Customer data policy

This document explains how Sourcegraph handles user data and information.

Product data

Source/platformSourcegraph CloudSelf-hostedHow long is this data kept for?Who has access?
Ping telemetry✔️Delete data for any instance that’s been offline for over 3 years. All active instance data are keptAll Sourcegraph teammates
Monitoring and observabiltity tools (Sentry, Honeycomb)✔️90 days (Sentry) and 60 days (Honeycomb)Engineering teams
Sourcegraph Cloud Postgres database✔️Retain indefinitely unless deletion request is receivedAnalytics and engineering teams
Sourcegraph.com event logs✔️Retain data for 1 yearAll Sourcegraph teammates
Amplitude✔️Retain indefinitelyAll Sourcegraph teammates
Google Analytics✔️Retain indefinitelyAll Sourcegraph teammates

Data pipelines

Source/platformSourcegraph CloudSelf-hostedHow long is this data kept for?Who has access?
Google Cloud Platform data pipeline (Buckets, Dataflow, Pub/Sub)✔️✔️These GCP services only manage the data pipelines for select data sources on this policy. GCP buckets follow the same rules as the data they backup (i.e. Sourcegraph.com data backed up in buckets is kept for a year)Analytics and engineering teams

User communications

Source/platformSourcegraph CloudSelf-hosted*How long is this data kept for?Who can access it?
HubSpot and Salesforce (CRM/marketing automation)✔️✔️Retain all customer informationAll Sourcegraph teammates
Communication tools (Jira, Productboard)✔️✔️Retain all inbound customer communicationAll Sourcegraph teammates
Slack shared channels✔️✔️Customer support channels and private messages are maintained indefinitely. See our full Slack retention policy for more informationAll Sourcegraph teammates
View full list of sales tools✔️✔️Retain all outbound customer communicationAll Sourcegraph teammates

*For self-hosted, Sourcegraph can only view instance admin and opted-in users’ contact information.

FAQs

Where is my data stored?

All outside tools listed above are cloud products and therefore the data is hosted by the service provider. All product data and any internally-built tools are stored in the Postgres database that hosts Sourcegraph Cloud, as well as data pipelines and warehouses in Google Cloud Platform.

Can Sourcegraph developers or admins see my private code?

No. Only you can see or edit your private code. Code host permissions are enforced and not even Sourcegraph’s admin accounts can see private code. Manage your permissions in the code host and they will be automatically replicated in Sourcegraph.

Can Sourcegraph developers or admins see my private settings and Sourcegraph configuration?

No. Only you can see or edit your private settings and Sourcegraph configuration.

Is my data encrypted?

Yes, our dedicated security team follows best-practices for data encryption, both at-rest and in-transit. The following documents outline our practices in details:

If you have further questions, reach out to us at [email protected].

What is my private data used for?

Your in-product data (e.g. your user settings) are used to deliver you the product. This data is not accessible by most Sourcegraph teammates (see ‘Can you see my private code?’). All other non-sensitive, personally identifiable information and product usage data is used to support our teams in delivering and improving Sourcegraph for you and your team.