Security &
Privacy FAQ
Short answers for how AlloyQA handles ticket content, PR/MR diffs, workflow automation, saved reviews, team memory, analytics, and source code access.
What happens to my ticket content?
AlloyQA processes issue details, linked context, QA coverage, and where enabled, PR/MR metadata, diffs, changed files, and test-change signals to generate workflow reviews, implementation checks, suggested updates, open decisions, and QA coverage.
AlloyQA only accesses the specific tickets in Jira or Linear that enter your configured status-triggered workflows, tickets your team explicitly selects for review, or PRs/MRs connected to finalized AlloyQA plans.
Does AlloyQA scan my entire backlog?
No. AlloyQA only reviews tickets that match the workflow statuses your workspace configures, or tickets your team explicitly opens or requests for review. It does not crawl your entire backlog by default.
What does AlloyQA access for Implementation Check?
When Implementation Check is enabled, AlloyQA reads PR/MR metadata, changed files, diffs, and whether tests changed. It compares those changes against the finalized ticket and QA coverage plan.
AlloyQA posts one implementation check comment when configured to do so. The comment shows whether the implementation is aligned, needs review, or has insufficient context.
Does AlloyQA update tickets or post PR/MR comments automatically?
No. AlloyQA does not silently rewrite tickets. It may post short review comments or implementation check comments when workflow automation is enabled, but ticket content updates are written back only after your team approves them.
You can preview suggested updates and answer open decisions before changes are synced back to Jira or Linear.
When is a review saved?
Workflow reviews are saved when AlloyQA generates them from a configured Jira or Linear status change. Implementation checks may be saved when AlloyQA compares a PR/MR against a finalized ticket and QA plan.
Approved updates, answered decisions, final ticket snapshots, QA coverage, and implementation check results may be saved to preserve review history and team memory.
What does AlloyQA remember?
Team memory is built from approved ticket updates, answered decisions, QA coverage, and bug or implementation patterns. AlloyQA does not turn every AI suggestion into memory automatically.
This ensures that future reviews are guided by real, human-approved rules and verified bug patterns rather than unverified AI assumptions.
Is my ticket data used to train AI models?
No. AlloyQA does not use your ticket content, PR/MR diffs, workflow reviews, implementation checks, approved updates, answered decisions, or QA coverage to train AI models.
We process all data using enterprise agreements (such as Google Cloud Vertex AI) that strictly prohibit customer data from being used to train foundation models.
Does AlloyQA need source code access?
Ticket readiness reviews and QA coverage do not require source code access. AlloyQA reviews issue titles, descriptions, acceptance criteria, comments, and linked metadata for those workflows.
Implementation Check uses PR/MR metadata, changed files, diffs, and test-change signals when GitHub or GitLab is connected. It does not scan your entire repository by default.
Can I delete saved reviews and memory?
Yes. Saved reviews, approved updates, implementation check results, and accumulated team memory can be deleted at any time by your workspace administrators.
You can also request complete workspace or account deletion by contacting privacy@alloyqa.com.
What analytics does AlloyQA use?
AlloyQA uses cookieless analytics for page visits and core product actions. We do not use session replay, heatmaps, ads, or ticket content for analytics.