Your code never reaches us.
No server sees your code. The app runs on your machine and talks directly to GitHub’s API using your own token. Our backend handles only sign-in, billing, and team seats — your code, diffs, and pull requests never touch it, so the strongest control isn’t a policy, it’s the architecture.
Architecture as the security boundary
Most tools ask you to trust a promise: “we won’t look at your code.” Pyor removes the promise by keeping your code off our servers entirely. Your repositories, diffs, and pull requests are fetched straight from GitHub to your device — our backend handles only sign-in, billing, and team seats, and never receives, stores, proxies, or indexes any of it.
That changes the question you have to ask. Instead of “how well does Pyor guard the code it holds?” the answer is simply: it doesn’t hold it. The data that matters to you stays where it already was — on GitHub and on your own machine.
- Direct to GitHub. Every request for repo data goes from the app to GitHub, authenticated with your token.
- No code in transit to us. We never see your source, your diffs, or your review notes — our backend has no endpoint that receives them.
- Local by default. Cached PR data and private review notes are written to your device, not uploaded.
Your token stays on your device
You sign in with GitHub, and Pyor authenticates to GitHub with the resulting token. It is stored locally and never transmitted to Pyor:
The OS secure keychain — macOS Keychain, Windows DPAPI, or Linux libsecret — holds the token. The app reads it through the operating system.
The token lives in your browser’s localStorage, scoped to your machine and origin. It is sent only to GitHub, never to us.
You stay in control. Pyor asks only for the read access it needs to show your reviews, and you can revoke its access from your GitHub settings at any time — instantly cutting Pyor’s access without our involvement, because the grant was never ours to begin with.
The little we process, and what we never touch
The only personal data we process is what it takes to run a website and bill Teams. We practice data minimization: if we don’t need it to do one of those two things, we don’t collect it.
- Payments via Polar. Polar is our merchant of record and handles all card data; card details never reach Pyor, and we keep only a Polar customer reference — never card numbers.
- TLS everywhere. All traffic to the website and to GitHub is encrypted in transit.
- Accounts & billing only. Email, account, organization, and billing status — the records a paid product legally needs.
Your repositories. Your diffs. Your pull requests. Your private review notes. Your GitHub token. None of it reaches our backend, so none of it is ours to lose, subpoena, or leak. Your use of GitHub remains governed by GitHub’s own terms and privacy statement.
Full detail lives in the Privacy Policy and the Sub-processors list.
A small surface, kept tidy
Because the product itself holds none of your code, the only thing we operate is the marketing site and a narrow backend for sign-in, billing, and team seats. We keep that surface deliberately small and run it on reputable, managed providers rather than bespoke infrastructure.
- Least privilege. Access to the few systems we do run is limited to those who need it, and scoped to what the task requires.
- Dependency hygiene. We track the libraries we ship, watch for known advisories, and update promptly.
- Managed payments. Sensitive payment handling is delegated to Polar, our merchant of record, rather than rebuilt in-house.
No method of transmission or storage is ever perfectly secure, and we won’t pretend otherwise. What we can say plainly is that the highest-value data — your code — is simply not in our custody.
Reporting a vulnerability
If you believe you’ve found a security issue, we want to hear from you. Email support@pyor.review with enough detail to reproduce it — affected URL or build, steps, and impact. Our machine-readable contact is published at /.well-known/security.txt (RFC 9116).
We authorize good-faith security research and will not pursue legal action for testing that respects users’ privacy, avoids data destruction or service degradation, stays within the scope below, and gives us reasonable time to remediate before any public disclosure. If you act in good faith within these rules, we’ll treat your research as authorized.
- The pyor.review web properties
- The Pyor application (com.pyor.app)
- GitHub itself and its APIs
- Third-party services (e.g. Polar, our host)
We currently offer public recognition and our genuine thanks for valid reports rather than a paid bounty. We’ll be honest with you about that up front — and we’ll keep you posted as we fix what you find.
Where we stand on formal audits
We don’t yet hold formal certifications — no SOC 2, ISO 27001, or PCI attestation of our own. We’d rather tell you that directly than imply a badge we haven’t earned.
Our strongest control isn’t a certificate; it’s the design: your code never reaches a server we run, so the most sensitive thing about your work is never in our hands. If that ever changes — if we add infrastructure that handles your data, or complete a formal audit — we’ll update this page to say so honestly.
Good-faith reports are welcome and covered by the safe harbor above.