How We Use Your Information

At .git, we believe in building developer tools that respect your time, your code, and your privacy. This page transparently outlines what data we collect, why we collect it, how we use it, and the controls you have over your information.

Information We Collect

We only collect data necessary to deliver, secure, and improve our platform. This includes:

• Account Information: Name, email address, and organization details provided during signup.
• Usage Metrics: Anonymous telemetry about platform performance, deployment frequency, and feature usage to optimize reliability.
• Repository Metadata: Branch names, commit hashes, and repository structure. We never store or index your actual source code unless explicitly configured for hosted CI/CD.
• Logs & Diagnostics: System logs, error reports, and crash diagnostics required for debugging and security monitoring.
• Communications: Records of support tickets, emails, or in-app messages for response tracking.

How We Use Your Information

Your data enables us to provide a secure, fast, and reliable developer experience:

• Service Delivery: Processing deployments, managing CI/CD pipelines, and maintaining account access.
• Security & Compliance: Detecting unauthorized access, preventing fraud, and maintaining SOC 2 / ISO 27001 compliance.
• Platform Optimization: Analyzing aggregate performance data to reduce latency and improve build times.
• Personalization: Tailoring dashboard views, notification preferences, and recommendation algorithms.
• Billing & Support: Processing subscriptions, issuing invoices, and resolving technical inquiries.

Sharing & Third Parties

We do not share, sell, or license your personal data or repository contents for marketing or advertising. We only share information when:

• Service Providers: Working with vetted vendors (e.g., AWS, Cloudflare, Stripe) under strict data processing agreements to host infrastructure, process payments, or deliver analytics.
• Legal Requirements: Responding to valid subpoenas, court orders, or government requests where legally compelled.
• Business Transfers: In the event of a merger, acquisition, or asset sale, data will be transferred subject to equivalent privacy protections.
• With Your Consent: Explicitly granting permission for integrations, webhooks, or third-party connections you authorize in your settings.

Data Security

We implement industry-leading safeguards to protect your information:

• End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
• Role-based access control (RBAC) and principle of least privilege for internal systems
• Regular third-party penetration testing and vulnerability assessments
• Isolated tenant architecture to prevent cross-account data leakage

Despite these measures, no system is 100% immune. We maintain comprehensive incident response protocols and will notify affected users within 72 hours of any confirmed breach involving personal data.

Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

• Access & Export: Download a machine-readable copy of all data we hold about you.
• Rectify: Update or correct inaccurate account information.
• Delete: Request permanent erasure of your account and associated data.
• Opt-Out: Unsubscribe from marketing communications or disable non-essential telemetry.
• Portability: Transfer your project configurations to alternative platforms.

Enterprise customers can submit requests via the .git Admin Console or contact our DPO directly. All requests are processed within 30 days.

Retention & Deletion

We retain data only as long as necessary to fulfill the purposes outlined here, comply with legal obligations, resolve disputes, and enforce agreements.

• Active account data is retained until deletion or account closure.
• Logs and diagnostics are anonymized or purged after 90 days.
• Billing records are kept for 7 years per financial regulations.

Upon account deletion, all identifiable data is permanently removed from our primary systems within 14 days, with backups purged within 30 days in accordance with our retention schedule.