Data & Privacy

At GitProductivity, we take data privacy and security seriously. This document explains how we handle, protect, and process your data.

What Data We Collect

Git Metadata

We collect only git metadata - never the actual code content:

| Data Type | Examples | Purpose | |-----------|----------|---------| | Commit info | Hash, message, author, date | Attribution & analysis | | File changes | Paths, additions, deletions | Complexity estimation | | Pull requests | Titles, descriptions, reviewers | Code review patterns | | Branch data | Names, last commit | Activity tracking | | Repository info | Name, visibility, language | Organization |

User Data

For authenticated users, we collect:

• Account info: Email, name, avatar (from OAuth)
• Team membership: Role, access levels
• Preferences: Dashboard settings, notifications
• API keys: Encrypted access tokens

How We Use Your Data

Your data is used solely to:

1. Provide our services: Calculate and display productivity metrics
2. Improve our AI: Refine workday estimation algorithms (anonymized)
3. Support: Help troubleshoot issues you report
4. Communication: Send important account updates

Data Security

Encryption

• In transit: All data encrypted via TLS 1.3
• At rest: AES-256 encryption for stored data
• Backups: Encrypted backups with separate key management

Access Controls

• Role-based: Teams with different permission levels
• Audit logging: All access attempts logged
• MFA support: Two-factor authentication available

Infrastructure

• Cloud: AWS with SOC 2 Type II certified data centers
• Self-hosted: Deploy on your own infrastructure
• Regions: EU and US data residency options

Compliance

GDPR

We are fully GDPR compliant:

• Lawful basis: Legitimate interest for analytics
• Data subject rights: Access, rectification, deletion, portability
• Processing records: Maintained internally
• DPO: Contact dpo@gitproductivity.com

SOC 2

Our infrastructure maintains SOC 2 Type II compliance:

• Security
• Availability
• Confidentiality

CCPA

California residents have rights under CCPA:

• Right to know
• Right to delete
• Right to opt-out

Data Retention

Retention Periods

| Data Type | Retention | Reason | |-----------|-----------|--------| | Git metadata | 2 years | Historical analysis | | Aggregated metrics | Indefinite | Trend analysis | | User account | While active | Service provision | | API logs | 30 days | Security & debugging |

Deletion

You can delete your data:

1. Self-service: Delete repositories from dashboard
2. Account deletion: Delete entire account in settings
3. Support request: Contact support for bulk deletion

Third-Party Services

We use trusted third-party services:

| Service | Purpose | Data Shared | |---------|---------|-------------| | AWS | Cloud infrastructure | System logs | | GitHub/GitLab | OAuth authentication | Basic profile | | Stripe | Payment processing | Payment info only |

All third parties are contractually bound to protect your data.

Your Rights

You have the following rights:

1. Access: View all data we hold about you
2. Rectification: Correct inaccurate data
3. Deletion: Request data deletion
4. Portability: Export your data in machine-readable format
5. Restriction: Limit how we process your data
6. Objection: Object to specific processing

To exercise these rights, contact privacy@gitproductivity.com.

Security Best Practices

For Your Account

• Use a strong, unique password
• Enable two-factor authentication
• Rotate API keys regularly
• Review access logs periodically

For Your Organization

• Grant minimum necessary permissions
• Regularly audit team members
• Remove inactive accounts
• Configure repository exclusions

Contact

For privacy-related questions:

• Email: privacy@gitproductivity.com
• DPO: dpo@gitproductivity.com
• Security: security@gitproductivity.com

We respond to privacy requests within 30 days.

Updates

We may update this policy periodically. We will notify users of material changes via email or in-app notification.

Last updated: March 2026