Providers where data is accessed and permissions requested

Slack

Slack application requires:

app_mentions:read, channels:history, channels:join, channels:manage, channels:read, channels:write.invites, chat:write, chat:write.public, conversations.connect:write, files:read, files:write, groups:read, groups:write, groups:write.invites, im:history, im:write, incoming-webhook, mpim:write, users:read, users:read.email

GitHub — Foam's app

Requires access to workflows, workflow runs, and artifacts through the actions scope; access to commit status checks; access to repository contents including commits, branches, downloads, releases, and merges; access to deployments and their statuses; access to discussions including related comments and labels; access to issues with comments, assignees, labels, and milestones; access to pull requests with comments, assignees, labels, milestones, and merges; and mandatory access to repository metadata and collaborator information.

GitHub events

Foam subscribes to repository and branch lifecycle events including create, delete, fork, public, and repository. It listens to issue lifecycle events including issues, issue comments, labels, milestones, and sub issues. It covers pull request lifecycle events including pull requests, pull request reviews, pull request review comments, and pull request review threads. It monitors deployment events including deployments, deployment reviews, deployment protection rules, deployment statuses, and deploy keys. It subscribes to workflow events including workflow dispatch, workflow jobs, and workflow runs. It also tracks status and commit activity including commit comments, commit statuses, and pushes. For security it listens to security advisory events. For collaboration it listens to discussions, discussion comments, wiki updates through gollum, and merge queue entries. For repository interactions it covers stars, watches, releases, and repository dispatch. Finally, for system and meta events it listens to installation target changes and meta events when the app itself is deleted or hooks are removed.

Providers where data is retained

AWS CloudWatch

1 week retention period. We store our application raw logs.

Elastic Cloud

180 days retention period. Stores structured searchable application logs.

ClickHouse

Foam uses ClickHouse for telemetry storage. Retention periods for telemetry data in ClickHouse are defined in each client's Master Services Agreement (MSA), unless the client requests a different arrangement in writing.

Braintrust

180 days retention period. Stores structured LLM threads. LLM threads may contain issue-event context, telemetry, and code.

MongoDB Atlas

Indefinite retention period. Used as our primary database. Error reports and Slack messages sent or replied to by Foam are stored.

AWS S3

Indefinite retention period. Because issue-event and telemetry payloads can be very large, we store them in S3. Stored to provide traces to your engineers via our application. Also stored to test regressions when engineers' feedback is provided.

AWS EC2 — GitHub whitelisted repositories

Retained as long as there are new application errors thrown by your company's application, otherwise deleted after 72 hours. GitHub repositories whitelisted by your company are stored on EC2 instances for Foam to explore the codebase and git history.

Providers where data is transmitted

LLM providers. All of these have a 0 data retention policy:

• Amazon Bedrock
• Google Vertex
• Microsoft Azure
• Anthropic
• OpenAI
• Perplexity

All of Foam's core features require the use of LLMs. Features included are:

• Issue Event grouping: Multiple application errors may all share the same root cause. Foam uses LLMs to determine their similarity.
• Timeline of code changes: Description provided to your company's engineers of the Git history along with metadata of an Issue Event.
• Error reports: Text documents used to describe the root cause analysis and solution of an error to your engineers. These can include code snippets.
• Code generation for pull request: Foam proposes solutions via GitHub pull request proposals, where your engineers can choose to generate and use.
• Issue Event severity: An estimation of how important an error is to your company.
• Slack message construction: Foam communicates severity and error reports via Slack to your engineers.

New features are likely to be developed too under this requirement.

Contact information

Privacy questions to perla@foam.ai.