Privacy Policy
Last updated: March 22, 2026
Hi. We're the team behind RepoWrit. This privacy policy explains what data we collect, why we collect it, and what we do with it, in plain English first, then in the formal legal language.
What We Access
RepoWrit is a GitHub App. When you install it and select repositories, we receive webhook events from GitHub (like push events and pull request notifications). When a sync is triggered, we access your repository metadata and code through the GitHub API using the permissions you granted during installation.
We only access your code when a sync is actively running. We don't continuously monitor or clone your repositories.
How We Use AI
When you trigger a documentation sync, relevant code snippets and commit diffs are sent to Anthropic's Claude API for analysis. Claude generates summaries, documentation updates, and semantic embeddings.
Important: We use Anthropic's API with zero-data-retention settings where available. Anthropic does not use your data to train their models through our API usage.
What We Store
- User profiles - Your GitHub username, email, avatar URL, and account preferences are stored in our database (hosted on Supabase).
- Sync logs - We store metadata about each documentation sync: timestamps, status, repository name, and generated summaries.
- Embeddings - We store vector embeddings of your documentation for semantic search functionality.
- We do NOT store your full source code on our servers long-term. Code is processed in-memory during a sync and discarded afterward.
What We Never Do
- We never train AI models on your code. Your code and documentation are never used as training data for any AI model.
- We never sell your data. We don't sell, rent, or share your personal information with third parties for their marketing purposes.
- We never access repos you haven't explicitly selected. We only interact with repositories you've chosen during GitHub App installation.
Payments
All payment processing is handled by Lemon Squeezy, our Merchant of Record. We never see, process, or store your credit card numbers or payment details. Lemon Squeezy's privacy policy applies to all payment-related data. You can review it at lemonsqueezy.com/privacy.
Privacy Policy
1. Information We Collect
1.1 Information from GitHub When you install the RepoWrit GitHub App, we receive: your GitHub user ID, username, email address, avatar URL, and the list of repositories you grant access to. During sync operations, we temporarily access repository content (source code, commit history, file metadata) through the GitHub API.
1.2 Account Information We store your user profile, subscription tier, and usage metrics in our database hosted on Supabase (a SOC 2 Type II compliant platform).
1.3 Usage Data We collect basic analytics about how you use RepoWrit: pages visited, features used, sync frequency, and error logs. This helps us improve the service.
1.4 Payment Information Payment data is collected and processed exclusively by Lemon Squeezy. We receive subscription status notifications (active, cancelled, expired) but never receive or store payment card details.
2. How We Use Your Information
We use your information to:
- Provide and maintain the RepoWrit service
- Process and generate AI-powered documentation
- Authenticate your identity via GitHub OAuth
- Communicate service updates and important notices
- Monitor and prevent abuse of the service
- Improve the product based on aggregated, anonymized usage patterns
3. Data Sharing and Third Parties
We share data with the following third-party services, strictly for service operation:
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude API) | AI analysis and documentation generation | Code snippets, commit diffs (zero-retention) |
| Supabase | Database and authentication | User profiles, sync logs, embeddings |
| Lemon Squeezy | Payment processing | Email, subscription tier (they collect payment details directly) |
| GitHub | Source code access and OAuth | OAuth tokens, repository data |
We do not sell your data. We do not share your data with advertisers.
4. Data Retention
- User profiles: Retained while your account is active. Deleted upon account deletion request.
- Sync logs and summaries: Retained while your account is active.
- Source code: Not retained. Processed in-memory during sync operations and discarded.
- Embeddings: Retained while your account is active for semantic search. Deleted upon account deletion.
5. Your Rights
You have the right to:
- Access your personal data stored by RepoWrit
- Delete your account and all associated data
- Revoke GitHub App access at any time through your GitHub settings
- Export your data upon request
To exercise any of these rights, contact us at support@repowrit.com.
6. Cookies
RepoWrit uses only strictly necessary cookies. We do not use any marketing, advertising, or tracking cookies.
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
sb-*-auth-token | Supabase authentication session. Keeps you signed in and verifies your identity. | Session / 1 year (refresh token) | Supabase |
sb-*-auth-token-code-verifier | PKCE code verifier for secure OAuth flow during GitHub sign-in. | Session | Supabase |
For full details, see our Cookie Policy.
7. Security
We implement industry-standard security measures including encrypted connections (TLS), Row Level Security (RLS) on our database, and secure API key management. However, no internet service is 100% secure, and we cannot guarantee absolute security.
8. Children's Privacy
RepoWrit is not intended for children under 13. We do not knowingly collect information from children under 13.
9. Changes to This Policy
We may update this policy from time to time. Significant changes will be communicated via email or an in-app notification. Continued use of RepoWrit after changes constitutes acceptance of the updated policy.
10. Contact
For privacy-related questions or requests:
- Email: support@repowrit.com
- GitHub: Open an issue on our repository
This policy is effective as of March 22, 2026.