Privacy Policy

Overview

GitRhythm ("we", "our", or "us") provides pull request analytics for GitHub repositories. This Privacy Policy explains how we collect, use, and protect your data.

Short version: We only access the data we need to provide our service. We never access your code, and we don't sell your data to anyone.

What Data We Collect

From GitHub

When you install our GitHub App, we collect:

• Pull Request Metadata: PR titles, numbers, states, creation dates, merge dates, authors, and reviewers
• Repository Information: Repository names, IDs, and visibility settings
• User Information: Your GitHub username, user ID, and email address (from your public GitHub profile or provided by GitHub OAuth for authentication)
• Organization Information: Organization names and IDs (if you install to an organization)

We do NOT collect: Source code, file contents, commit messages, or PR comments.

From Your Use of the Service

• Usage Analytics: Pages visited, features used, and session duration (using GoatCounter, a privacy-focused analytics service)
• Configuration Data: Business hours, holidays, and branding preferences you configure
• Email Communication: We may use your email address to send service notifications and important updates

How We Use Your Data

We use the collected data solely to provide and improve our service:

• Calculate Metrics: Analyze PR merge velocity and review times based on your business hours
• Display Dashboards: Show charts and insights about your team's PR activity
• Provide Exports: Generate CSV files of your metrics when requested
• Authenticate Users: Verify your identity via GitHub OAuth
• Improve the Service: Understand which features are used to prioritize development
• Customer Support: Respond to your questions and troubleshoot issues

We do NOT: Sell your data, share it with third parties (except as required by law), or use it for advertising.

Data Storage & Security

Where We Store Data

• Database: Your data is stored in a PostgreSQL database hosted on secure servers
• Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
• Access Controls: Database access is restricted to essential operations only

Security Measures

• GitHub App permissions limited to read-only access for pull requests and metadata
• All API tokens are stored securely and expire automatically
• Webhook signatures are validated to prevent unauthorized access
• Session cookies are HttpOnly and Secure in production

Data Retention

• While Using the Service: We retain your data indefinitely while you actively use GitRhythm
• After Uninstall: We retain your data for 30 days after you uninstall the app, then automatically delete it
• Early Deletion: You can request immediate data deletion at any time by emailing support@gitrhythm.com

Third-Party Services

We use the following third-party services:

• GitHub: For authentication and data access (see GitHub Privacy Policy)
• GoatCounter: For privacy-focused web analytics (see GoatCounter Privacy)

We do not share your data with these services beyond what's necessary for authentication and service operation.

Your Rights

You have the right to:

• Access Your Data: Request a copy of all data we store about you (CSV export available in-app)
• Correct Your Data: Update your business hours, holidays, and configuration settings at any time
• Delete Your Data: Uninstall the app or email us to request immediate deletion
• Export Your Data: Download your metrics as CSV files from the dashboard
• Opt-Out of Analytics: Use browser extensions or ad blockers to prevent analytics tracking

To exercise any of these rights, email us at support@gitrhythm.com

Cookies & Tracking

• Session Cookies: We use cookies to maintain your login session (essential for the service to work)
• Analytics: GoatCounter may set a cookie for visitor counting (no personal data tracked)
• No Third-Party Tracking: We do not use advertising cookies or cross-site tracking

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Updating the "Last Updated" date at the top of this page
• Sending an email to your registered email address (for material changes)
• Posting a notice on our website

Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data:

• Email: support@gitrhythm.com
• Website: gitrhythm.com