New
Introducing React Doctor for Enterprise
Menu
What Is React Doctor?
Quickstart
CLI to CI
How to Fix Issues
GitHub Actions Setup
Updating CI
Other CI Providers
Migrating to CI v2
Config Files
ESLint & oxlint Plugins
CLI Reference
GitHub Action Reference
Node.js API
Changelog
Modified MIT License
Terms of Service
Privacy Policy
Data Use
Security
Support
Rules reference

Data Use & Privacy Overview

Last updated June 22, 2026

If you have any questions or feedback, please email us at founders@million.dev. For more information about how we collect, use, disclose, and process personal data, see our full Privacy Policy.

This overview explains how React Doctor handles GitHub repository data while reviewing pull requests. React Doctor is a static analysis service for React code.

What React Doctor receives

When the GitHub App is installed or a supported pull request event occurs, GitHub sends React Doctor webhook data such as repository, installation, pull request, commit, and comment information. React Doctor uses a GitHub installation token to access the repositories selected for the installation.

How pull requests are analyzed

For each review, React Doctor downloads GitHub tarball archives for the pull request head and base revisions. Those archives are written to an isolated Vercel Sandbox, extracted, and analyzed with React Doctor, which compares diagnostics between the base and head revisions so it can report issues newly introduced by the pull request.

What React Doctor stores or publishes

React Doctor does not maintain a database of your source code. Repository archives and extracted files are used for the review run and the sandbox is stopped after analysis. Review output is posted back to GitHub as check run status, inline review comments, and a pull request summary comment. Those GitHub artifacts may include file paths, line numbers, diagnostic rules, diagnostic messages, project metadata such as framework or React version, and aggregate health scores.

Dashboard data

The dashboard uses GitHub installation data to show the repositories connected to React Doctor. It returns repository identifiers, full names, visibility, repository URLs, and the installation account login. Dashboard responses are sent with no-store cache headers.

Training and AI providers

Pull request reviews are produced by static analysis with React Doctor, not by an AI model provider, and the code in a reviewed pull request is not used to train models.

Separately, with your explicit opt-in, React Doctor's tools may contribute de-identified data derived from your code to help improve our products and services. This is off by default and can be turned off at any time, and we do not attempt to re-identify it. See our Privacy Policy for details.

Service providers

React Doctor uses GitHub to receive installation and pull request data and to publish review results. React Doctor uses Vercel Sandbox to run the isolated static analysis job. Operational logs may include errors and metadata needed to operate and debug the service.