Privacy Policy

Last updated: March 15, 2026

1. Introduction

GitShip (“we,” “our,” or “us”) operates the GitShip platform accessible at gitship.dev (the “Service”). This Privacy Policy explains how we collect, use, store, share, and delete your personal information when you use our Service.

2. Information We Collect

We collect the following categories of information:

  • Account information: Name, email address, and profile picture provided through third-party OAuth authentication (LinkedIn, X, Google, Threads, Reddit).
  • Connected platform data: OAuth access tokens and refresh tokens for connected social media accounts, stored encrypted at rest.
  • GitHub data: Repository names, commit messages, pull request titles, release notes, and issue titles from repositories you explicitly connect.
  • Content you create: Post drafts, scheduled content, media files uploaded to our Service.
  • Usage data: Publishing activity, platform selection, and scheduling patterns to provide analytics.

3. How We Use Your Information

  • To authenticate you and provide access to the Service.
  • To publish content on your behalf to connected social media platforms.
  • To generate AI-adapted content using your GitHub activity and post content via the Anthropic Claude API. We send only the content you create or approve, not your personal data.
  • To display analytics about your posting activity.
  • To store and manage your media files via Cloudinary.
  • To send you notifications about scheduled posts, publishing status, and token expiry.

4. Data Storage and Retention

  • Account data and post content are stored in our PostgreSQL database hosted on infrastructure secured with encryption at rest and in transit.
  • OAuth tokens are stored encrypted and are automatically refreshed or invalidated as needed.
  • Media files are stored via Cloudinary and are deleted from Cloudinary when you remove them from the Service.
  • LinkedIn member social activity data is retained for no more than 48 hours in compliance with LinkedIn API Terms of Use.
  • You may delete your account and all associated data at any time from your account settings. Deletion is permanent and irreversible.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Social media platforms (LinkedIn, X, Threads, Reddit) when you publish content through the Service.
  • Anthropic (Claude API) to generate AI-adapted content. Only post content and GitHub event summaries are sent; no personal identifiers.
  • Cloudinary for media file storage and processing.
  • GitHub for receiving webhook events from repositories you connect.

6. Third-Party Platform Policies

Your use of connected platforms is also governed by their respective privacy policies and terms of service. We encourage you to review:

  • LinkedIn Privacy Policy
  • X (Twitter) Privacy Policy
  • Meta Privacy Policy (Threads)
  • Reddit Privacy Policy
  • GitHub Privacy Statement

7. Your Rights

You have the right to:

  • Access and export your data at any time.
  • Disconnect any social media account, revoking our access tokens.
  • Delete your account and all associated data.
  • Request information about what data we store about you.

For EU/EEA residents, you have additional rights under the GDPR, including the right to data portability, rectification, and the right to lodge a complaint with a supervisory authority.

8. Security

We implement industry-standard security measures including encrypted connections (TLS), encrypted data at rest, secure OAuth token handling, and HMAC-SHA256 webhook signature verification for GitHub events.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending you an email.

10. Contact

For any questions about this Privacy Policy or your data, contact us at privacy@gitship.dev.