Privacy and Security

How Lithium handles your data.

What Lithium stores

Lithium only stores the decisions you create. Each decision has a title, content, version history, and which cluster it belongs to. That's it.

No source code is stored. No repository contents are cloned or retained.

Manual mode

When you use Lithium without GitHub integration, the only data that touches our servers is:

  • Your GitHub identity (for authentication)
  • Your organization name and member list
  • The decisions you write

Your codebase, files, and local environment are never accessed.

GitHub integration

When you connect the GitHub App, Lithium receives webhook events for merged pull requests. PR content (title, description, diff, comments) is processed to extract engineering decisions.

  • PR content is processed in transit and not retained after extraction
  • Only the resulting decisions are persisted
  • Only merged PRs are processed
  • You control which repositories Lithium can access
  • You can disconnect at any time from GitHub's Installed Apps settings

GitHub integration is optional. You can use Lithium entirely in manual mode with no external data processing.

MCP

The MCP server at getlithium.ai/api/mcp only serves decisions back to your AI tool. It does not read your codebase, files, or editor contents. Your AI tool calls Lithium, not the other way around.

Authentication

Lithium uses GitHub OAuth for authentication. No passwords are stored. Sessions are managed via secure tokens.

Questions

If you have specific data handling questions, contact us at jackson@getlithium.ai. For the full legal privacy policy, see getlithium.ai/privacy.

Decisions

The rules and conventions your AI tools follow.

On this page

What Lithium storesManual modeGitHub integrationMCPAuthenticationQuestions