Compliance
Process mining privacy
Mining is useful only if the product can minimize what it stores and keep the output trustworthy.
Rules
- • Prefer derived metrics and aggregated events over raw source retention.
- • Redact secrets, tokens, credentials, and non-essential repository paths.
- • Treat source code content as transient input unless a retention policy explicitly says otherwise.
- • Remove or hash identifiers where they are not needed for analysis outputs.
- • Keep quality metadata so low-confidence analyses can be identified without exposing more source data.