This Privacy Policy explains what we collect when you use Metaheuristic, how we use it, and the controls you have. We try to keep it short and concrete.
1. What we collect
Account data. Email, name, organization, and authentication identifiers from the provider you sign in with.
Submitted code. Diffs, file paths, commit metadata, and any context you attach to a review request.
Reviewer data. Profile, languages, stack, availability, payout details, and verdict history.
Usage data. API requests, IP address, user agent, timestamps, error logs, and aggregate latency metrics - used to operate and secure the service.
Cookies. A small number of strictly-necessary cookies for sign-in and session state. We do not run advertising or cross-site tracking cookies.
2. How we use it
- Routing diffs to reviewers matched on language, domain, and stack
- Delivering verdicts and audit trails back to submitters
- Billing for submitters and paying out reviewers
- Securing the service - abuse prevention, rate limiting, fraud detection
- Improving the product in aggregate (we do not train models on your code)
3. Who we share it with
- The assigned reviewer for a given diff (and only that reviewer) sees the submitted code
- Subprocessors that run our infrastructure: cloud hosting, database, email delivery, payment processing. A current list is available on request at privacy@metaheuristic.co
- Authorities when required by law, with notice to you unless legally prohibited
We do not sell personal information.
4. Code and confidentiality
Submitted code is treated as confidential. Reviewers accept a confidentiality agreement before joining the marketplace. After a verdict is delivered, the code is retained for the audit window selected by your plan, then deleted. We do not use submitted code to train AI models.
5. Data retention
- Account data: for the life of your account, plus 12 months after closure
- Diffs and verdicts: for the audit window of the SLA tier (default 90 days), unless you delete sooner
- Logs: 30 days
- Billing records: 7 years (legal requirement)
6. Security
We encrypt data in transit (TLS 1.2+) and at rest. Access to production systems is limited to a small set of engineers, gated by SSO and hardware keys. Report security issues to security@metaheuristic.co.
7. Your rights
Depending on where you live (GDPR, CCPA, etc.), you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Object to certain processing
Email privacy@metaheuristic.co and we’ll respond within 30 days.
8. International transfers
We operate primarily in the EU and US. When data crosses borders, we rely on Standard Contractual Clauses or equivalent safeguards.
9. Children
The service is not directed at children under 16. We do not knowingly collect data from children.
10. Changes
We may update this policy. Material changes will be announced via email or in-product at least 14 days before they take effect.
11. Contact
Privacy questions: privacy@metaheuristic.co