Compliance

Process mining privacy

Mining is useful only if the product can minimize what it stores and keep the output trustworthy.

Rules

  • Prefer derived metrics and aggregated events over raw source retention.
  • Redact secrets, tokens, credentials, and non-essential repository paths.
  • Treat source code content as transient input unless a retention policy explicitly says otherwise.
  • Remove or hash identifiers where they are not needed for analysis outputs.
  • Keep quality metadata so low-confidence analyses can be identified without exposing more source data.