Privacy Statement

Effective date: May 28, 2026

Introduction

Coreplane Labs operates the polylane.com website and the Polylane product, AI agents that monitor, diagnose, and remediate production software so engineering teams don't have to be on-call.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes Coreplane Labs' policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Data Protection Officer

Coreplane Labs has appointed an internal data protection officer for you to contact if you have any questions or concerns about our personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to our data protection officer. Our data protection officer's name and contact information are as follows:

How we collect and use (process) your personal information

From visitors to polylane.com

When you visit our marketing site or join the waitlist, we collect:

  • the name and email address you provide on the waitlist form;
  • if you sign in with GitHub: your GitHub username, GitHub user ID, and avatar URL;
  • approximate geographic information (country, city, region, timezone) derived from your IP address by our hosting provider, Cloudflare;
  • device and browser information (browser name and version, operating system and version, device type, user-agent string);
  • the referring URL that brought you to our site.

From users of the Polylane product

When you create an account and use the product, we additionally collect and process:

  • Account information: forename, surname, username, email address, the email domain (used to distinguish personal from corporate accounts), a hashed password if you sign up with email/password, and the authentication source you used (email, Google, GitHub, or CLI);
  • OAuth identities: the GitHub user ID and/or Google user ID associated with your account when you sign in through those providers;
  • Workspace and team data: your role in each workspace (owner, admin, member, read-only), who invited you, your last-active timestamp, and audit information about which user created or edited workspaces;
  • Invitations: the email addresses of people invited to a workspace and their invitation status;
  • Sessions: session identifiers and expiry timestamps, and, where an administrator impersonates a user for support, the impersonator's user ID;
  • Account-recovery secrets: short-lived email verification codes and password reset codes;
  • Billing: your Stripe customer ID and subscription ID. Card and payment details are collected and stored by Stripe, not by us;
  • Transactional email: the subject, body, and from/to/reply-to addresses of emails we send you (so we can render them in-product and audit delivery);
  • Notification preferences: your per-channel and per-event preferences for web and email notifications;
  • Onboarding profile: the job role, origin, and objectives you select during onboarding;
  • Integration identifiers: when you connect Slack, GitHub, Sentry, or other third-party services, we store the identifier of the user who set up the integration and, for Slack, a mapping between your Slack user ID and your Polylane user ID;
  • API keys and telemetry tokens: the user ID that owns each key or token, along with the key/token's own metadata;
  • Timestamps: creation, update, and deletion timestamps on the records above.

Customer content you connect to the product

When you use Polylane, you authorize us to access operational data from systems you connect, source code metadata, infrastructure configuration, logs, metrics, traces, alerts, incidents, and similar telemetry. This content may incidentally contain personal data (for example, a username appearing in a log line or an email address in a commit). We process this content as a data processor on your behalf, under your instructions and the terms of your service agreement with us, to detect incidents, diagnose root causes, and propose or apply remediations.

How we use this information

We use the data above to authenticate you, operate workspaces and collaboration features, communicate with you about the product, deliver notifications you've opted into, bill you, support integrations you've connected, provide customer support, prevent abuse, and improve the product.

We do not sell personal information to anyone, and we only share it with third parties who help us deliver the service (see third parties below). We do not use customer content to train foundation models.

Use of the polylane.com website

As is true of most other websites, polylane.com collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of polylane.com, including a history of the pages you view. We use this information to help us design our site to better suit our users' needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

Coreplane Labs has a legitimate interest in understanding how visitors, customers and potential customers use the website. This assists us with providing more relevant products and services, with communicating value to our partners, and with providing appropriate staffing to meet customer needs.

Cookies and tracking technologies

polylane.com uses minimal analytics. We use Plausible, a privacy-focused, cookieless analytics service that does not track you across websites and does not use any persistent identifiers. We do not use third-party advertising cookies or cross-site tracking technologies on our marketing website.

When you sign in to the Polylane product, we set a strictly necessary session cookie to keep you authenticated. This cookie is required for the service to function and is not used for tracking or advertising.

Use of Polylane services

When you use the Polylane product, we process the data you choose to connect to it, including source code metadata, infrastructure configuration, logs, metrics, traces, and alerts from the systems you authorize the product to access. We process this data to detect incidents, diagnose root causes, and propose or apply remediations on your behalf. Coreplane Labs acts as a data processor for this content, processing it under your instructions and the terms of your service agreement with us.

We do not use customer content to train foundation models. We may use aggregated, anonymized operational metrics to improve the reliability and quality of our service.

When and how we share information with third parties

The personal information Coreplane Labs collects from you is stored in databases hosted by Cloudflare. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, we engage third parties to send information to you, including information about our products, services, and events.

Current sub-processors include:

  • Cloudflare, hosting, edge infrastructure, database (D1), object storage (R2), and Durable Objects.
  • Anthropic and other large language model providers, AI inference for the Polylane product.
  • Stripe, payment processing and billing. Card and payment details are collected and held by Stripe, not by us.
  • GitHub and Google, OAuth authentication if you choose to sign in with those providers.
  • Slack, Sentry, and other observability/communication services, only when you explicitly connect them to your workspace.
  • Email delivery, error tracking, and product-analytics vendors used internally to operate the service.

An up-to-date list is available on request from privacy@polylane.com.

We do not otherwise reveal your personal data to non-Coreplane Labs persons or businesses for their independent use unless: (1) you request or authorize it; (2) the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (3) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (4) to address emergencies or acts of God; or (5) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf. We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, and/or other third parties for marketing or promotional purposes.

The polylane.com website connects with third-party services such as GitHub, LinkedIn, and X (Twitter). If you choose to share information from polylane.com through these services, you should review the privacy policy of that service. If you are a member of a third-party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.

Transferring personal data to the U.S.

Information we collect about you may be processed in the United States by our hosting and infrastructure providers. By using our services, you acknowledge that your personal information may be processed in the United States. The United States has not sought nor received a finding of "adequacy" from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, Coreplane Labs provides for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK. These clauses are kept current with the guidance of the European Data Protection Board.

Depending on the circumstance, Coreplane Labs also collects and transfers personal data with consent; to perform a contract with you; or to fulfill a compelling legitimate interest in a manner that does not outweigh your rights and freedoms. We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with us and the practices described in this Privacy Statement. We also enter into data processing agreements and standard contractual clauses with our vendors whenever feasible and appropriate.

For more information or if you have any questions, please contact us at privacy@polylane.com.

Data Subject rights

The European Union's General Data Protection Regulation (GDPR) and other countries' privacy laws provide certain rights for data subjects. Data Subject rights under GDPR include the following:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right of data portability
  • Right to object
  • Rights related to automated decision making including profiling

This Privacy Notice is intended to provide you with information about what personal data Coreplane Labs collects about you and how it is used.

If you wish to confirm that we are processing your personal data, or to have access to the personal data we may have about you, please contact us.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Coreplane Labs might have received the data from us; what the source of the information was (if you didn't provide it directly to us); and how long it will be stored. You have a right to correct (rectify) the record of your personal data we maintain if it is inaccurate. You may request that we erase that data or cease processing it, subject to certain exceptions. You may also request that we cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal data. When technically feasible, we will, at your request, provide your personal data to you.

Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.

For questions or complaints concerning the processing of your personal data, you can email us at privacy@polylane.com. Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or to your nation's data protection authority.

Security of your information

Coreplane Labs takes appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls based on least privilege, audit logging, regular review of access permissions, and secure software development practices. No method of transmission or storage is 100% secure, but we work to continuously improve our security posture.

Data storage and retention

Your personal data is stored on the servers of the cloud-based infrastructure providers Coreplane Labs engages, primarily Cloudflare. We retain service data for the duration of the customer's business relationship with us and for a period of time thereafter, to analyze the data for our own operations, and for historical and archiving purposes associated with our services. We retain waitlist and prospect data until such time as it no longer has business value and is purged from our systems. All personal data that Coreplane Labs controls may be deleted upon verified request from Data Subjects or their authorized agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at privacy@polylane.com.

Children's data

We do not knowingly attempt to solicit or receive information from children.

Questions, concerns, or complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at privacy@polylane.com.

← Back to home Last updated: May 28, 2026