Privacy Policy

Last updated: January 2026

1. Information We Collect

When you use KittyLog, we collect:

  • GitHub Account Information: Your GitHub username, email address, and profile information provided through OAuth authentication
  • Repository Data: Commit messages, pull request titles and descriptions, release notes, and repository metadata for connected repositories
  • Code Diffs (Pro/Business only): If you enable the "Include code diffs" feature, we access file changes for more detailed changelog generation. This data is sent to AI providers but not stored by KittyLog.
  • Webhook Events: We receive notifications from GitHub when releases are published, tags are created, or commits are pushed to connected repositories
  • Usage Data: Information about how you use the Service, including features used and changelog generations
  • Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)

2. How We Use Your Information

We use your information to:

  • Provide and improve the KittyLog service
  • Generate changelog entries based on your repository activity
  • Process payments and manage subscriptions
  • Send important service updates and notifications
  • Respond to support requests

3. Data Access Levels

KittyLog requests minimal GitHub permissions:

  • Default: We access commit messages, PR titles, and release notes - not your source code files
  • With "Include code diffs" enabled: Pro and Business plans can opt-in to send file changes to AI providers for richer changelogs. This code is processed but not stored by KittyLog.
  • Hosted changelogs: Generated changelogs are hosted on KittyLog. If you enable auto-commit, changelogs will also be committed to your repository.

4. Data Sharing

We do not sell your personal information. We may share data with:

  • AI Providers: Commit messages (and code diffs if enabled) are sent to AI providers to generate changelog entries. We exclusively use United States-based inference providers (currently Cerebras and Groq) that operate under API agreements prohibiting the use of your data for model training. Your data is processed transiently and is not retained by AI providers beyond the API request. We may add or change providers over time but will maintain our commitment to US-based providers with no-training agreements.
  • Payment Processors: Stripe processes payment information securely.
  • Service Providers: We use hosting (Fly.io, Cloudflare) and infrastructure providers to operate the Service.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (HTTPS) and at rest. GitHub access tokens are encrypted and stored securely. However, no method of transmission over the internet is 100% secure.

6. Data Retention

We retain your data for as long as your account is active. Generated changelogs are stored on our servers and remain accessible at your hosted changelog URL. You can delete your account at any time, which will remove your data from our systems within 30 days.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Disconnect repositories and revoke GitHub access
  • Export your data

For users in the European Economic Area (EEA), you have additional rights under GDPR including the right to data portability and the right to object to processing. Our lawful basis for processing is contract performance (providing the Service) and legitimate interests (improving the Service).

8. International Data Transfers

Your data is processed in the United States where our servers and AI providers are located. We exclusively use US-based AI inference providers and US-based hosting infrastructure. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international transfers.

9. Cookies and Analytics

We use essential cookies to maintain your session and authentication state. We do not use tracking cookies or third-party analytics that track you across websites.

We use Sentry for error monitoring and performance tracking. Sentry may record anonymized session replays to help us diagnose issues. In these recordings, all text is masked and media is blocked to protect your privacy. Sentry does not track you across other websites.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service.

11. Contact Us

For questions about this Privacy Policy or to exercise your data rights, please contact us at [email protected].