Privacy Policy
Effective date: 2026-06-01
1. What We Collect
Account data: email address, hashed password (Argon2id), GitHub OAuth ID and login, GitHub personal access token (stored encrypted at rest via OS-level disk encryption).
Usage data: changelogs you generate (version string, markdown content), repository owner/name pairs you connect.
Billing data: Dodo Payments customer ID and subscription ID. We never store card numbers — payments are handled entirely by Dodo Payments.
Commit data: fetched from GitHub's API on demand and cached in memory for up to 5 minutes. Commit messages are sent to Anthropic's API for AI-enhanced summaries when enabled. We do not store raw commit data in our database.
2. How We Use It
- To authenticate you and maintain your session.
- To generate and store your changelogs.
- To process subscription payments via Dodo Payments.
- To send transactional emails (verification, password reset) via Resend.
3. Third-Party Services
- GitHub — repository and commit data (OAuth and API).
- Anthropic — AI changelog enhancement (commit messages are sent; no personal data).
- Dodo Payments — payment processing (merchant of record).
- Resend — transactional email delivery.
4. Data Retention
Your data is retained as long as your account exists. When you delete your account, all associated data (repos, changelogs, tokens, billing references) is permanently deleted immediately.
5. Your Rights
You may export your changelogs from the dashboard at any time (copy markdown). You may request deletion of your account via the Settings page or by emailing us. We will fulfill deletion requests within 30 days.
6. Security
Passwords are hashed with Argon2id. Tokens are stored as SHA-256 hashes. All data is transmitted over TLS. The database is encrypted at the filesystem level on production servers.
7. Cookies
We use a single essential cookie to keep you signed in — an HttpOnly session cookie holding a JWT. We do not use any tracking, advertising, or third-party cookies.
8. Children
The Service is not directed at children under 13. We do not knowingly collect personal data from children.
9. Changes
We may update this policy. We will notify you by email for material changes.
10. Contact
Privacy questions: hello@sizzlebyte.com.