ShiplogBack to Shiplog

Shiplog Privacy Policy

Effective Date: June 28, 2026

Last Updated: June 28, 2026

1. Who We Are

Shiplog is an AI-powered SaaS changelog tool operated as an independent product. Our website is located at https://getshiplog.app. If you have questions about this policy, you can reach us at 202860130@stu.scls-sh.org

2. What Data We Collect

Account Data. When you sign in with GitHub, we receive your GitHub username, numeric GitHub user ID, display name, email address, and profile avatar URL. This data is stored in our database and used to identify your account.

Repository and Pull Request Data. When you connect a GitHub repository, we receive webhook events that include the repository name, GitHub repository ID, and pull request details (number, title, URL). When a pull request is merged, we temporarily process the code diff to generate a changelog draft. Code diffs are not stored permanently — only the AI-generated draft text and any edits you make to it are retained.

Changelog Content. We store the AI-generated draft, your edits, the final published changelog text, the publication date, and the entry status (draft, published, or skipped).

Billing Data. Payments for Shiplog Pro are processed by Creem (creem.io), our merchant of record. We store your Creem customer ID and subscription ID to track your subscription status. We do not store, handle, or have access to your payment card number or other payment credentials.

Technical and Security Data. We log GitHub webhook delivery IDs and event metadata for debugging and security purposes. We use session cookies to maintain your authenticated state between page loads.

3. How We Use Your Data

We use the data we collect exclusively to provide the Shiplog service: authenticating your account, generating AI changelog drafts from your merged pull requests, displaying your published changelog on your public page and embeddable widget, and managing your subscription status.

We do not sell your data. We do not use your data for advertising.

4. Third-Party Services

Shiplog relies on the following third-party services. Each service handles data under its own privacy policy, which we encourage you to review.

GitHub (github.com) provides OAuth authentication and delivers pull request data via webhooks. Your interaction with GitHub is governed by GitHub's Privacy Statement.

DeepSeek (deepseek.com) is our AI provider. Pull request code diffs are sent to DeepSeek's API to generate plain-English changelog drafts. DeepSeek's privacy policy applies to data processed by their API.

Creem (creem.io) is our merchant of record and payment processor. All billing, tax collection, and payment processing for Shiplog Pro is handled by Creem. Creem's privacy policy governs your payment data.

Supabase (supabase.com) hosts our PostgreSQL database. Your account data, repository data, and changelog entries are stored on Supabase-managed servers. Row-level security and service-role-only access are enforced on all tables.

Vercel (vercel.com) hosts the Shiplog web application. Vercel's privacy policy applies to server-side request handling and deployment infrastructure.

Upstash (upstash.com) provides background job queuing. Webhook payloads are temporarily queued through Upstash for processing and are not retained beyond the job lifecycle.

5. Data Retention

We retain your data for as long as your account remains active. If you would like your data deleted, please contact us at 202860130@stu.scls-sh.org. We will process deletion requests within 30 days.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing 202860130@stu.scls-sh.org. If you are located in the European Economic Area or United Kingdom, you may have additional rights under GDPR or UK GDPR, including the right to lodge a complaint with your local data protection authority.

7. Security

All data is transmitted over HTTPS. Our database enforces deny-all row-level security with service-role-only access, meaning no direct client access to the database is permitted. We take reasonable technical measures to protect your data against unauthorized access.

8. Children

Shiplog is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us at 202860130@stu.scls-sh.org and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of Shiplog after changes are posted constitutes your acceptance of the updated policy.

10. Contact

For any questions, requests, or concerns about this Privacy Policy, please contact us at:

202860130@stu.scls-sh.org