Effective Date: November 9, 2025
IssueTriage is a Visual Studio Code extension that helps teams assess issue readiness for implementation. This privacy policy explains what data is collected, how it's used, and your choices regarding data collection.
What we collect:
- Repository metadata (name, owner, issue lists)
- Issue content (titles, descriptions, comments, labels, assignees)
- Pull request history and commit data for risk analysis
- Your GitHub username and account information
How we use it:
- Display issues within VS Code
- Generate readiness assessments
- Calculate risk intelligence from historical data
- All GitHub data is accessed via your personal access token
Where it's stored:
- Locally on your machine in VS Code's storage
- Assessment results stored in local SQLite databases
- Risk profiles cached locally for performance
- Never transmitted to third parties except as described below
What we send:
- Issue titles and descriptions
- Repository context (when you run assessments)
- Historical risk data (when available)
How it's used:
- Generate AI-powered readiness assessments
- Extract keywords for machine learning features
API modes:
- Local mode: Your OpenRouter API key is stored securely in VS Code SecretStorage and used to call OpenRouter directly
- Remote mode (default): Requests are proxied through the IssueTriage Cloudflare Worker, which holds the API key server-side
Your API key:
- Stored securely using VS Code's built-in SecretStorage API
- Never logged or transmitted to any party except OpenRouter
- You can remove it anytime via the Sign Out command
What we collect:
- LLM request metadata (start time, end time, model used)
- Token usage statistics
- No personal information or issue content is sent
How it's used:
- Monitor LLM usage and costs
- Improve automation readiness insights
- Aggregate usage analytics
Opt-out:
Set issuetriage.telemetry.enabled to false in VS Code settings.
What we collect:
- Extension activation events
- Command usage (e.g., "assessment run", "issues refreshed")
- Error events (no sensitive data included)
- Feature usage patterns
How it's used:
- Understand which features are used
- Identify and fix bugs
- Improve the extension
Opt-out:
Set issuetriage.telemetry.enabled to false in VS Code settings.
- Assessment database:
~/.vscode/extensions/PredictabilityAtScale.issuetriage-*/globalStorage/ - Risk profiles: Same directory, separate SQLite database
- Session tokens: VS Code SecretStorage (encrypted by VS Code)
- Settings: VS Code configuration files
- No remote storage: IssueTriage does not maintain any user databases or remote storage
- Cloudflare Worker: Stateless proxy, does not log or persist requests
- Used for AI-powered assessments
- Subject to OpenRouter's Privacy Policy
- You can use your own API key for full control
- Used for repository and issue data access
- Subject to GitHub's Privacy Policy
- Authentication via OAuth device flow
- Optional telemetry service for LLM usage tracking
- Subject to UsageTap's Privacy Policy
- Can be disabled via settings
- All data is stored locally on your machine
- Delete extension data by:
- Uninstalling the extension
- Manually deleting the globalStorage directory
- Using the "Sign Out" command to clear credentials
- Disable telemetry: Set
issuetriage.telemetry.enabled: false - Use your own API key: Configure
issuetriage.assessment.apiKeyor use local mode - Disconnect GitHub: Use "Issue Triage: Sign Out" command
- Assessment data stored in SQLite format
- Export available via "Export Training Dataset" feature
- All data is readable with standard SQLite tools
- Credentials stored in VS Code SecretStorage (OS-level encryption)
- HTTPS for all external API calls
- Content Security Policy (CSP) on all webviews
- No hardcoded credentials in source code
- API keys managed via environment variables or secure settings
- HMAC state signing for OAuth flows
- Constant-time comparison for token validation
- Server-side secret management
- No request logging or persistence
IssueTriage is not directed at children under 13. We do not knowingly collect information from children.
We may update this privacy policy from time to time. Changes will be reflected in the extension repository and the effective date will be updated.
For privacy questions or concerns:
- GitHub Issues: https://github.com/PredictabilityAtScale/IssueTriage/issues
- Email: Create an issue on our GitHub repository
IssueTriage is open source (MIT License). You can review our data handling practices in the source code: https://github.com/PredictabilityAtScale/IssueTriage
Summary: IssueTriage stores data locally on your machine, uses your GitHub credentials to access repositories, and optionally sends issue content to OpenRouter for AI assessments. All telemetry can be disabled via settings.