1. What We Collect
When you sign in with GitHub OAuth, we collect:
- Your public GitHub profile information (username, display name, avatar)
- Your email address
- Usage data (pages generated, features used, access timestamps)
- Basic device and browser information for analytics
2. What We Don't Collect
We want to be clear about what we avoid:
- We do not read your private repositories. ShipKit only accesses public repository data.
- We do not store your source code. We analyze public README files and metadata to generate landing pages, but do not retain raw code.
- We do not sell, rent, or trade your personal information to third parties.
3. How We Use Your Data
- Provide the Service: Generate and host landing pages from your repositories
- Improve the product: Understand usage patterns to build better features
- Communicate: Send account-related notifications and updates about the Service
4. Third-Party Services
We use the following third-party services to operate ShipKit:
- Stripe — payment processing. Stripe handles all payment data directly; we never see or store your full card number.
- Vercel — application hosting and deployment
- Cloudflare — DNS management and CDN
Each of these services has their own privacy policy governing how they handle data.
5. Cookies
We use minimal cookies. ShipKit sets a single authentication session cookie required to keep you signed in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
6. Data Retention
We retain your data for as long as your account is active. When you delete your account, we remove your personal data and generated landing pages within 30 days. Some anonymized, aggregated data may be retained for analytics purposes.
7. Your Rights
You have the right to:
- Delete your account and all associated data at any time
- Export your data by contacting us
- Access your data to see what information we hold about you
- Correct your data if any information is inaccurate
8. GDPR Compliance
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- We process your data based on your consent (signing in) and legitimate interest (operating the Service)
- You may request data portability, restriction of processing, or object to processing
- You may lodge a complaint with your local data protection authority
For any GDPR-related requests, contact us at support@getshipkit.dev.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email. Your continued use of ShipKit after changes take effect constitutes acceptance of the updated policy.