Privacy Policy

Last Updated: February 4, 2026

1. Introduction

GitFuze ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Service.

2. Information We Collect

2.1 GitHub Account Information

When you authenticate with GitHub, we collect:

• GitHub username
• Email address (if public or granted via OAuth)
• GitHub user ID
• Profile information (name, avatar URL)
• GitHub access tokens (encrypted)
• Organization memberships
• Repository access permissions

2.2 Repository Data

For subscribed repositories, we collect:

• Commit history and metadata
• Author information (name, email, timestamp)
• Commit messages and diffs
• Branch information
• Repository metadata (name, owner, description)

2.3 Usage Data

We automatically collect:

• Chat queries and conversation history
• Repository subscriptions and preferences
• Time horizon selections
• Access logs and timestamps
• Error logs and debugging information

2.4 Technical Data

We may collect:

• IP addresses
• User agent strings (browser/device information)
• Session cookies
• Request metadata

3. How We Use Information

3.1 Service Delivery

We use your information to:

• Authenticate and authorize your access
• Clone and sync subscribed repositories
• Generate LLM-powered activity insights
• Display chat interfaces and dashboards
• Process your queries and preferences

3.2 Service Improvement

We use data to:

• Monitor service performance and reliability
• Debug errors and issues
• Optimize analysis algorithms
• Improve user experience

3.3 Communication

We may use your email to:

• Send service-related notifications
• Respond to support requests
• Notify of significant changes or security issues

4. Data Storage and Security

4.1 Storage Location

Your data is stored:

• On our servers with persistent disk storage
• In file-based YAML format (user data, preferences)
• As bare git clones (repository data)
• In local caches (analysis results)

4.2 Security Measures

We implement:

• Encrypted data transmission (HTTPS/TLS)
• Secure token storage and handling
• Access controls and authentication
• Regular security updates
• File system permissions and isolation

4.3 Data Retention

We retain data:

• Repository clones: While you maintain an active subscription
• User data: While your account is active
• Chat history: Configurable retention period
• Access logs: Up to 90 days

5. Data Sharing and Third Parties

5.1 Third-Party Services

We share data with:

GitHub

• Purpose: Authentication and repository access
• Data shared: OAuth tokens, API requests
• Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

Anthropic Claude API

• Purpose: LLM-powered analysis and insights
• Data shared: Repository activity data, chat queries
• Privacy Policy: https://www.anthropic.com/privacy

5.2 No Selling of Data

We do not:

• Sell your personal data to third parties
• Share data with advertisers
• Use third-party analytics or tracking services
• Monetize your repository data

5.3 Legal Requirements

We may disclose information if required:

• To comply with legal obligations
• To protect our rights or property
• To prevent fraud or security issues
• In response to lawful requests by authorities

6. Your Rights and Choices

6.1 Access and Export

You have the right to:

• Access your personal data
• Request a copy of your data
• Review chat history and preferences

6.2 Correction and Deletion

You can:

• Update your profile information via GitHub
• Delete repository subscriptions
• Request account deletion
• Revoke OAuth access at any time

6.3 Data Portability

You may request:

• Export of your chat history
• Copy of analysis results
• List of subscribed repositories

6.4 Opt-Out Rights

You can:

• Unsubscribe from repositories
• Disable webhook notifications
• Delete your account entirely

7. How to Exercise Your Rights

To exercise any of these rights:

1. Uninstall the GitFuze GitHub App from your account/organization
2. Revoke OAuth permissions in GitHub settings
3. Contact us directly for data deletion or export requests

8. Cookies and Tracking

8.1 Essential Cookies

We use essential cookies for:

• Authentication session management (NextAuth.js)
• Security (CSRF protection)
• User preferences

8.2 No Tracking Cookies

We do not use:

• Third-party tracking cookies
• Analytics cookies
• Advertising cookies
• Social media cookies

8.3 Cookie Control

You can control cookies through your browser settings, but disabling essential cookies may prevent the Service from functioning properly.

9. Children's Privacy

GitFuze is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users promptly
• Describe the nature of the breach
• Provide guidance on protective measures
• Report to authorities as required by law

12. Automated Decision Making

We use LLM (Claude) for automated analysis of repository activity. This processing:

• Generates insights and summaries
• Does not make decisions affecting your legal rights
• Can be reviewed and questioned by you

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy to reflect:

• Changes in our practices
• Legal or regulatory requirements
• Service improvements

13.2 Notification of Changes

When we make changes:

• We update the "Last Updated" date
• We increment the version number
• We require re-acceptance for continued use
• Significant changes may be communicated via email

13.3 Your Acceptance

Continued use after changes constitutes acceptance of the updated Privacy Policy.

14. GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under GDPR:

14.1 Legal Basis for Processing

We process your data based on:

• Contract performance (providing the Service)
• Legitimate interests (service improvement)
• Your consent (optional features)

14.2 Data Protection Officer

For GDPR-related inquiries, contact: [DPO contact information]

14.3 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

15. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what data is collected
• Right to deletion
• Right to opt-out of data sales (we don't sell data)
• Right to non-discrimination

16. Contact Information

For privacy-related questions or requests:

• Email: [Your privacy contact email]
• Address: [Your business address]
• Privacy Request Form: [URL if applicable]

To exercise your privacy rights:

1. Send email with "Privacy Request" in subject line
2. Include your GitHub username
3. Specify your request (access, deletion, export, etc.)
4. We will respond within 30 days

17. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

18. Data Minimization

We practice data minimization:

• Collect only necessary information
• Retain data only as long as needed
• Process data only for stated purposes
• Delete data when no longer required

19. Transparency

We are committed to transparency about:

• What data we collect
• How we use it
• Who we share it with
• How long we keep it

If you have questions about our privacy practices, please contact us.