Data Handling
What We Store
| Data Type | Stored Where | Purpose |
|---|---|---|
| User profile | profiles table | GitHub ID, email, display name, plan, usage counters |
| API keys | user_keys table | AES-256 encrypted keys for AI providers |
| Task metadata | tasks table | Description, status, cost, model used, timestamps |
| Agent trajectories | agent_log table | Tool calls, responses, iteration count (for Data Moat) |
| Scan findings | scans + scan_findings | Vulnerability data from Semgrep analysis |
| Repo profiles | repo_profiles table | Detected stack, auto-generated .ai-agent.yml, stats |
| Integration config | integrations table | Webhook settings, threshold, mapped repository |
What We Never Store
- Source code — Cloned into ephemeral Docker container, destroyed after task
- Plaintext API keys — AES-256 encrypted before storage
- Git credentials — Only short-lived Installation Access Tokens (60 min)
- Full webhook payloads — Only the normalized
ErrorEventfields are stored
Retention Policies
| Data | Retention |
|---|---|
| Task metadata | Indefinite (until account deletion) |
| Agent trajectories | Indefinite (pending → golden after 14 days, or pruned) |
| Scan findings | Indefinite |
| Public scan results | 30 days (GDPR compliance) |
| Cron job audit trail | 30 days |
| Docker containers | Destroyed immediately after task |
Data Moat Lifecycle
- Pending — Agent trajectory stored after task completion
- Validation — 14-day survivorship watch (PR not reverted, no regressions)
- Golden — Promoted if validation passes. Used cross-tenant to improve accuracy.
- Pruned — Removed if the PR was reverted or regressions were detected
Golden data contains: task type, stack fingerprint, file paths, tool call patterns, and the patch diff. It does not contain full source code.
Account Deletion
Contact support@eiryx.com for full account and data deletion. This removes:
- Your profile and all associated data
- All tasks, scans, integrations, and repo profiles
- Encrypted API keys
- Agent trajectories (including golden data you contributed)
Deletion is permanent and irreversible.