Back to MergeMole

Privacy Policy

Last updated: July 2, 2026

1. Overview

MergeMole is built so that we never see your data. The App has no accounts, runs no backend of ours, and includes no analytics or telemetry. Your pull request data moves directly between your Mac and the services you choose to connect (GitHub, and optionally an AI provider). This policy describes what the App stores, where data goes, and how to remove all of it.

2. What the App stores on your Mac

  • Your GitHub token, stored in the macOS Keychain. It is never written to plain preference files and never sent anywhere except to GitHub itself.
  • A local cache of pull request data and AI verdicts (summaries, priorities, effort estimates), stored on your disk so the App does not re-evaluate unchanged pull requests.
  • Your preferences, such as appearance, tabs, and refresh settings.

All of this stays on your Mac. None of it is transmitted to us.

3. GitHub

The App connects directly from your Mac to GitHub's API using the personal access token you provide, to fetch the pull requests that involve you. That traffic is between you and GitHub and is governed by GitHub's own privacy statement. The App only reads pull request data; it never writes to your repositories.

4. AI triage

The App offers three AI modes:

  • On-device (the default). Triage runs locally using Apple's Foundation Models. Nothing is sent to Apple, to us, or to anyone else.
  • Your own provider (optional). If you connect an AI provider of your choice, the App sends it a compact plain-text description of each pull request, directly from your Mac to the endpoint you configured. That description contains the pull request's title, repository name, author, branch names, age, draft status, review state, CI status, line and file counts, merge conflict state, review activity counts, labels, and description. It never contains your file contents, your diffs, or raw GitHub API responses. Once sent, that data is handled under your provider's terms, not ours; we never receive or see it.
  • Off. No AI runs and no pull request data is processed by any model.

5. What we never collect

We do not collect, receive, store, sell, or share any of your data. Specifically, the App contains:

  • no analytics or usage tracking,
  • no telemetry or crash reporting,
  • no advertising or third-party SDKs,
  • no account system of ours.

We never see your code, your pull requests, your token, or your AI verdicts.

6. The website, downloads, and updates

The Site is a static website with no cookies, no analytics scripts, and no tracking. When you download the App, check for updates, or when the Site loads release notes, your device or our Site contacts our download host. Like any web request, this can expose standard technical details (such as an IP address) to the hosting infrastructure, which may keep routine server logs. We do not use those requests to identify or profile you.

7. Data retention and deletion

We retain nothing, because we hold nothing: there is no server-side copy of your data to delete. Everything the App knows lives on your Mac, and you can remove it at any time:

  • Settings → Reset wipes the stored token, cached verdicts, and all preferences, returning the App to a clean state.
  • Deleting the App removes it from your Mac.
  • Revoking the token in your GitHub settings ends all API access immediately.

8. Changes to this policy

If the way the App handles data ever changes, we will update this policy and its "last updated" date before the change ships. The current version will always be posted on this page.

9. Contact

Questions about privacy? Reach out at awln.dev.