Privacy Policy
Last updated: March 4, 2026
1. Information We Collect
Account Information
When you create an account, we collect your name, email address, and authentication credentials. If you sign in via GitHub or Google OAuth, we receive your public profile information and email address from those providers.
Usage Data
We automatically collect information about how you interact with the Service, including pages visited, features used, repository activity, and timestamps. This data is used to improve the Service and diagnose technical issues.
Content Data
We store the source code, binary assets, LFS objects, pull requests, reviews, and other content you upload to GitForge. This content is stored solely to provide the Service.
2. How We Use Your Information
- To provide, operate, and maintain the Service
- To authenticate your identity and manage your account
- To send transactional emails (password resets, security alerts, billing receipts)
- To monitor and improve Service performance, security, and reliability
- To respond to support requests and communicate with you
- To enforce our Terms of Service and detect abuse
- To comply with legal obligations
We do not sell your personal data to third parties. We do not use your repository content or code for advertising purposes.
3. Data Storage and Security
Your data is stored on servers located in the United States. We use industry-standard security measures including encryption in transit (TLS), encryption at rest for sensitive data, and regular security audits. LFS objects are stored in durable cloud storage with server-side encryption.
While we implement safeguards, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.
4. Cookies and Tracking
We use essential cookies to maintain your session and authentication state. We do not use third-party advertising trackers. We may use privacy-respecting analytics to understand aggregate usage patterns.
| Cookie | Purpose | Duration |
|---|---|---|
| session | Authentication session | 30 days |
| theme | Light/dark mode preference | 1 year |
| csrf | Cross-site request forgery protection | Session |
5. Third-Party Services
We may share limited information with the following categories of third parties:
- Authentication providers — GitHub, Google (for OAuth sign-in)
- Payment processor — Stripe (for billing; we do not store card numbers)
- Infrastructure providers — cloud hosting and storage (to operate the Service)
Each third-party service is bound by its own privacy policy and our data processing agreements.
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate personal data
- Deletion — request deletion of your personal data and account
- Portability — request an export of your data in a machine-readable format
- Objection — object to processing based on legitimate interests
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
7. Data Retention
We retain your account data and content for as long as your account is active. Upon account deletion, we remove your personal data within 30 days. Repository content (including LFS objects) is deleted within 90 days. We may retain anonymized, aggregated data for analytics purposes indefinitely.
8. Children's Privacy
The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete that data promptly.
9. International Transfers
If you access the Service from outside the United States, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent revision.
11. Contact
For privacy-related questions or requests, contact us at [email protected] or visit our Contact page.