Privacy Policy

LaserOwl is operated by ControlFront (“we”, “us”, “our”). We provide a pre-flight enforcement platform that helps engineering teams govern how AI coding agents interact with their codebases. This Privacy Policy explains how we collect, use, and protect your information when you use our website, platform, and APIs (collectively, the “Service”).

Account information. When you sign in via GitHub OAuth, we receive your GitHub username, email address, avatar URL, and organization memberships. We do not store your GitHub access token beyond the duration of your authenticated session.

Repository metadata. Through our read-only GitHub App, we access commit history, file paths, contributor information, and branch metadata. We do not read, copy, or store file contents or source code.

Agent interaction logs. When AI agents query the LaserOwl API or MCP endpoint, we log the request metadata: agent identity, queried file paths, matched rules, and enforcement outcomes. These logs are stored for audit and compliance purposes and are accessible only to your organization.

Usage data. We collect standard analytics data including page views, feature usage patterns, browser type, and IP address. We use this data to improve the Service and do not sell it to third parties.

We use the information we collect to: (a) provide, maintain, and improve the Service; (b) generate findings and enforcement rules from your repository metadata; (c) produce audit logs and compliance reports for your organization; (d) communicate with you about your account, support requests, and product updates; and (e) detect and prevent fraud, abuse, or security incidents.

We do not sell your personal information. We may share data with: (a) service providers who assist in operating the Service (hosting, analytics, support tooling), subject to contractual obligations to protect your data; (b) law enforcement or regulatory bodies when required by applicable law; and (c) a successor entity in the event of a merger, acquisition, or asset sale, with prior notice to affected users.

Account data is retained for the duration of your account. Agent interaction logs are retained for the period specified in your organization’s plan (default: 12 months). Repository metadata used to generate findings is processed in memory and not persisted beyond the analysis window. Upon account deletion, we remove all associated data within 30 days, unless retention is required by law.

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), role-based access controls, and regular security audits. Access to production systems is restricted to authorized personnel and requires multi-factor authentication.

Depending on your jurisdiction, you may have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data; (d) object to or restrict certain processing; (e) receive a copy of your data in a portable format; and (f) withdraw consent where processing is based on consent. To exercise these rights, contact us at hello@laserowl.io.

We use essential cookies to maintain your authenticated session and theme preferences. We use analytics cookies to understand how the Service is used. You can disable non-essential cookies through your browser settings. The Service remains fully functional with only essential cookies enabled.

Your data may be processed in jurisdictions outside your country of residence. Where we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses approved by relevant authorities.

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on our website with an updated effective date. Your continued use of the Service after such changes constitutes acceptance.

For privacy-related inquiries or to exercise your data rights, contact us at hello@laserowl.io.