Legal

Privacy Policy

Last updated: April 01, 2026

1. Overview

changelogs.so ("we", "us") is committed to protecting your privacy. This policy describes what data we collect, how we use it, and your rights regarding your data.

2. Data We Collect

Account data: When you sign in via GitHub, we receive your GitHub username, public email address, and avatar. We store these to identify your account.

Repository data: Via GitHub App installation, we access the list of repositories you grant access to, commit messages, and release metadata. We use this solely to generate changelogs.

Subscriber data: Email addresses and names of people who subscribe to your changelog. These are stored on your behalf and used only to deliver your releases.

Billing data: Payments are handled by Stripe. We store your Stripe customer ID and subscription status. We do not store card numbers or full payment details.

Usage data: We collect basic logs (page visits, errors) for debugging and service improvement.

3. How We Use Your Data

  • To authenticate you and maintain your session
  • To generate AI changelogs from your repository commits
  • To deliver changelogs to your subscribers via email and other destinations
  • To process payments and manage your subscription
  • To send transactional emails (confirmation, billing receipts)

We do not use your data for advertising and do not sell it to third parties.

4. Third-Party Services

We use the following third-party services, each governed by their own privacy policies:

  • GitHub — authentication and repository access
  • OpenAI — changelog generation (commit messages are sent to OpenAI API)
  • Resend — email delivery
  • Stripe — payment processing

5. Data Retention

We retain your data for as long as your account is active. When you delete your account, we delete your profile, repositories, changelogs, and subscriber list within 30 days. Billing records may be retained longer for legal and accounting purposes.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability

To exercise these rights, email us at privacy@changelogs.so.

7. Cookies

We use a session cookie to keep you logged in. We do not use tracking or advertising cookies.

8. Security

We use HTTPS for all data in transit. GitHub tokens and API keys are encrypted at rest. We follow security best practices but cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Service after changes constitutes acceptance.

10. Contact

Questions? Email privacy@changelogs.so.