GitSnitchGitSnitch

Privacy Policy

Effective date: June 10, 2026

1. Overview

GitSnitch ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you agree to the practices described here.

2. Information We Collect

2.1 Information you provide

  • GitHub account details obtained during OAuth sign-in (username, email address, avatar URL, GitHub user ID)
  • Notification settings, alert preferences, and business hours configuration you enter in the dashboard
  • Billing information processed by Stripe or GitHub Marketplace (we do not store raw card numbers)

2.2 Information from GitHub

  • Webhook event payloads from your GitHub organization, including push events, membership changes, branch protection changes, pull requests, and security advisory notifications
  • Repository metadata referenced in those events (names, SHAs, actor usernames)
  • GitHub App installation identifiers and organization identifiers

2.3 Usage and technical information

  • Server-side request logs (IP address, request ID, HTTP method, path, response code, timestamp)
  • Error logs for diagnosing service failures

We do not use browser-side analytics, tracking pixels, or third-party advertising scripts.

3. How We Use Your Information

  • Provide, operate, and improve the Service
  • Generate security alerts based on your organization's GitHub activity
  • Send alert notifications via email and configured integrations (Slack, webhooks)
  • Send transactional emails related to your account (billing confirmations, plan changes)
  • Diagnose and fix technical issues
  • Comply with legal obligations

We do not sell your personal information. We do not use your data to train machine learning models or share it with advertisers.

4. Data Retention

Webhook events and alerts are retained according to your plan: 7 days on the free plan, 90 days on the Pro plan, and indefinitely on the Enterprise plan. Account information is retained for as long as your account is active. You may request deletion of your account and associated data at any time by contacting support@gitsnitch.com. Server logs are retained for up to 90 days for security and debugging purposes.

5. Data Security

We protect your data using the following measures:

  • OAuth tokens stored in the database are encrypted at rest using AES-256-GCM
  • All data in transit is encrypted via TLS
  • GitHub webhook payloads are verified using HMAC-SHA256 signatures before processing
  • Session tokens are short-lived JWTs; refresh tokens are stored as SHA-256 hashes only
  • Access to production systems is restricted to authorized personnel

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to support@gitsnitch.com.

6. Third-Party Services

We use the following third-party services to operate GitSnitch:

  • GitHub — OAuth authentication and webhook delivery
  • Stripe — Payment processing for paid subscriptions. Stripe's privacy policy governs data shared with them.
  • Amazon Web Services — Cloud infrastructure and hosting
  • SendGrid / SMTP provider — Transactional email delivery

We do not share your data with these providers beyond what is necessary to provide the Service.

7. Cookies and Sessions

GitSnitch uses HTTP-only session cookies to maintain your authenticated session. We do not use cookies for advertising or cross-site tracking. The session cookie expires after 15 minutes of inactivity; a longer-lived refresh token cookie (7 days) is used to re-issue session tokens without requiring re-authentication.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to or restrict certain processing of your data
  • Data portability (receive your data in a structured format)

To exercise these rights, contact us at support@gitsnitch.com. We will respond within 30 days.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice within the Service at least 14 days before they take effect. The effective date at the top of this page always reflects the most recent version.

11. Contact Us

Questions or concerns about this Privacy Policy may be directed to support@gitsnitch.com.