Privacy Policy

FeedLog is a software service that helps software developers and teams automatically generate changelog entries from GitHub issues using AI. The data controller for personal data processed through the FeedLog website and service is FeedLog.

If you have questions about how we handle your data, contact us at privacy@feedlog.dev.

We collect the following categories of personal data:

Account and profile data

When you sign in with GitHub, we receive from GitHub and store: your GitHub username, display name, primary email address, and profile avatar URL. This data is necessary to create and maintain your FeedLog account.

GitHub integration data

When you install the FeedLog GitHub App on your repositories, we receive and store GitHub installation identifiers, repository identifiers, and repository metadata (names, descriptions) for the repositories you choose to connect. We process GitHub issue and pull request content from those repositories in order to generate changelog entries.

Configuration and preferences

We store the configuration you provide through the FeedLog dashboard: custom AI instructions, API key names and settings, allowed domain lists for embedded widgets, and auto-publish preferences.

Waiting list email

If you join our waiting list, we store the email address you provide. We use this solely to notify you when access is available and to send related service updates. You can request removal at any time via the unsubscribe link in our emails or by contacting us.

Usage analytics

With your consent, we use PostHog to collect anonymised analytics about how you interact with the FeedLog website and dashboard. This includes pages visited, features used, and interaction events. PostHog may collect your IP address, browser type, operating system, and referrer URL. This data is used only to improve the product. Analytics cookies are only set after you accept them in the cookie consent banner.

Technical data

Our hosting infrastructure (Cloudflare) automatically collects standard web server logs including IP addresses, request timestamps, and HTTP status codes. This data is used for security monitoring and abuse prevention and is not linked to individual user accounts beyond what is technically necessary.

We use your personal data for the following purposes:

• Providing the service: Processing GitHub issues through AI to generate changelog entries; maintaining your account, installations, and configurations. Legal basis: performance of a contract.
• Authentication: Identifying you via GitHub OAuth and maintaining your login session. Legal basis: performance of a contract.
• Communications: Sending transactional emails such as waiting list notifications and important service announcements. Legal basis: legitimate interests (service operation) or consent where required.
• Product analytics: Understanding usage patterns to improve the product. Legal basis: consent (you must opt in via the cookie banner).
• Security and fraud prevention: Detecting and preventing abuse, unauthorised access, and security incidents. Legal basis: legitimate interests.
• Legal compliance: Meeting our legal obligations. Legal basis: legal obligation.

We use the following categories of cookies and browser storage:

Strictly necessary cookies (always active)

• Session cookie — Set by our backend API ( api.feedlog.dev) to authenticate your logged-in session. Required for the dashboard to function.
• Theme preference — A theme cookie that stores your light/dark mode preference. Purely functional; contains no personal data.
• Cookie consent preference — Stored in localStorage under the key feedlog_cookie_consent to remember your choice about analytics cookies.

Analytics cookies (require consent)

• PostHog cookies (ph_*) — Set by PostHog to identify unique visitors and sessions for product analytics. These are only set if you click “Accept analytics” in our cookie consent banner. You can withdraw consent at any time by clicking “Reject analytics” in the banner (clear your browser’s local storage for feedlog_cookie_consent to see the banner again).

You can also control or delete cookies through your browser settings. Note that blocking strictly necessary cookies may prevent the service from functioning correctly.

We share data with the following third-party services where necessary to provide the FeedLog service:

• GitHub (Microsoft) — Authentication and GitHub App integration. We access only the GitHub data you explicitly authorise when installing the app. GitHub’s privacy policy: github.com.
• Google Gemini (Google LLC) — AI model used to generate changelog entries from your GitHub issue content. Issue content is sent to Gemini API for processing. Google’s privacy policy: policies.google.com.
• PostHog — Product analytics (with your consent). PostHog’s privacy policy: posthog.com/privacy.
• Sentry (Functional Software, Inc.) — Error monitoring and performance tracking to identify and fix technical issues. Sentry’s privacy policy: sentry.io/privacy.
• Cloudflare, Inc. — Hosting, CDN, and edge computing infrastructure. Cloudflare may process request data including IP addresses for routing and security. Cloudflare’s privacy policy: cloudflare.com.
• Google Fonts (Google LLC) — Fonts loaded from Google’s CDN. Your browser sends a request to Google’s servers to load fonts; this may include your IP address. Google’s privacy policy: policies.google.com.

We do not sell your personal data to any third party.

We retain personal data for as long as necessary to:

• Provide you with the FeedLog service (account data is retained while your account is active).
• Comply with our legal obligations, resolve disputes, and enforce agreements.

If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

Waiting list email addresses are deleted promptly once you unsubscribe or your access is granted and you create an account.

Analytics data collected through PostHog is retained according to PostHog’s own retention policies, which you can review at posthog.com/privacy.

FeedLog operates globally. Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our third-party service providers are located. Where we transfer data from the European Economic Area (EEA) or UK to third countries, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions as required by applicable law.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure (“right to be forgotten”): Request deletion of your personal data where we no longer have a lawful basis to retain it.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Request a machine-readable copy of the data you provided to us.
• Objection: Object to processing based on our legitimate interests.
• Withdraw consent: Where processing is based on consent (e.g. analytics cookies), you can withdraw consent at any time without affecting the lawfulness of prior processing. To withdraw analytics consent, clear your feedlog_cookie_consent localStorage entry to see the consent banner again.

To exercise any of these rights, contact us at privacy@feedlog.dev. We will respond within 30 days. If you are in the EU/EEA or UK and believe we have not handled your request appropriately, you have the right to lodge a complaint with your local data protection authority.

FeedLog is not directed at children under the age of 16, and we do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at privacy@feedlog.dev and we will delete it promptly.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include using HTTPS for all data in transit, strict access controls on our backend systems, and deploying on Cloudflare’s security-hardened infrastructure. No method of electronic storage or transmission is 100% secure; while we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically. Continued use of FeedLog after a change is posted constitutes acceptance of the updated policy. For significant changes affecting your rights, we will provide additional notice, such as a banner on the website or an email to registered users.

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

• Email: privacy@feedlog.dev
• Website: feedlog.dev