Privacy Policy

Effective: May 17, 2026

This Privacy Policy explains what data docs-keeper collects, why, and how long we keep it. Short version: we collect the minimum needed to generate documentation, we never sell your data, and we never persist your full source code.

1. Data we collect

  • Account data — your GitHub-provided email and user ID, set when you sign in.
  • Installation data — the GitHub installation ID, the org and repo slugs you grant access to, and your selected plan.
  • Run data — for each merged PR we process: the PR number and title, the merge SHA, the diff context we sent to the model, token counts, generated diffs, validation outcomes, and cost in USD cents.
  • Webhook deliveries — GitHub event deliveries we receive (kept 14 days for replay/debugging).

2. Data we do NOT collect

  • Your full source code (only the diff context we need to generate docs).
  • Your GitHub access token (the GitHub App SDK handles auth transactionally).
  • Payment-card numbers (Lemon Squeezy handles checkout; we receive only the order ID).

3. How we use it

  • Generate documentation PRs (the core product).
  • Bill paid plans and prevent abuse of free plans.
  • Send transactional emails about your runs, billing, and security alerts.
  • Improve the Service via aggregated, de-identified analytics.

We do not use your diff context or generated drafts to train any AI model.

4. Third-party processors

  • Supabase — primary data store (Postgres, hosted in Singapore).
  • OpenRouter / Anthropic — LLM inference. Inputs are sent over TLS with zero data retention headers requested. We do not enable training opt-in.
  • Lemon Squeezy — billing and merchant-of-record. They handle all card-data processing.
  • Resend — transactional email delivery.

5. Retention

  • Run metadata: kept while your account exists.
  • Generated diffs: kept 90 days unless you delete them sooner.
  • Webhook deliveries: kept 14 days.
  • Billing records: kept 7 years (legal requirement).

Delete your account from Settings → Account to remove all run metadata and generated diffs within 7 days.

6. Your rights

Depending on where you live, you may have rights under GDPR, UK GDPR, CCPA, or similar laws — including access, correction, deletion, and portability. Two self-service flows are available directly from your account:

  • Export your data — visit Settings → Account and choose Export my data. We return a JSON file containing every row we hold about you (account, sessions, memberships, notifications, audit log, API key metadata). OAuth tokens, session tokens, hashed API keys, and webhook secrets are excluded because they are credentials, not personal data.
  • Delete your account — visit Settings → Account and choose Delete account. Your email, name, profile image, and last-known IP are anonymised immediately and every active session is invalidated. After a 30-day grace period (so accidental deletions can be recovered by emailing us), the underlying row is hard-deleted and related run metadata cascades.

For everything else — correction requests, GDPR DSARs, questions about specific records — email [email protected]and we'll respond within 30 days.

7. Security

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). We rotate keys quarterly and practice principle-of-least-privilege access. See our Security page for vulnerability reporting.

8. Changes

We may update this Policy. Material changes will be announced 30 days before they take effect. Continued use after the effective date constitutes acceptance.

9. Contact

Privacy questions or DSAR requests: [email protected].