Security and privacy are fundamental to how MattPM operates. Here's how we protect your team's information.
MattPM processes Git metadata to generate standups and delivery insights. We analyze commit messages, pull request data, and repository activity patterns to create meaningful status updates and productivity insights for your team. Our system operates entirely on metadata—we never access, store, or process your actual source code.
We do not store source code or employee PII. All data processing happens in real-time during analysis, and information is immediately discarded once insights are generated. Access is read-only using minimal GitHub scopes and can be revoked at any time through your GitHub organization settings. We maintain a zero-persistence policy for sensitive data.
We're aligned with GDPR/UK-GDPR compliance standards. Our data processing practices follow privacy-by-design principles, with transparent data handling and user control at every step. A Data Processing Addendum (DPA) is available on request for enterprise customers, and we maintain comprehensive audit logs for all data access activities.
Minimal OAuth scopes with no write permissions to your repositories.
We process metadata only—your source code never leaves GitHub.
Privacy-by-design with DPA available for enterprise customers.