Privacy Policy

We collect the minimum needed to run the service: your email address for authentication, workspace names and membership roles you create, and the GitHub repository names and pull request titles you connect. When you connect GitHub, we store the webhook secret and your repository selection — we never store your source code.

Your data is used solely to provide the service: authenticating you, routing PR summaries to the right workspace, and delivering Slack notifications you've configured. We use xAI (Grok) to generate PR summaries — only the PR title, description, and diff summary are sent; no code is transmitted.

We do not sell, rent, or share your data with third parties for advertising or marketing. Data flows only to the infrastructure providers that power the service: Supabase (database and auth), Vercel (hosting), Resend (transactional email), and xAI (AI summaries). All are bound by their own data processing agreements.

Your data is retained as long as your account is active. You can request deletion at any time by emailing hello@changelogger.com. On deletion, your entries, workspace memberships, and connected integrations are permanently removed.

All data is encrypted in transit via TLS. Authentication is handled by Supabase, which uses industry-standard session management. Database access is enforced at the row level — users can only read data they are authorized to see.

We use a single session cookie (managed by Supabase Auth) and an optional theme-preference cookie. No tracking or advertising cookies are used.

Questions about your data? Email us at hello@changelogger.com.