Organization
gitstrat
Privacy

Privacy Policy

gitstrat • Last Updated: April 26, 2026

1. Introduction

Welcome to gitstrat ("we", "our", or "us"). gitstrat helps engineering teams understand how their pull requests align with strategic business goals by analyzing public and private repository data through secure OAuth connections. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and service at gitstrat.com (the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information from OAuth Providers

When you sign in using Bitbucket or GitHub, we collect:

  • Your name, email address, and profile information provided by the OAuth provider
  • Your unique user ID from the provider
  • OAuth access tokens (and refresh tokens where provided) used only to access your repositories

2.2 Repository and Pull Request Data

To provide the alignment analysis, we access and store:

  • Repository metadata (name, owner, description)
  • Pull Request data including:
    • Title and description
    • Changed file paths and file names (scope)
    • PR state, creation date, and author information
  • Goals and keywords you create within the Service
  • Alignment mappings between your Pull Requests and Goals

We do not access or store the actual source code content of your files; only metadata and file paths.

2.3 Usage Data

We automatically collect:

  • IP address, browser type, and device information
  • How you interact with the Service (pages visited, features used)
  • Error logs and performance data

3. How We Use Your Information

We use the collected information to:

  • Authenticate you and provide access to the Service
  • Analyze pull requests and calculate alignment scores with your strategic goals
  • Generate dashboards, reports, and insights
  • Improve our Service and develop new features (including future AI-powered matching)
  • Communicate with you about the Service (updates, support, security notices)
  • Prevent fraud and ensure the security of our Service

4. Data Sharing and Third Parties

We do not sell your personal data. We may share your information with:

  • OAuth Providers (Bitbucket and GitHub) - only as required to authenticate and fetch repository data
  • Hosting and Infrastructure Providers (e.g., Vercel, Render, Supabase, or similar) - to host and operate the Service
  • Analytics and Error Monitoring Tools - for service improvement (anonymized where possible)

We will never share your repository content or sensitive PR data with third parties for marketing purposes.

5. Data Storage and Security

  • Your data is stored securely in databases hosted on reputable cloud providers.
  • We use industry-standard encryption for data in transit and at rest.
  • OAuth tokens are stored securely and revoked when no longer needed.
  • We retain your data only as long as necessary to provide the Service or as required by law.

6. Your Rights and Choices

You can:

  • Request access to the personal data we hold about you
  • Request correction or deletion of your data (note: deleting your account will remove your goals and alignment history)
  • Revoke OAuth access at any time through Bitbucket/GitHub settings (this will prevent further data syncing)
  • Opt out of non-essential communications

To exercise these rights, please contact us at: privacy@gitstrat.com.

7. Children’s Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us: privacy@gitstrat.com.

gitstrat