Your code never reaches us.

Most tools ask you to trust a promise: “we won’t look at your code.” Pyor removes the promise by removing the server. Your repositories, diffs, and pull requests are fetched straight from GitHub to your device — there is no Pyor-operated backend that receives, stores, proxies, or indexes them.

That changes the question you have to ask. Instead of “how well does Pyor guard the code it holds?” the answer is simply: it doesn’t hold it. The data that matters to you stays where it already was — on GitHub and on your own machine.

• Direct to GitHub. Every request for repo data goes from the app to GitHub, authenticated with your token.
• No code in transit to us. We never see your source, your diffs, or your review notes — there is no endpoint for them to hit.
• Local by default. Cached PR data and private review notes are written to your device, not uploaded.

Pyor authenticates to GitHub with a token you create and you scope. It is stored locally and never transmitted to Pyor:

You choose the scopes. Grant only the access your work needs, and revoke the token from your GitHub settings at any time — instantly cutting Pyor’s access without our involvement, because the grant was never ours to begin with.

The only personal data we process is what it takes to run a website and bill Teams. We practice data minimization: if we don’t need it to do one of those two things, we don’t collect it.

• Payments via Stripe. Card details go straight to Stripe. We store only a payment token and the last four digits — never the full card number.
• TLS everywhere. All traffic to the website and to GitHub is encrypted in transit.
• Accounts & billing only. Email, account, organization, and billing status — the records a paid product legally needs.

Full detail lives in the Privacy Policy and the Sub-processors list.

Because the product itself holds none of your code, the only thing we operate is a static marketing site and the billing integration. We keep that surface deliberately small and run it on reputable, managed providers rather than bespoke infrastructure.

• Least privilege. Access to the few systems we do run is limited to those who need it, and scoped to what the task requires.
• Dependency hygiene. We track the libraries we ship, watch for known advisories, and update promptly.
• Managed payments. Sensitive payment handling is delegated to Stripe, a PCI-compliant processor, rather than rebuilt in-house.

No method of transmission or storage is ever perfectly secure, and we won’t pretend otherwise. What we can say plainly is that the highest-value data — your code — is simply not in our custody.

If you believe you’ve found a security issue, we want to hear from you. Email security@pyor.review with enough detail to reproduce it — affected URL or build, steps, and impact. Our machine-readable contact is published at /.well-known/security.txt (RFC 9116).

We currently offer public recognition and our genuine thanks for valid reports rather than a paid bounty. We’ll be honest with you about that up front — and we’ll keep you posted as we fix what you find.

We don’t yet hold formal certifications — no SOC 2, ISO 27001, or PCI attestation of our own. We’d rather tell you that directly than imply a badge we haven’t earned.

Our strongest control isn’t a certificate; it’s the design: your code never reaches a server we run, so the most sensitive thing about your work is never in our hands. If that ever changes — if we add infrastructure that handles your data, or complete a formal audit — we’ll update this page to say so honestly.