Privacy Policy

How We Use Your Information

We use your information to:

• Provide our service: Generate changelogs from your Git commits
• Authenticate you: Verify your identity via GitHub OAuth
• Process payments: Manage your subscription via Stripe
• Improve our service: Analyze usage patterns to enhance features
• Prevent abuse: Enforce rate limits and detect fraudulent activity
• Communicate with you: Send important service updates (if necessary)
• AI Processing: Send commit messages to OpenAI for rewriting (anonymized, no personal identifiers)

Third-Party Services

ShipNotes integrates with the following third-party services:

Data Storage and Security

We implement industry-standard security measures to protect your data:

• Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
• Authentication: Secure GitHub OAuth with httpOnly cookies
• Database Security: Row-level security policies on all database tables
• Rate Limiting: Protection against abuse and unauthorized access
• Access Control: Backend uses service role keys with strict permissions
• Secure Logging: Sensitive data is automatically redacted from logs

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active
• Generated Changelogs: Stored indefinitely unless you delete them
• Usage Logs: Retained for up to 90 days for analytics
• Payment Records: Retained as required by law (typically 7 years)

Your Rights

You have the following rights regarding your data:

Cookies

We use strictly necessary cookies for:

• Authentication: Storing your GitHub access token (httpOnly, secure)
• Session Management: Maintaining your logged-in state

These cookies are essential for the service to function and are exempt from consent requirements under GDPR.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. Our service providers (Supabase, OpenAI, Stripe, Vercel) operate globally and maintain appropriate safeguards to protect your data.

Children's Privacy

ShipNotes is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last updated" date at the top of this policy
• Posting the new policy on this page
• Sending an email notification for material changes (if you've provided your email)

Your continued use of ShipNotes after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to rectification of inaccurate data
• Right to restriction of processing
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

Our lawful basis for processing your data is: (1) Contractual necessity to provide our service, and (2) Legitimate interest in improving our service and preventing fraud.

CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how we use it
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your rights