Actions.
Data Security
We always put security at the forefront of our services. All webhook payloads are verified using cryptographic signatures before processing. GitHub API access uses short-lived, scoped tokens. We cannot, however, ensure or warrant the security of any information you transmit to Scitor, and you do so at your own risk. We make industry-reasonable efforts to ensure the security of our systems. If you find a vulnerability, please report it to us immediately at info@scitor.io. We ask that you do not publicly share the issue until it has been resolved.
Disclosure
Scitor may disclose personally identifiable information under special circumstances, such as to comply with subpoenas or when your actions violate the Terms of Service.
Changes
Scitor may periodically update this policy without further notice to you. Changes will be reflected by the "last modified" date above. It is your responsibility to check this policy periodically for changes. Your continued use of or access to the Service following the posting of any changes to this policy constitutes acceptance of those changes. We will notify you about significant changes in the way we treat personal information by placing a prominent notice on our site.
Questions
Any questions about the Privacy Policy should be addressed to support@scitor.io.