Privacy Policy

Last updated: January 2026

This Privacy Policy describes how Polarity, Inc. (“Polarity,” “we,” “us,” or “our”) collects, uses, and shares information when you use the Paragon platform and related services (the “Services”), visit polarity.so, or otherwise interact with us.

If you are a customer using Paragon under an enterprise agreement, your organization's Data Processing Agreement (available at polarity.so/dpa) governs the processing of personal data you submit through the Services.

1. Information We Collect

1.1 Information You Provide

  • Account information. When you sign up, we collect your name, work email address, and organization name.
  • Billing information. If you subscribe to a paid plan, our payment processor (Stripe) collects payment details on our behalf. We store only a payment reference and billing address.
  • Communications. If you contact us by email or through support channels, we retain those communications.

1.2 Information Collected Automatically

  • Usage data. We collect information about how you use the Services, including pages visited, features used, timestamps, and session duration.
  • Log data. Our servers automatically record IP addresses, browser type, operating system, referring URLs, and error logs.
  • Cookies and similar technologies. We use cookies and similar technologies to maintain sessions, remember preferences, and understand how the Services are used. You can control cookies through your browser settings.

1.3 Code and Repository Data

When you connect a code repository to Paragon, we access and process source code, pull requests, commit history, and related metadata solely to provide the Services. We do not use your code to train AI models or for any purpose other than delivering the Services to you. See Section 4 for more detail.

1.4 Information from Third Parties

We may receive information about you from third-party services you connect to Paragon, such as GitHub, GitLab, or Bitbucket, limited to what is necessary to provide the integration you have authorized.

2. How We Use Information

We use the information we collect to:

  • Provide, operate, and improve the Services;
  • Authenticate users and maintain account security;
  • Process payments and manage subscriptions;
  • Send transactional communications, such as receipts, security alerts, and product updates;
  • Respond to support requests and inquiries;
  • Monitor for abuse, security threats, and technical issues;
  • Comply with legal obligations; and
  • Conduct internal analytics to understand how the Services are used in aggregate.

We do not use your information for advertising or sell it to third parties.

3. How We Share Information

We share information only as follows:

  • Service providers. We share information with third-party vendors who help us operate the Services, including cloud infrastructure, AI model inference, database hosting, and payment processing. These vendors are listed at polarity.so/subprocessors and are contractually bound to use information only to perform services on our behalf.
  • Business transfers. If Polarity is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
  • Legal compliance. We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Polarity, our users, or the public.
  • With your consent. We may share information for other purposes with your explicit consent.

4. Code and AI Processing

Paragon uses third-party AI model providers (including Anthropic, Google, and OpenAI) to power code review, test generation, and related features. When you submit code to Paragon:

  • Your code is transmitted to the relevant AI provider solely to generate the requested output.
  • We contractually prohibit AI providers from using your code to train or improve their models.
  • Code is not stored beyond what is necessary to deliver the response and maintain your account history within the Services.
  • You retain all intellectual property rights in your code.

For enterprise customers, processing details are set out in Exhibit A of your Data Processing Agreement.

5. Data Retention

We retain account and usage data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements. Code and repository data processed through the Services is retained only as long as necessary to provide the relevant features and is deleted upon account termination within sixty (60) days.

You may request deletion of your account and associated data at any time by contacting support@polarity.so.

6. Security

We implement technical and organizational measures to protect your information, including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and multi-factor authentication. We maintain a SOC 2 Type II attestation, available upon request at our Trust Center.

No security measures are perfect. If you discover a security vulnerability, please report it to support@polarity.so.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete your personal information, subject to our retention obligations;
  • Export your data in a portable format;
  • Restrict processing in certain circumstances;
  • Object to processing for certain purposes; and
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at support@polarity.so. We will respond within 30 days, or sooner where required by applicable law.

8. Canadian Privacy Rights

Polarity complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Quebec's Act respecting the protection of personal information in the private sector (Law 25). You have the right to access, correct, and request deletion of your personal information. To submit a request, contact our privacy office at support@polarity.so.

9. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or equivalent legislation applies to our processing of your personal data.

9.1 Lawful Basis for Processing

PurposeLegal Basis
Providing the Services and fulfilling your subscriptionPerformance of a contract (Art. 6(1)(b))
Processing payments and managing billingPerformance of a contract (Art. 6(1)(b))
Sending transactional communicationsPerformance of a contract (Art. 6(1)(b))
Monitoring for abuse, security threats, and technical issuesLegitimate interests (Art. 6(1)(f))
Internal analytics and product improvementLegitimate interests (Art. 6(1)(f))
Compliance with legal obligationsLegal obligation (Art. 6(1)(c))
Marketing communications (where applicable)Consent (Art. 6(1)(a))

9.2 Additional Rights Under GDPR

In addition to the rights described in Section 7, you have the right to:

  • Restrict processing (Art. 18) — request that we limit how we process your personal data in certain circumstances, such as while accuracy is contested or while an objection is pending;
  • Object to processing (Art. 21) — object to processing based on legitimate interests or for direct marketing purposes at any time; and
  • Withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact support@polarity.so. We will respond within 30 days.

9.3 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection supervisory authority at any time. A list of EEA supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office at ico.org.uk.

9.4 International Transfers

When we transfer personal data from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of protection (including the United States), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the applicable transfer mechanism. Our sub-processors are required to maintain equivalent safeguards. You may request a copy of the applicable SCCs by contacting support@polarity.so.

10. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. We do not sell personal information. You have the right to know what personal information we collect, request deletion, and opt out of sale (though we do not sell data). To submit a CCPA request, contact us at support@polarity.so.

11. International Transfers

Polarity is based in Canada and our infrastructure is operated in the United States and Canada. By using the Services, you acknowledge that your information may be transferred to and processed in these jurisdictions, which may have different data protection laws than your country of residence. We take steps to ensure appropriate safeguards are in place for any such transfers. EEA and UK users should refer to Section 9.4 for GDPR-specific transfer mechanisms.

12. Children's Privacy

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 16, we will delete it promptly.

13. Third-Party Links

The Services may contain links to third-party websites or integrations. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy at polarity.so/privacy and, where appropriate, by email. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact us at:

Polarity, Inc.

support@polarity.so

polarity.so

End of Privacy Policy · polarity.so/privacy · Last Updated January 2026