GitWatchmanBETA

    Legal

    Privacy Policy

    This Privacy Policy describes how GitWatchman ("we," "us," or "our") collects, uses, and protects your personal information when you use our service.

    Effective Date: December 14, 2025
    Last Updated: February 27, 2026

    1. Introduction

    We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

    By using our service, you agree to the collection and use of information in accordance with this policy.

    2. Information We Collect

    We collect only the information necessary to provide our service and ensure its proper functioning.

    2.1 Personal Information

    • Email Address: For authentication, notifications, and account management
    • GitHub Profile: Username, avatar, and basic profile information
    • Account Preferences: Notification settings and monitoring preferences

    2.2 Google Account Data

    When you sign in with Google, we access the following data from your Google account via OAuth 2.0:

    • Email Address: Your Google account email, used for authentication and sending release notifications
    • Display Name: Your Google profile name, used to personalize your account
    • Profile Picture: Your Google avatar, displayed in the application interface

    We request only the minimum OAuth scopes necessary: email and profile. We do not request access to your Google Drive, Gmail, Calendar, or any other Google services.

    2.3 GitHub Repository Data

    • Repository Names: Only repositories you explicitly choose to monitor
    • Release Information: Version numbers, release notes, and publication dates
    • Monitoring Status: Active/inactive status and last check timestamps

    3. How We Use Your Information

    We use the collected information for the following purposes:

    • To provide and maintain our service
    • To notify you about changes to our service
    • To provide customer support
    • To monitor the usage of our service
    • To detect, prevent and address technical issues
    • To send you email notifications about new releases
    • To manage your repository monitoring preferences
    • To improve our service based on usage patterns

    4. Data Protection and Security

    We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

    4.1 Security Measures

    • HTTPS encryption for all data transmission
    • Secure authentication via GitHub and Google OAuth 2.0
    • Row-level security policies on database
    • Encrypted database storage

    4.2 Data Storage

    • Data stored in secure, encrypted databases (Supabase)
    • Automated backups
    • GDPR-compliant data handling practices
    • Data may be processed in the United States or European Union

    5. Data Sharing and Disclosure

    We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following circumstances:

    • With your explicit consent
    • To comply with legal obligations
    • To protect our rights and safety
    • In connection with a business transfer or merger
    • With trusted third-party service providers who assist in operating our service

    Third-party services we use include:

    • Google — Authentication via OAuth 2.0 (receives your email and profile data during sign-in)
    • GitHub — Authentication via OAuth 2.0 and public repository data access
    • Supabase — Database hosting and authentication infrastructure
    • Vercel — Application hosting and deployment
    • Sentry — Error monitoring and performance tracking (no personally identifiable information is sent)

    Each of these services has their own privacy policies governing how they handle data.

    6. Your Rights and Choices

    Under applicable data protection laws, you have the following rights:

    6.1 Data Access and Control

    • Access: Request access to your personal data
    • Rectification: Request correction of inaccurate data
    • Erasure: Request deletion of your personal data
    • Portability: Request transfer of your data
    • Objection: Object to processing of your data

    6.2 Account Management

    • View and edit your profile information
    • Manage notification preferences
    • Control repository monitoring settings
    • Export your data in JSON format
    • Delete your account and all associated data

    7. California Privacy Rights (CCPA/CPRA)

    If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

    7.1 Your California Rights

    • Right to Know: Request information about personal data we collect, use, and share
    • Right to Delete: Request deletion of your personal information
    • Right to Correct: Request correction of inaccurate personal information
    • Right to Opt-Out: Opt out of the sale or sharing of your personal information
    • Right to Non-Discrimination: Not be discriminated against for exercising your rights

    7.2 We Do Not Sell Your Data

    GitWatchman does not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising.

    7.3 Categories of Personal Information

    In the past 12 months, we may have collected the following categories of personal information:

    • Identifiers (email address, GitHub username)
    • Internet activity (repositories monitored, login history)
    • Geolocation data (approximate, based on IP address)

    7.4 How to Exercise Your Rights

    To exercise any of these rights, please contact us at contact@gitwatchman.com or through our contact page. We will respond to verifiable requests within 45 days.

    8. Data Retention

    We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

    • Account Data: Retained while your account is active
    • Repository Data: Deleted when you remove a repository or close your account
    • Usage Analytics: Anonymized after 2 years
    • Backup Data: Retained for 30 days for disaster recovery

    9. International Data Transfers

    Your data may be transferred to and processed in countries other than your own, including the United States where our service providers (Supabase, Vercel, GitHub) operate.

    By using our service, you consent to the transfer and processing of your data in the United States and other countries. We take reasonable steps to ensure your data is treated securely.

    10. Google API Services User Data Policy

    GitWatchman's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

    10.1 Data We Access from Google

    We access your Google account email address, display name, and profile picture solely for the purpose of authenticating your identity and creating your GitWatchman account.

    10.2 How We Use Google Data

    • To authenticate and identify you within the application
    • To send you email notifications about monitored repository releases
    • To display your name and profile picture in the application interface

    10.3 Storage and Retention of Google Data

    Your Google account data is stored securely in our encrypted database (Supabase) and retained only while your account is active. When you delete your account, all associated Google data is permanently removed.

    10.4 Sharing of Google Data

    We do not sell, share, or transfer your Google user data to any third party, except as strictly necessary for service operation (e.g., Supabase for authentication processing). We do not use Google user data for advertising, analytics profiling, or any purpose unrelated to providing the GitWatchman service.

    10.5 Limited Use Disclosure

    GitWatchman limits its use of Google user data to the practices explicitly disclosed in this Privacy Policy. Our use of Google user data is limited to providing and improving the core functionality of the GitWatchman service. We do not allow humans to read your Google user data unless required for security purposes, to comply with applicable law, or with your affirmative consent.

    11. Children's Privacy

    Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

    12. Contact Information

    If you have any questions about this Privacy Policy or our data practices, please contact us:

    Email: contact@gitwatchman.com
    Contact Page: www.gitwatchman.com/contact
    Response Time: Within 30 days for all requests

    13. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

    For significant changes, we will also send you an email notification at least 30 days before the changes take effect.

    FeaturesPrivacyTermsCookiesSecurityChangelogContact
    GitWatchman
    © 2026 GitWatchman ·Not affiliated with GitHub, Inc.·Created byGA