Legal

Privacy Policy

Last updated: March 4, 2026

1. Information We Collect

Account information. When you create an account we collect your name, email, and authentication credentials. If you sign in via GitHub or Google OAuth we receive your public profile and email from those providers.

Usage data. We automatically collect how you interact with the Service — pages visited, features used, repository activity, and timestamps — to improve the Service and diagnose issues.

Content data. We store the source code, binary assets, LFS objects, pull requests, reviews, and other content you upload, solely to provide the Service.

2. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To authenticate your identity and manage your account
  • To send transactional emails (password resets, security alerts, billing receipts)
  • To monitor and improve Service performance, security, and reliability
  • To respond to support requests
  • To enforce our Terms of Service and detect abuse
  • To comply with legal obligations

We do not sell your personal data. We do not use your repository content or code for advertising.

3. Data Storage and Security

Data is stored on servers in the United States. We use industry-standard security including encryption in transit (TLS), encryption at rest for sensitive data, and regular audits. LFS objects are stored in durable cloud storage with server-side encryption. No method of transmission or storage is 100% secure; you are responsible for safeguarding your credentials.

4. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. We do not use third-party advertising trackers. We may use privacy-respecting analytics to understand aggregate usage patterns.

5. Third-Party Services

We share limited information with authentication providers (GitHub, Google), our payment processor (for billing), and infrastructure providers (for hosting and storage) — only as needed to operate the Service.

6. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Contact us to exercise these rights.

7. Data Retention

We retain your data for as long as your account is active. On deletion we remove your content and personal data within a reasonable period, except where retention is required by law.

8. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect their personal data.

9. International Transfers

Your data may be processed in the United States. Where required, we rely on appropriate safeguards for cross-border transfers.

10. Changes to This Policy

We may update this policy. Material changes will be communicated via the Service or email, and the “last updated” date will change.

11. Contact

Questions about this policy? Reach us via the contact page.