Skip to main content

Privacy Policy

Last updated: November 30, 2025

Your changelog automation, your privacy. We're committed to protecting your data while delivering powerful AI-powered changelog generation.

Our Privacy Principles

  • We collect only what's necessary to provide our changelog automation service
  • Your repository data is accessed only to generate changelogs, never sold or shared
  • Full transparency about how we use third-party services like OpenAI and Stripe

Definitions

Personal Data
Information that identifies you as an individual, such as your name, email address, and GitHub username.
Usage Data
Information collected automatically through your use of the service, including repository metadata, changelog generation requests, and feature usage patterns.
Service
AutoChangelog, accessible at autochangelog.com, including all associated features and functionality.
We, Us, Our
AutoChangelog.

Information We Collect

Account Information

When you sign up through GitHub OAuth, we collect:

  • GitHub username and public profile information
  • Email address for account management and notifications
  • OAuth access token to access your repositories (stored encrypted)

Repository Data

To generate changelogs, we access:

  • Repository metadata (name, description, default branch)
  • Commit history for enabled repositories
  • Pull request information (titles, descriptions, merge status)
  • Code diffs (limited to first 20 lines of changes per file for context)
  • Release information if you create GitHub releases

Payment Information

Payment processing is handled entirely by Stripe. We store:

  • Stripe Customer ID to manage your subscription
  • Subscription status and plan tier
  • Billing history through Stripe (not directly on our servers)

We never see or store your credit card information. All payment data is handled securely by Stripe.

Usage Data

We automatically collect:

  • Changelog generation requests (timestamps, versions)
  • Feature usage statistics (which features you use, how often)
  • Error logs to diagnose and fix issues
  • Session information (login times, last activity)

How We Use Your Information

We use your information solely to provide and improve our service:

  • Generate AI-powered changelogs from your commits and pull requests
  • Manage your account and authenticate your access
  • Process payments and manage subscriptions through Stripe
  • Send service notifications (new changelog drafts, important updates)
  • Improve the service by analyzing usage patterns and fixing bugs
  • Provide customer support when you contact us
  • Enforce our terms and prevent abuse

We will never: Sell your data to third parties, use your code for training AI models (beyond generating your changelogs), or share your repository information with anyone without your permission.

Data Retention

We retain your data as follows:

  • Active accounts: Data retained as long as your account is active
  • Deleted accounts: Personal data deleted within 30 days of account deletion
  • Changelog entries: Remain available until you manually delete them
  • Session data: Stored in Redis with 24-hour expiration
  • Logs and analytics: Retained for up to 90 days for troubleshooting and service improvement

You can delete your account and all associated data at any time from your account settings.

Third-Party Services

We use the following trusted third-party services to operate AutoChangelog:

GitHub

Purpose: Authentication and repository access

Data shared: Your GitHub username, email, and repository metadata

Privacy policy: GitHub Privacy Statement

OpenAI

Purpose: AI-powered changelog generation

Data shared: Commit messages, PR descriptions, and code diffs to generate summaries

Note: OpenAI does not use API data to train their models

Privacy policy: OpenAI Privacy Policy

Stripe

Purpose: Payment processing and subscription management

Data shared: Email address, name, and payment information (handled directly by Stripe)

Privacy policy: Stripe Privacy Policy

AWS SES

Purpose: Email delivery (notifications, drafts)

Data shared: Email address and message content

Privacy policy: AWS Privacy Notice

Sentry

Purpose: Error monitoring and debugging

Data shared: Error logs, stack traces, and user context (sanitized)

Privacy policy: Sentry Privacy Policy

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data transmitted over HTTPS/TLS
  • Encrypted storage: GitHub OAuth tokens stored encrypted in our database
  • Access controls: Your data is only accessible to you and authorized system processes
  • Regular updates: We keep our software and dependencies up to date with security patches
  • Webhook security: HMAC-SHA256 signatures verify all webhook requests
  • Rate limiting: Protection against brute force and abuse attempts

While we implement strong security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your Privacy Rights

You have the following rights regarding your personal data:

  • Right to access: Request a copy of all personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your account and all associated data
  • Right to restrict processing: Request we limit how we use your data
  • Right to data portability: Request your data in a machine-readable format
  • Right to object: Object to how we process your data for certain purposes
  • Right to opt-out: Unsubscribe from marketing emails at any time

To exercise any of these rights, contact us at hello@autochangelog.com

For EEA/UK Residents

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR. We process your data based on your consent (OAuth authentication) and contract necessity (providing the service). You have the right to lodge a complaint with your local supervisory authority.

Children's Privacy

AutoChangelog is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately and we will delete it.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place when transferring data internationally, including:

  • Using third-party services that comply with international data protection standards
  • Implementing standard contractual clauses approved by relevant authorities
  • Ensuring adequate data protection measures are in place

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice within the service

Your continued use of AutoChangelog after such changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

AutoChangelog

Email: hello@autochangelog.com

Website: autochangelog.com

We aim to respond to all privacy-related inquiries within 30 days.