~/shiplog

← back

Privacy Policy

Effective date: 2026-06-01

1. What We Collect

Account data: email address, hashed password (Argon2id), GitHub OAuth ID and login, GitHub personal access token (stored encrypted at rest via OS-level disk encryption).

Usage data: changelogs you generate (version string, markdown content), repository owner/name pairs you connect.

Billing data: Dodo Payments customer ID and subscription ID. We never store card numbers — payments are handled entirely by Dodo Payments.

Commit data: fetched from GitHub's API on demand and cached in memory for up to 5 minutes. Commit messages are sent to Anthropic's API for AI-enhanced summaries when enabled. We do not store raw commit data in our database.

2. How We Use It

3. Third-Party Services

4. Data Retention

Your data is retained as long as your account exists. When you delete your account, all associated data (repos, changelogs, tokens, billing references) is permanently deleted immediately.

5. Your Rights

You may export your changelogs from the dashboard at any time (copy markdown). You may request deletion of your account via the Settings page or by emailing us. We will fulfill deletion requests within 30 days.

6. Security

Passwords are hashed with Argon2id. Tokens are stored as SHA-256 hashes. All data is transmitted over TLS. The database is encrypted at the filesystem level on production servers.

7. Cookies

We use a single essential cookie to keep you signed in — an HttpOnly session cookie holding a JWT. We do not use any tracking, advertising, or third-party cookies.

8. Children

The Service is not directed at children under 13. We do not knowingly collect personal data from children.

9. Changes

We may update this policy. We will notify you by email for material changes.

10. Contact

Privacy questions: hello@sizzlebyte.com.