Privacy Policy

Last updated: February 7, 2026

1. Introduction

Welcome to Repo-st ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Information You Provide

GitHub Account: When you sign in with GitHub, we receive your GitHub username, email, and profile information
Twitter/X Account: When you connect your Twitter account, we receive your Twitter username and access tokens
Repository Data: Information about the GitHub repositories you choose to connect
Payment Information: Payment details are processed securely by Stripe and we only store transaction IDs

2.2 Automatically Collected Information

Usage Data: Information about how you use our service, including features accessed and time spent
Device Information: Browser type, operating system, IP address
Cookies: We use cookies to maintain your session and improve user experience

2.3 Commit Data

Commit messages, SHA hashes, and timestamps from connected repositories
This data is used solely to generate AI-powered social media threads
We do NOT access your source code or repository contents

3. How We Use Your Information

Service Delivery: To provide and maintain our AI thread generation service
Account Management: To create and manage your account
Payment Processing: To process your subscription payments
Communication: To send you service updates, security alerts, and support messages
Improvement: To analyze usage patterns and improve our service
Legal Compliance: To comply with legal obligations and enforce our terms

4. Data Sharing and Disclosure

We DO NOT sell your personal information. We may share your data only in these circumstances:

Service Providers: OpenAI (for AI generation), Stripe (for payments), Supabase (for database hosting)
Legal Requirements: When required by law, court order, or to protect our rights
Business Transfers: In case of merger, acquisition, or sale of assets
With Your Consent: When you explicitly authorize us to share your information

5. Third-Party Services

Our service integrates with:

GitHub: For authentication and repository webhooks (GitHub Privacy Policy)
Twitter/X: For posting threads (Twitter Privacy Policy)
OpenAI: For AI thread generation (OpenAI Privacy Policy)
Stripe: For payment processing (Stripe Privacy Policy)
Supabase: For data storage (Supabase Privacy Policy)

6. Data Security

We implement industry-standard security measures:

HTTPS encryption for all data in transit
Row Level Security (RLS) on our database
HMAC signature validation for webhooks
Secure OAuth token storage
Regular security audits

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

Account Data: Retained until you delete your account
Generated Threads: Retained indefinitely unless you delete them
Usage Logs: Retained for 90 days for security and debugging
Payment Records: Retained for 7 years for legal compliance

8. Your Rights (GDPR/CCPA)

You have the right to:

Access: Request a copy of your personal data
Correction: Update or correct your information
Deletion: Request deletion of your account and data
Portability: Export your data in a machine-readable format
Objection: Object to certain processing of your data
Withdraw Consent: Revoke consent for data processing at any time

To exercise these rights, email us at mathieu.leclercq@esme.fr

9. Cookies Policy

We use the following types of cookies:

Essential Cookies: Required for authentication and basic functionality
Preference Cookies: Remember your settings (theme, language)
Analytics Cookies: Help us understand how you use our service

You can disable cookies in your browser settings, but this may limit functionality.

10. Children's Privacy

Our service is not intended for users under 13 years old. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for EU data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our service. Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or requests: