Legal
Privacy Policy
This policy explains what data GitLeads collects, how we use it, and the rights you have over your information.
Last updated: April 2026
1. Data We Collect
Account information
When you sign up via GitHub OAuth we receive your GitHub username, public email address (if set), avatar URL, and display name. We store these to identify your account.
GitHub public data
We index publicly available GitHub events — repository stars, forks, issue comments, pull request activity, and commit metadata — for repositories you choose to track. We never access private repository data without an explicit repo scope grant.
Usage analytics
We collect aggregate product-usage data (pages visited, features used, session duration) to improve GitLeads. This data is not sold or shared with third parties for marketing purposes.
Billing information
Payment is handled entirely by Stripe. GitLeads never stores raw card numbers. We retain subscription status, plan tier, and billing email.
2. How We Use Your Data
- Providing and improving the GitLeads product — lead discovery, signal processing, integration delivery.
- Billing and subscription management via Stripe.
- Product improvement through aggregated, anonymised usage analytics.
- Transactional email (account alerts, billing receipts, security notifications) — no marketing email without explicit opt-in.
3. Third-Party Processors
| Processor | Purpose |
|---|---|
| Stripe | Payment processing and subscription management |
| Vercel | Web application hosting and edge delivery |
| Supabase / Postgres | Database hosting and storage |
| GitHub | OAuth authentication and public data access |
4. Your Rights
Depending on your jurisdiction (GDPR, CCPA, and similar), you have the following rights:
- Right to access — Request a copy of all data we hold about you. Email privacy@gitleads.app.
- Right to deletion — Delete your account and all associated data from your settings page. All data is purged within 30 days.
- Right to portability — Export your data as JSON at any time from your account settings.
- Right to object — Object to processing for legitimate-interest purposes. Contact privacy@gitleads.app.
5. Cookies
GitLeads uses minimal, strictly-necessary cookies for authentication (session token) and security (CSRF). We do not use third-party advertising or tracking cookies. Anonymous analytics events are sent to our own infrastructure — no third-party analytics pixel.
6. Data Security
All data at rest is stored on Postgres with full-disk encryption. Data in transit is protected by TLS 1.3. OAuth tokens are encrypted with AES-256 before storage. Access is role-based with strict tenant isolation — your data is never commingled with other customers' data.
7. Data Retention
We retain your data as long as your account is active. On deletion, all data is purged within 30 days. Aggregated, anonymised analytics may be retained longer for product improvement.
8. Changes to This Policy
We will notify you of material changes via email or an in-app banner at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance.
9. Contact
Data / privacy enquiries: privacy@gitleads.app
See also: Ethics & Compliance and Terms of Service.