Legal

Data handling

Last updated 16 July 2026 · DPA version 2026-07-16.

Aven connects to your engineering tools to assemble R&D evidence. This page describes exactly what we access, what we store, and your control over it.

Read-only access

Aven requests read-only scopes everywhere: GitHub App read scopes, and read-only OAuth for GitLab, Linear, Jira, Confluence and Notion. We cannot write to, modify, or delete anything in your tools.

We never store your source code

We ingest only:

  • commit messages, pull-request titles/descriptions and review summaries;
  • issue/ticket titles, descriptions, labels and status history;
  • metadata - authors, timestamps, and change counts.

We do not store file contents or code. Diffs and code blocks are stripped, and secret-shaped strings are redacted, at ingestion - before anything is saved.

Security & retention

  • Stored OAuth tokens are encrypted before they reach the database using AES-256-GCM. The encryption key is held separately as a restricted deployment secret, and tokens are never logged. GitHub installation tokens are short-lived and are not stored.
  • Your data is isolated per company and protected by row-level security.
  • Repository and page selections are saved as company-level processing instructions and reused for the current and future packs, including Annual monitoring, until you clear a selection or disconnect the tool. Clearing a selection immediately stops that source being used in a new analysis.
  • You can disconnect at any time. Disconnecting immediately erases Aven’s local OAuth credentials and re-ingestable connector cache. You should also revoke Aven in the provider’s settings if you want to end the provider-side grant.
  • Audit records and evidence already incorporated into controlled or released work are handled under the engagement’s retention obligations. You can request return or deletion of personal data, subject to legal retention requirements.
  • Identifier minimisation (Atlassian):from Jira and Confluence we keep display names embedded in the evidence trail only - never Atlassian account IDs - and we run Atlassian’s personal-data reporting cycle so anything flagged closed or updated is erased.

Processor status

When you connect a repository, Aven acts as a data processor of the personal data contained in that history (e.g. commit author identities). Before any connector redirect, an authorised representative must electronically accept the current company Data Processing Agreement in the dashboard. Aven keeps the signer, role, exact attestation, version and time as an immutable execution record.

Where AI processing happens

Aven uses the Anthropic API for specific evidence-assistance features. The data sent depends on the feature:

  • tailored interview questions: the project name, project summary and a bounded set of redacted evidence excerpts;
  • optional follow-up questions: the project name and the recorded interview questions and responses so far;
  • “Tidy my draft”: the question and the unsaved draft testimony the user chose to send for reorganisation.
  • internal narrative drafting and critique: the project name, redacted evidence excerpts, recorded testimony and, for critique, the current draft narrative sections.

These features do not send source code. Their output cannot determine eligibility, approve a project or release a pack, and it remains subject to deterministic checks and human review. Anthropic’s published standard API policy describes deletion of inputs and outputs within 30 days, subject to stated exceptions. Aven verifies the applicable contract, transfer mechanism and configuration through its legal and supplier review. This statement does not promise a shorter provider retention period or a model-training exclusion. See Anthropic’s retention information.

How we build the evidence itself

Our full evidence methodology and integrity statement - what rests on dated artefacts, what on recorded testimony, what is human-reviewed, and the lines we will not cross - ships with every pack and is public: Aven evidence methodology (PDF).