What we access, where it lives, how to delete it.

From GitHub, Pronto reads:

• PR metadata — title, author, state, labels, requested reviewers
• Check status — pass / fail / pending
• Review state — approvals, change requests, comments (counts only, not text bodies)
• Your notification feed

From Slack (only if you install the Slack app): workspace membership, channel list, your user identity. Pronto never reads message content.

• Code, file contents, or diffs
• Comment bodies on PRs
• Issue contents
• Any repository the GitHub App isn't explicitly installed on

Pronto for Slack stores PR metadata in a managed Postgres instance on Railway (US region), encrypted at rest. Pronto for Mac keeps all data locally on your machine in ~/Library/Application Support/Pronto; nothing leaves your device for the native app.

Active workspaces: PR metadata is retained while a PR is open and for 30 days after it closes. After that, only aggregate counts remain. If you uninstall, all your data is purged within 7 days.

Uninstall the GitHub App or the Slack app to revoke access. To purge data immediately, email hello@pronto.so from the address tied to your account.

• Railway — hosting (Postgres, Redis, app server)
• Cloudflare — CDN + edge hosting for this website
• Stripe — billing
• Slack — required for Pronto for Slack
• GitHub — required for both surfaces

Email security@pronto.so. We respond within 48 hours. We don't currently run a paid bounty program but we'll publicly credit valid reports if you'd like.