React Doctor
GitHubX (Twitter)

Data Use & Privacy Overview

Last updated Dec 13, 2024

If you have any questions or feedback, please email us at founders@million.dev. For more information about how we collect, use, disclose, and process personal data, see our full Privacy Policy.

This overview explains how React Doctor handles GitHub repository data while reviewing pull requests. React Doctor is a static analysis service for React code.

What React Doctor receives

When the GitHub App is installed or a supported pull request event occurs, GitHub sends React Doctor webhook data such as repository, installation, pull request, commit, and comment information. React Doctor uses a GitHub installation token to access the repositories selected for the installation.

How pull requests are analyzed

For each review, React Doctor downloads GitHub tarball archives for the pull request head and base revisions. Those archives are written to an isolated Vercel Sandbox, extracted, and analyzed with React Doctor. React Review compares diagnostics between the base and head revisions so it can report issues newly introduced by the pull request.

What React Doctor stores or publishes

React Doctor does not maintain a database of your source code. Repository archives and extracted files are used for the review run and the sandbox is stopped after analysis. Review output is posted back to GitHub as check run status, inline review comments, and a pull request summary comment. Those GitHub artifacts may include file paths, line numbers, diagnostic rules, diagnostic messages, project metadata such as framework or React version, and aggregate health scores.

Dashboard data

The dashboard uses GitHub installation data to show the repositories connected to React Doctor. It returns repository identifiers, full names, visibility, repository URLs, and the installation account login. Dashboard responses are sent with no-store cache headers.

Training and AI providers

React Doctor does not use repository code to train models, and pull request analysis is not sent to an AI model provider. Reviews are produced by static analysis with React Doctor.

Service providers

React Doctor uses GitHub to receive installation and pull request data and to publish review results. React Doctor uses Vercel Sandbox to run the isolated static analysis job. Operational logs may include errors and metadata needed to operate and debug the service.