Legal

Privacy Policy

Effective date: July 13, 2026 · Last updated: July 13, 2026

This Privacy Policy describes how ReleasePilot ("we", "us", "our") collects, uses, and protects information when you use our service at the official ReleasePilot website ("Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

If you do not agree with any part of this Privacy Policy, you must discontinue use of the Service immediately.


1. Information We Collect

Account Information: When you sign in via GitHub OAuth, we receive and store your GitHub username, email address, and GitHub user ID. We do not store your GitHub password.

Repository Information: When you connect a repository, we store the repository name, full name (owner/repo), GitHub URL, a webhook ID, and an HMAC-SHA256 webhook secret unique to your repository.

Commit Data: When GitHub sends a push event to our service via webhook, we receive commit messages, commit hashes, author names, and timestamps. We do not receive or store your source code.

Generated Content: We store the AI-generated release notes created from your commit messages ("Changelogs").

Payment Information: Payments are processed by Razorpay. We store only the Razorpay payment ID to confirm Pro plan status. We do not store credit card numbers, UPI IDs, bank account details, or any other sensitive payment information.

Usage Data: We may collect basic usage information such as pages visited and actions taken within the Service for the purpose of improving the Service. We do not use third-party analytics trackers.


2. GitHub OAuth Permissions

We request the following GitHub OAuth scopes:

  • repo — Required to register webhooks on repositories you connect.
  • read:user — Required to read your GitHub username and profile.
  • user:email — Required to read your email address for account identification.

We do not read, copy, store, or process your source code. We only receive commit messages through GitHub push event webhooks.


3. How We Use Your Information

  • To create and manage your account
  • To register and manage GitHub webhooks on your behalf
  • To generate AI-powered release notes from your commit messages
  • To display and publish your changelogs
  • To manage your subscription plan
  • To communicate with you regarding your account or the Service
  • To improve and maintain the Service

Commit messages received through connected GitHub repositories may be securely transmitted to third-party artificial intelligence providers solely for the purpose of generating release notes. We do not transmit your repository source code unless explicitly required by a future feature that you choose to enable.


4. How We Share Your Information

We do not sell, trade, rent, or otherwise transfer your personal information to third parties, except as described below:

  • Supabase: We use Supabase for database hosting and authentication. Your data is stored on Supabase servers.
  • Razorpay: Payment processing is handled by Razorpay. Their privacy policy governs the data they collect.
  • Vercel: Our Service is hosted on Vercel. Standard server logs may be collected by Vercel.
  • AI Providers: Commit messages may be securely transmitted to third-party artificial intelligence providers for the sole purpose of generating release notes. The specific provider(s) we use may change over time.
  • Legal Requirements: We may disclose your information if required by law, court order, or government authority.

We require all third-party service providers to maintain appropriate security standards and to use your information only for the purposes we specify.


5. Public Changelog Pages

When you connect a repository and push commits, release notes are published to a public URL in the format: /changelog/username/repo

These pages are publicly accessible to anyone with the URL. You are responsible for the content of your commits and the resulting generated release notes published on these public pages.

If you disconnect a repository, all associated changelogs are permanently deleted from our database and the public page becomes inaccessible.

You are solely responsible for ensuring that commit messages and AI-generated release notes do not contain confidential, proprietary, personal, or otherwise sensitive information before making them publicly accessible.


6. Data Retention

We retain your account information, repository information, subscription records, and generated changelogs for as long as your account remains active. Upon verified account deletion requests, we will delete or anonymize your information within 30 days unless longer retention is required by applicable law.

When you disconnect a repository, all changelogs associated with that repository are deleted immediately and permanently.


7. Data Security

We implement industry-standard security measures to protect your data, including:

  • HMAC-SHA256 signature verification on all GitHub webhook requests
  • Row-level security (RLS) on all database tables
  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Server-side API keys — secret keys are never exposed to the browser

While we implement reasonable administrative, technical, and organizational safeguards to protect your information, no method of transmission over the Internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security, and you acknowledge that you provide information and use the Service at your own risk.


8. Cookies and Sessions

We use session cookies strictly for authentication purposes. These cookies are necessary for the Service to function. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.


9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.


10. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate personal information
  • Request deletion of your personal information
  • Disconnect repositories and delete associated changelogs at any time
  • Revoke GitHub OAuth access at any time via GitHub Settings → Applications

To exercise any of these rights, contact us at our contact page.


11. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. When we make changes, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.


12. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us through our contact page.