Latchkey is committed to protecting the privacy and security of your data. This Privacy Policy explains how we collect, use, and safeguard your information.
Latchkey ("we," "our," or "us") is committed to protecting the privacy and security of your data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website located at https://www.latchkey.dev/ (the "Site") and our AI-powered CI/CD monitoring services (the "Service").
By using our Service, you agree to the collection and use of information in accordance with this policy.
Effective Date: May 18, 2026
Contact: legal@latchkey.dev
We collect only the minimum amount of data required to provide actionable insights and optimize your pipelines.
Latchkey does not store or retain your source code. The analytics integration analyzes metadata, workflow YAML files, and logs — never source code. When you use Latchkey Runners, your code is checked out into an ephemeral, isolated runner instance solely to execute that job, and the runner is destroyed at job completion. No source code persists on Latchkey infrastructure between jobs.
By default, Latchkey does not use your proprietary logs, workflow files, or source code to train global, multi-tenant AI models. AI features — insights, AI Scan runner configurations, and self-healing — operate on your workspace's data for your workspace's benefit. We reserve the right to use de-identified, aggregated metadata (such as job durations and failure-category counts) to improve our algorithms and service performance, in a form that cannot be traced back to you or your workspace.
We use the collected data for the following purposes:
To generate analytics dashboards, cost reports, and optimization insights.
To provision, operate, and tear down the ephemeral Latchkey Runner instances that execute your workflow jobs, and to meter their usage for billing.
To detect, diagnose, and apply bounded fixes to failing build steps on Latchkey Runners, and to display the result of each heal attempt in the dashboard's Recent Heals view.
To analyze your repository structure and workflow YAML files in order to generate AI Scan runner configurations and surface optimization recommendations you can choose to apply via a Latchkey-created pull request.
To detect technical issues, security risks, or abuse of the Service.
To facilitate seamless plan transitions and automated billing via Stripe.
We do not sell, trade, or rent your personal data to third parties.
AWS hosts our application, database, and the compute that backs Latchkey Runners. Customer data and runner instances are kept in isolated environments.
Clerk handles authentication, including sign-in via GitHub OAuth. We do not see or store your GitHub credentials.
Stripe facilitates your subscription, seat, and runner-minute payments.
We use third-party large language model providers to power optimization insights, AI Scan runner configurations, and self-healing diagnoses. The data we send to these providers is limited to what's required for the request — for example, a failing step's stderr, exit code, and manifest files for self-healing — and never includes your source code. We do not authorize these providers to train their models on your data.
We use industry-standard security measures to protect your data: TLS 1.2 or higher for data in transit and AES-256 for data at rest. We do not store passwords or payment information.
Latchkey runs on AWS, which is SOC 2 compliant. Customer data and Latchkey Runner instances are kept in isolated environments with strict access controls, and Latchkey Runners are ephemeral — each runner is destroyed after the job it serves completes, so no data, artifacts, or state persists between jobs.
We retain data in an active status for up to one year after which it is transferred to cold storage. While historical analysis remains available, retrieval from cold storage may require additional time to load. You may request full data deletion at any time following the cancellation of your plan. Archived data is typically purged after five years unless otherwise required by law.
Depending on your location (e.g., GDPR, CCPA), you may have rights regarding access, correction, or deletion of your personal data.
Refer to the Data Sharing and Disclosure section for information about our infrastructure providers.
If you have questions about this Privacy Policy, please contact us at:
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a prominent notice on our platform.
We use cookies to improve your experience. Privacy Policy