Releasebot

Privacy Policy

Last updated: February 11, 2026

This Privacy Policy describes how Releasebot ("we", "us", or "our") collects, uses, and protects your information when you use our AI-powered changelog service ("Service").

1. Information We Collect

Account Information

When you sign in with GitHub, we receive your GitHub username, email address, and avatar URL. We do not store your GitHub password or access tokens beyond the session.

Repository Data

When you install our GitHub App, we access repository metadata, pull request titles and descriptions, commit messages, and branch information for repositories you choose to connect. This data is used solely to generate changelog entries.

Generated Content

We store the changelog entries generated by the Service, including titles, summaries, descriptions, and associated metadata (author, change type, tags).

Billing Information

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription details but do not store credit card numbers or payment credentials.

Usage Data

We track generation counts, token usage, and feature usage to enforce plan limits and improve the Service. We use Google Analytics for aggregate web analytics.

2. How We Use Your Information

  • Providing the Service: Generating changelog entries, managing subscriptions, and delivering notifications.
  • Communication: Sending transactional emails (welcome, trial reminders, payment confirmations, usage alerts) and changelog subscriber notifications.
  • Improvement: Analyzing usage patterns to improve AI generation quality and Service features.
  • Security: Detecting and preventing fraud, abuse, or security threats.

3. AI Processing

Your repository data (PR titles, descriptions, commit messages) is sent to third-party AI providers to generate changelog entries. This data is processed in real-time and is not used to train AI models. We apply token budgets and truncation to minimize the data sent.

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe: For payment processing.
  • AI Providers: For changelog generation (data is not retained by providers).
  • Resend: For transactional email delivery.
  • Vercel: For hosting and custom domain management.
  • Supabase: For database hosting.

5. Public Changelog Pages

Published changelog entries are publicly accessible at your repository's changelog URL. Draft and hidden entries are not publicly visible. You control which entries are published.

6. Data Retention

We retain your account data and changelog entries for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Anonymized usage data may be retained for analytics purposes.

7. Data Security

We implement industry-standard security measures including HTTPS encryption, Row Level Security in our database, HMAC-verified webhooks, and secure token handling. However, no method of transmission over the Internet is 100% secure.

8. Cookies

We use essential cookies for authentication and session management. We use Google Analytics cookies for aggregate usage analytics. You can disable non-essential cookies through your browser settings.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your changelog entries.
  • Opt out of non-essential communications via your notification settings.

10. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at hi@releasebot.ai.