Prilog
Product How it works Pricing Integrations Security Blogs
Sign in Start for free
Product How it works Pricing Integrations Security Blogs Sign in
Privacy Policy

Privacy Policy

// effective date — 12 June 2026

Company

Prilog.ai is operated by Prilog Inc. ("Prilog", "we", "us").

Contact

General: hello@prilog.ai
Support: support@prilog.ai
Privacy and legal: privacy@prilog.ai
Address: 2261 Market Street STE 12675, San Francisco, CA 94114, United States

Scope

This policy describes how we collect, use, and protect personal data for the Prilog.ai website, app, APIs, support, billing, and connected integrations.

1. Data we collect

Account data

Name, work email, role, and organization details provided when you request access or sign in.

Product usage data

Product interaction events, feature usage, device and browser details, and performance telemetry needed to run and improve the service.

Integration and customer content

Operational data you connect, such as logs, traces, metrics, error events, stack traces, repositories, code snippets, pull requests, tickets, alerts, and related configuration.

Integration credentials

OAuth grants, installation identifiers, API tokens, webhook settings, and other credentials or configuration needed to connect systems you authorize.

Billing data

Billing contact, legal name, country, tax identifiers, plan, usage, credits, invoices, receipts, and payment status. Payment methods are handled by our payment processor.

Support and communications

Messages you send through email, support chat, and product feedback channels, plus any survey responses you provide.

Website and locale data

Cookie or local storage preferences, approximate country or locale from IP lookup, referral details, and website analytics events.

2. How we use data

Provide the service

Deliver AI remediation workflows, correlate observability signals, draft fixes, and coordinate tickets, pull requests, and notifications.

AI remediation and review

Analyze connected signals and code context to produce summaries, suggested patches, test guidance, and review-ready workflow updates. Customer Data is not used to train foundation models or shared model-training datasets.

Integrations and routing

Sync data with source-control, observability, issue-tracking, chat, cloud, and support tools that you connect or instruct us to use.

Security and reliability

Monitor for abuse, maintain service reliability, and protect our infrastructure.

Billing and administration

Manage subscriptions, usage limits, credits, invoices, taxes, account administration, and customer communications.

Product improvement

Analyze usage and feedback to improve features, documentation, and customer experience, using aggregated or de-identified data where practical.

3. Legal bases (GDPR)

Contract

Processing required to provide the service and fulfill our agreement with you.

Legitimate interests

Operating, securing, and improving the service, balanced against your rights.

Consent

Marketing communications or optional analytics when required by law.

Legal obligations

Compliance with applicable laws, accounting, and regulatory requirements.

4. Sharing and subprocessors

Core service providers

We use vetted providers for hosting, analytics, support messaging, approximate locale detection, static font delivery, billing, SSO, and operational security.

Provider examples

AWS or other cloud infrastructure, PostHog EU analytics, Intercom support messaging, ipapi.co locale lookup, Google Fonts/static delivery, Stripe billing and payment processing where paid billing is used, and SSO providers such as Google, Microsoft, and GitHub when selected.

AI and model providers

OpenAI, Anthropic, or customer-configured/self-hosted Ollama-compatible endpoints may process prompts, outputs, and relevant context only to provide requested remediation workflows.

Customer-enabled integrations

Optional integrations include observability, logging, tracing, error monitoring, cloud logging, archives, event streams, source control, issue tracking, chat, notifications, and session-monitoring tools. Examples include Datadog, SigNoz, Grafana, New Relic, Sentry, Honeycomb, Splunk, Elastic, AWS, GCP, Azure, GitHub, GitLab, Bitbucket, Jira, Linear, Slack, Rollbar, Bugsnag, LogRocket, FullStory, Firebase Crashlytics, Instabug, and Embrace.

Business transfers

We may share data in connection with a merger, acquisition, or asset sale, subject to confidentiality.

5. Data hosting and transfers

EU-first processing

Prilog-controlled service data is hosted and processed in the European Union where available. Customer-enabled integrations, AI/model providers, and support or billing providers may process data in other regions based on your configuration or the provider's infrastructure.

Transfer safeguards

Where international transfers are required, we use appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.

6. Data retention

Retention periods

We retain account, usage, billing, support, and operational Customer Data for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.

Connected data and credentials

Integration tokens, credentials, and configuration are deleted or disabled when an integration is disconnected or when the account is terminated, subject to backup cycles and legal retention needs.

Deletion

Upon termination, we delete or return Customer Data according to the DPA, your settings, and your documented instructions.

7. Security

Safeguards

We maintain administrative, technical, and organizational measures including encryption in transit and at rest, monitoring, backups, incident response, vulnerability review, and secure development practices.

Access controls

Access to Customer Data is limited to authorized personnel on a need-to-know basis using role-based access, least privilege, audit logging, and secrets protection.

Shared responsibility

You are responsible for choosing integrations, limiting submitted data, protecting your own credentials, and reviewing generated fixes before deploying them.

8. Your rights

GDPR rights

You may access, correct, delete, or restrict processing of your personal data. You may also object or request portability.

Withdraw consent

You may withdraw consent at any time where consent is the legal basis.

Supervisory authority

You may lodge a complaint with your local data protection authority.

9. Cookies and analytics

Analytics and support

We use PostHog EU for analytics and Intercom for support messaging to understand usage, answer requests, and improve the service. We do not sell personal data.

Locale and fonts

We may use ipapi.co for approximate country or locale detection, browser storage for language preferences, and Google Fonts or static font delivery for page rendering.

Cookie controls

You can control cookies through your browser settings. Some features may not function without cookies.

10. Changes

Updates to this policy

We may update this policy and will post the updated version here with a new effective date.

Prilog © 2026 Prilog · Self-healing software
Terms of Service Privacy Policy Data Processing Agreement Status Blogs Contact
// built to heal systems, not to replace engineering judgment.