Privacy Policy
Last update: November 14, 2024
Introduction
Welcome to prbot, a micro-SaaS that automates pull request sharing to Slack, synchronizes updates, and offers features to enhance collaboration for development teams. This Privacy Policy explains how we collect, use, safeguard, and disclose information that results from your use of our Service.
By using prbot, you agree to the collection and use of information in accordance with this policy. If you have any questions or need further clarification, please contact us at runprbot@gmail.com.
Definitions
- SERVICE: Refers to the prbot platform and website accessible at https://prbot.app
- PERSONAL DATA: Information about an individual that can be identified directly or indirectly
- USAGE DATA: Information collected automatically, such as your device's IP address, browser type, or usage patterns
- COOKIES: Small data files stored on your device to enhance your experience
- DATA CONTROLLER: prbot, which determines the purposes and means of processing your data
- DATA PROCESSORS: Third-party service providers who process data on our behalf
- USER: Any individual or organization using our Service
Information We Collect
Personal Data
When you use prbot, we may collect the following:
- Email address
Usage Data
- IP address, browser details, and usage statistics
- Pages visited, time spent on pages, and error logs
Access Tokens
We collect access tokens to GitHub and Slack through OAuth workflows. These tokens are stored securely and encrypted by default.
Cookies
Our Service uses cookies to:
- Maintain session information
- Analyze and improve functionality
How We Use Your Data
- Provide and maintain our Service
- Process payments securely
- Notify you about updates and new features
- Improve and analyze Service performance
- Address technical issues and provide customer support
- Send newsletters or marketing materials, with your consent
You can opt-out of receiving marketing communications by clicking the "unsubscribe" link in emails or contacting us directly.
Data Management
Retention of Data
We retain Personal Data for as long as necessary to:
- Comply with legal obligations
- Resolve disputes
- Enforce agreements
Usage Data is retained for shorter periods unless it's needed for security or performance purposes.
Transfer of Data
Your information, including Personal Data, may be stored on servers located outside your country of residence. By using prbot, you consent to such transfers, subject to appropriate safeguards.
Sharing Your Data
We may share your data:
- With service providers (e.g., payment processors, GitHub, Slack)
- When required by law or governmental requests
- To enforce our Terms of Service
We do not sell or rent your Personal Data to third parties.
Your Rights and Security
Data Protection Rights
If you are located in the EU, EEA, or California, you have specific rights under the GDPR and CCPA, including:
- Accessing and updating your Personal Data
- Requesting deletion of your data
- Restricting or objecting to data processing
- Portability of your data
- Withdrawal of consent
To exercise these rights, contact us at runprbot@gmail.com. Please note that fulfilling certain requests may limit your ability to use parts of the Service.
Security Measures
We implement industry-standard security measures to protect your data, though no method of transmission or storage is entirely secure. While we strive to protect your information, we cannot guarantee absolute security.
All sensitive data, including access tokens, are stored securely and encrypted by default in our database. We do not access any personal data from GitHub repositories, including your code, nor store sensitive data as pull request titles. The data stored from pull request events consists only of IDs and metadata, with no business-sensitive data included, except for the YAML configurations you choose to upload.
Technical Details
Cookies and Tracking
We use cookies for essential functions and analytics. You can disable cookies in your browser settings, but this may affect your experience with our Service.
Third-Party Services
We use trusted third-party providers for:
- Cloud Provider (e.g., Google Cloud Platform)
- Analytics tools (e.g., Google Analytics)
- Payment processing (e.g., Lemon Squeezy)
- OAuth services (e.g., GitHub, Slack)
These services have their own privacy policies, and we recommend reviewing them for further information.
Analytics
We may use third-party Service Providers to monitor and analyze the use of our Service.
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en
We also encourage you to review Google's policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.
Legal Information
California Privacy Protection Act (CalOPPA)
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy.
According to CalOPPA we agree to the following:
- Users can visit our site anonymously
- Our Privacy Policy link includes the word "Privacy" and can easily be found on the home page
- Users will be notified of any privacy policy changes on our Privacy Policy Page
- Users are able to change their personal information by emailing us at runprbot@gmail.com
Do Not Track Signals
Our Policy on "Do Not Track" Signals:
We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
California Consumer Privacy Act (CCPA)
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:
a) Information Request
If you make this request, we will return to you:
- The categories of personal information we have collected about you
- The categories of sources from which we collect your personal information
- The business or commercial purpose for collecting or selling your personal information
- The categories of third parties with whom we share personal information
- The specific pieces of personal information we have collected about you
- A list of categories of personal information that we have sold, along with the category of any other company we sold it to
- A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
b) Deletion Request
If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.
c) Data Sale Opt-Out
We don't sell or rent your personal information to any third parties for any purpose. You are the only owner of your Personal Data and can request disclosure or deletion at any time.
Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.
To exercise your California data protection rights described above, please send your request(s) by email to runprbot@gmail.com
Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.
Additional Information
Service Providers
We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Account Management
To delete your account and data, please contact us at runprbot@gmail.com. We will process your request in accordance with our internal procedures.
Payments
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g., Lemon Squeezy).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processor we work with is:
Lemon Squeezy
Their Privacy Policy can be viewed at: https://www.lemonsqueezy.com/privacy
External Links
Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Policy Updates
We may update this Privacy Policy periodically. Changes will be communicated via our website or email. Continued use of prbot signifies acceptance of the updated policy.
Contact Information
For questions or concerns about this Privacy Policy, reach out to us at:
Email: runprbot@gmail.com