Privacy Policy

Overview

Changelog Generator helps teams turn merged GitHub pull requests into customer-facing changelogs. This policy explains what data we collect, how we use it, and how to contact us. If you have questions, email hey@changeloggenerator.com.

Information We Collect

• Account information such as your name, email address, profile image, and GitHub account details provided through Firebase Authentication.
• Repository information you connect, including repository name, URL, description, visibility, selected schedule, public changelog settings, and custom domain settings.
• GitHub pull request data needed to generate changelogs, including merged PR titles, descriptions, authors, labels, PR numbers, URLs, and merge dates.
• Generated changelog drafts, edits, published changelogs, and related metadata such as creation and publish dates.
• Billing and subscription status from Stripe. We do not store full card numbers or raw payment credentials.
• Basic technical data such as server logs, request metadata, and error logs used to keep the service reliable and secure.

GitHub Data

When you connect GitHub, we request access needed to list repositories and read pull request metadata. We use that data to validate repository access, count merged PRs, and generate changelog drafts. We do not store your source code. We store repository metadata and generated changelog content so the product can work across sessions and scheduled runs.

Stored OAuth Tokens

GitHub OAuth tokens are stored in a server-only Firestore collection. Tokens are encrypted at rest with AES-256-GCM using a server-side encryption key. Client apps cannot read or write the token collection through Firestore rules. We use the token only to access GitHub on your behalf for repository listing, repository validation, PR counting, and changelog generation.

OpenAI Processing

To generate changelog drafts, we send selected pull request metadata and repository context to OpenAI. This may include PR titles, descriptions, labels, authors, URLs, and merge dates. We do not intentionally send source code. OpenAI processes this data as a service provider to produce draft changelog text.

Stripe Billing

Payments and subscription management are handled by Stripe. Stripe may collect payment method details, billing address, tax information, and transaction history. We store Stripe customer and subscription identifiers, plan, trial, and billing status so we can grant access to paid features.

How We Use Data

• Provide, secure, and improve Changelog Generator.
• Generate, save, schedule, and publish changelogs.
• Verify repository ownership and access.
• Process subscriptions, trials, payments, and invoices.
• Respond to support requests and troubleshoot issues.
• Prevent abuse, fraud, and unauthorized access.

Sharing and Service Providers

We share data with service providers only as needed to operate Changelog Generator, including Firebase/Google Cloud for authentication and storage, GitHub for repository access, OpenAI for changelog generation, Stripe for billing, and Vercel for hosting. We do not sell personal information.

Retention and Deletion

We keep account, repository, token, billing status, and changelog data for as long as needed to provide the service, meet legal obligations, resolve disputes, and maintain security. You can ask us to delete your account or data by emailing hey@changeloggenerator.com.

Security

We use reasonable technical and organizational safeguards, including Firebase authentication, server-side authorization, Firestore security rules, encrypted OAuth token storage, and limited client exposure of sensitive credentials. No system is perfectly secure, but we work to reduce risk and respond quickly to issues.

Your Choices

You can disconnect repositories, delete changelogs, cancel paid subscriptions through Stripe billing flows, or contact us to request account deletion or data export. You can also revoke GitHub OAuth access from your GitHub account settings.

Contact

For privacy questions or data requests, email hey@changeloggenerator.com.