Skip to Content
Security and PrivacyData Collection

Data Collection

We design our data collection to be purpose-built, minimal, and secure, with a focus on collecting only the metadata required to generate accurate metrics:

  • Metadata only: Our Git integrations collect metadata about your organization’s activity across repositories, pull requests, and deployments. We never read, transmit, or store source code.
  • Minimal PII: We store minimal personally identifiable information (PII) for organization members, such as name and email address.
  • Data encryption: Sensitive data, such as branch names and pull request titles, are always encrypted.

We partner with Drata, a continuous compliance platform, to monitor our security posture on an ongoing basis. Our SOC 2 Type 2 report, latest security and policy documents, continuous monitoring status, and list of subprocessors can all be found at our Trust Center .

Git Data

Our Git integrations collect only the metadata required to measure engineering activity and delivery. We request only the necessary permissions to analyze Git metadata. You can learn more about the scopes requested for GitHub, GitLab, Bitbucket, and Azure DevOps.

Organizations and Teams

To enable aggregation of metrics at the organization, team, or group level, we collect data about your organization structure:

  • Organization metadata, such as name, ID, and URL
  • Team metadata, such as name, ID, and URL

Members

For attributing Git activity to individuals, we collect limited member metadata:

  • Name, username, ID, and URL
  • Organization roles (e.g. admin, member)
  • Team memberships (e.g., GitHub Teams)
  • Publicly available location information from a user’s profile

Repositories

To understand where work occurs and how activity is distributed across projects, we collect repository metadata:

  • Name, URL
  • Visibility (public, private)
  • Branch names
  • Branch rules

Pull Requests

To analyze development activity, we collect pull request metadata:

  • Pull request title, ID, number, URL, status, labels, head branch, base branch, author, and change counts
  • Commit SHAs, timestamps, filenames, and change counts
  • Events (e.g. created, updated, closed, merged)
  • Review activity (e.g. commenting, assigned reviewers)

Deployments

For deployment tracking, we collect event metadata about workflows/pipelines, check runs, deployments, commit statuses, releases, and tags, including:

  • Name
  • Status
  • Completion and run time

AI Tools

We use AI tool metadata to understand adoption of AI-assisted development across your team and measure its impact on productivity when combined with Git data.

Usage Reports

We collect usage data from AI tools to measure adoption and engagement. This does not include the contents of AI interactions, such as chat prompts, responses, or code suggestions. While the data available varies by AI tool, common types of data we collect include:

  • Suggestion and acceptance metrics (counts, rates, lines)
  • Programming language and file type
  • Feature usage (e.g., autocomplete, chat, agent)
  • Model usage
  • Seat assignments

Team Members

For attribution and reporting, we collect limited user metadata:

  • Name
  • Email
  • Role (e.g., owner, member)

Cost Data

For tools that provide billing information, we collect license-level cost data:

  • License cost (GitHub Copilot only)

Planning Data

Planning data is imported through our integrations with project tracking tools such as Jira. We collect issue- and project-level metadata to help analyze work patterns, planning accuracy, and delivery trends. We do not access attachments, comments, or other free-form content beyond standard issue fields.

We subscribe to webhooks to stay in sync with changes to project data, such as issue updates or status transitions (for example, moving an issue from In Progress to Done).

Projects

To identify and organize work across project spaces, we collect basic project metadata:

  • Workspace name
  • Project name and key

Issues

To understand how work is planned, tracked, and completed, we collect issue metadata:

  • Issue name and key
  • Status, type, labels, and priority
  • Assignee
  • Story points
  • Associated project and sprint

Sprints

To analyze planning cycles and delivery timelines, we collect sprint-level metadata:

  • Sprint name and key
  • Status and target date
  • Associated project

Team Members

For attribution and reporting purposes, we collect limited user metadata:

  • Name
  • Email

User Enrichment

You can import additional information about team members to help create and manage group memberships, enabling team-level insights and cohort-based analysis (for example, comparing AI usage across teams or roles). You can choose which fields to upload, and providing this data is entirely optional.

Currently supported fields include:

  • Name
  • Role
  • Manager
  • Team
  • Department
  • Company
  • Location
  • Product Line
Last updated on
Code Time DataData Privacy