Legal

Privacy Policy

Last updated: April 01, 2026

1. Overview

changelogs.so ("we", "us") is committed to protecting your privacy. This policy describes what data we collect, how we use it, and your rights regarding your data.

2. Data We Collect

Account data: When you sign in via GitHub, we receive your GitHub username, public email address, and avatar. We store these to identify your account.

Repository data: Via GitHub App installation, we access the list of repositories you grant access to, commit messages, and release metadata. We use this solely to generate changelogs.

Subscriber data: Email addresses and names of people who subscribe to your changelog. These are stored on your behalf and used only to deliver your releases.

Billing data: Payments are handled by Stripe. We store your Stripe customer ID and subscription status. We do not store card numbers or full payment details.

Usage data: We collect basic logs (page visits, errors) for debugging and service improvement.

3. How We Use Your Data

  • To authenticate you and maintain your session
  • To generate AI changelogs from your repository commits
  • To deliver changelogs to your subscribers via email and other destinations
  • To process payments and manage your subscription
  • To send transactional emails (confirmation, billing receipts)

We do not use your data for advertising and do not sell it to third parties.

4. Third-Party Services

We use the following third-party services, each governed by their own privacy policies:

  • GitHub - authentication and repository access
  • OpenAI - changelog generation (commit messages are sent to OpenAI API)
  • Resend - email delivery
  • Stripe - payment processing

5. Data Retention

We retain your data for as long as your account is active. When you delete your account, we delete your profile, repositories, changelogs, and subscriber list within 30 days. Billing records may be retained longer for legal and accounting purposes.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability

To exercise these rights, email us at privacy@info.changelogs.so.

7. Cookies & Local Storage

We use only essential cookies and browser localStorage. We do not use tracking, analytics, or advertising cookies.

Name Type Purpose Expires
_session_id Cookie Keeps you authenticated between page visits. Set by Rails. Session / 2 weeks
cookie_consent localStorage Remembers that you accepted the cookie notice so it isn't shown again. Persistent
whats_new_last_seen localStorage Records when you last viewed "What's New" updates so the unseen badge is shown correctly. Persistent
__stripe_mid / __stripe_sid Cookie Set by Stripe on billing pages to detect fraud and ensure secure payment processing. 1 year / session

You can clear cookies and localStorage at any time through your browser settings. Clearing the session cookie will log you out.

8. Security

We use HTTPS for all data in transit. GitHub tokens and API keys are encrypted at rest. We follow security best practices but cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Service after changes constitutes acceptance.

10. Contact

Questions? Email privacy@info.changelogs.so.