Live streamJoin us for "State of code review 2024" on July 18thRegister today
Background gradient
Background gradient

Privacy & security

Privacy & security

Hundreds of top companies trust Graphite with access to their GitHub repos. We’re regularly pen-tested and SOC2 compliant.

Built with security in mind

We keep your reviews safe and your code safer.

Best practices

We follow industry standard practices around employee training and background checks, MDMs, on-call, etc.


Because we use GitHub authentication, when you remove a user from your GitHub we’ll immediately sync that as well.

SOC2 Compliant

We are SOC2 Type II compliant. Reach out to for a copy of the audit reports.


In transit, at rest, and in our DB. Using industry standard HTTPS 1.2 and AES-256. GitHub API tokens are encrypted with additional keys protected via hardware-protected secrets.


Both continuously by a suite of tools and annually by independent third-parties. Contact us to request a report.


Hosted on AWS and built for scale, our system is resilient to downtime.

Background gradient
Background gradient
Background gradient
Background gradient

Everything we do to keep your code secure can’t fit on a page.

Email our team
  • Acceptable use policy
  • Access control and termination policy
  • Business continuity and disaster recovery plan
  • Change management policy
  • Code of conduct
  • Configuration and asset management policy
  • Data classification policy
  • Data protection, retention, and disposal policy
  • Encryption and key management policy
  • Information security policy
  • Internal control policy
  • Network security policy
  • Physical security policy
  • Performance review policy
  • Risk assessment and treatment policy
  • Security incident response plan
  • System audit policy
  • Vendor management policy
  • Acceptable use policy
  • Vulnerability and patch management policy

Privacy policy

Last Modified: July 2023

This Privacy Policy (“Privacy Policy”) for Screenplay Studios Inc. dba Graphite (“Company”, “we”, “us”, “our”) describes how we collect, use and disclose information about visitors of the Company’s website (the “Website”), and any content, tools, features and functionality offered on or through our Website are collectively referred to herein as the “Services.” For the purposes of this Privacy Policy, “you” and “your” means you as the user of the Services.

Please read this Privacy Policy carefully. If you do not want information about you used as described in this Privacy Policy, please do not access or use the Services.

We may modify this Privacy Policy from time to time in which case we will update the “Last Modified” date at the top of this Privacy Policy. The updated Privacy Policy will be effective as of the time of posting, or such later date as may be specified in the updated Privacy Policy. If we make material changes we will notify you and/or take other steps as required by applicable law. If you do not agree to any updates to this Privacy Policy, please do not access or continue to use the Services.

In order to provide you with the Services, we may ask you to provide us with certain details or information about you. Information that you submit through the Services are:

Contact information: Name and email address. We collect basic contact details to communicate with you, provide you with the Services, respond to your queries, personalize the Services for you, improve and enhance our Services, market to you, and conduct research and analytics.

Professional information: Company name, division, job title, and other professional information. We collect such information to explore business opportunities and provide the Services to you and existing or prospective businesses.

Information about your use of the Services: Interaction and feedback regarding the Services, including features, search queries within the Services, and certain interactions you make via the Services, such as loads and batches run. We collect this interaction and feedback to provide you with the Services, improve and enhance our Services, conduct research and analytics, and for security purposes.

Any other information you choose to provide: This includes product reviews, code review, and any information you provide to us, for example, when communicating with us.

Our Services may require you to enter certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing the Services.

We may obtain information about you from the following third party sources:

Service providers and other similar entities: They collect information, such as your contact information, profile picture, and your affiliated company information, as applicable, on our behalf to provide our Services.

Your employer: Your contact information in order to provide you with access to the Services, market to you and your organization, and for security purposes.

Social networking platforms: Your contact information and information you post on social networking platforms (e.g., LinkedIn) when you have a publicly-available profile containing information about yourself. We use this information to network with you, advertise to you, and seek business opportunities. In addition, if you interact with us on social media, we will collect information about those interactions.

Other third parties: You may choose to elect that certain third parties share information with us, for example, when you choose to access the Services through another service, such as through Single Sign-on (e.g., GitHub, GitLab, BitBucket) or link any social media platforms to your account.

Any information we receive from outside sources will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices. See Section 5 below for more information.

We also automatically collect certain information about your interaction with the Services (“Usage Data”). To do this, we may use cookies, web beacons/clear gifs, and other tracking technologies (“Tracking Technologies”), including Segment and Google Analytics, to provide and enhance the performance of our Services, facilitate and enhance user experience, monitor and analyze trends, usage and activities in connection with the Services and conduct internal research and development. For further information about Google Analytics, please click here.

We collect the following kinds of Usage Data:

Unique device identifier;
Device type, such as your phone, computer, or tablet;
IP address;
Browser type;
Date and time stamps, such as the date and time you first accessed the Services;
Operating system;
Log data;
Number of visits;
Language of device;
Geolocation; and
Other information regarding your interaction with the Services.

We use the Usage Data we collect automatically to:

Improve and provide the Services;
Run analytics; and
Better understand user interaction with the Services.

In addition to the foregoing, we may use all of the above information to:

Create anonymized and aggregated data sets that we may use for a variety of functions, including research, internal analysis, analytics, and other functions;
Comply with any applicable legal obligations;
Detect, investigate, and prevent activities that may violate our policies or be illegal;
Enforce any applicable terms of use; and
Protect or defend the Services, our rights, the rights of our, users or others.

In certain circumstances, we may share information about you with third parties. Such circumstances may include:

With vendors or other service providers, such as:

Data analytics vendors;
Data storage providers;
Email vendors; and
Security vendors

When you request us to share certain information with third parties, such as through your use of social media widgets or login integrations.

With our affiliates or otherwise within our corporate group.

To comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.

In connection with an asset sale, merger, bankruptcy, or other business transaction.

To enforce any applicable terms of service.

To ensure the safety and security of the Company and/or its users.

When you request us to share certain information with third parties, such as through your use of social media widgets or login integrations.

With professional advisors, such as auditors, law firms, or accounting firms.

You acknowledge that such sharing of information may occur in all of the aforementioned circumstances and is permitted by and subject to this Privacy Policy and applicable law.

Do Not Track Signals

Your browser settings may also allow you to transmit a “Do Not Track” signal when you visit various websites. Like many websites, our Services are not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, you can visit

Cookies and Other Tracking Technologies

We use cookies and other Tracking Technologies to collect information about your browsing activities over time and across different websites following your use of our Website and Services. Cookies allow us to recognize, associate certain analytical information, and count the number of users and to see how our Services are used. This helps us to improve our Services and the way it works. You can find more information about cookies and how to manage them through your browser settings.

You may control the way in which your devices permit the use of Tracking Technologies. If you so choose, you may block or delete our cookies from your browser; however, blocking or deleting cookies may cause some of the Services, including general functionality, to work incorrectly. Most browsers accept cookies automatically.

Please note that any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Any information you send us through any means is transmitted at your own risk. We retain your information for as long as is reasonably necessary for the purposes specified in this Privacy Policy. When determining the length of time to retain your information, we consider various criteria, including whether we need the information to continue to provide you the Services, resolve a dispute, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or protect ourselves, including our rights, property or products.

You may request to access, transfer or delete any personal information we hold about you by contacting us at the email set forth below.

The Services are provided from and in the United States. When you access the Services, information about you will be subject to U.S. data privacy laws.

If you would like to reach out to ask questions regarding information about you that we collect or other questions about this Privacy Policy or your rights, you can email us at

Get started with a free
Graphite account today