Data handling

Aven connects to your engineering tools to assemble R&D evidence. This page describes exactly what we access, what we store, and your control over it.

Read-only access

Today, Aven requests read-only GitHub App scopes. We cannot write to, modify, or delete anything in your repositories. GitLab, Jira and Linear connectors are planned with the same read-only boundary.

We never store your source code

We ingest only:

• commit messages, pull-request titles/descriptions and review summaries;
• issue/ticket titles, descriptions, labels and status history;
• metadata — authors, timestamps, and change counts.

We do not store file contents or code. Diffs and code blocks are stripped, and secret-shaped strings are redacted, at ingestion — before anything is saved.

Security & retention

• Access tokens are encrypted at rest (Supabase Vault), never logged, and revocable.
• Your data is isolated per company and protected by row-level security.
• You can disconnect at any time; ingested data is deleted on request.

Processor status

When you connect a repository, Aven acts as a data processor of the personal data contained in that history (e.g. commit author identities). We will only connect a real client’s repository under a signed data-processing agreement.