Privacy Policy

Introduction

Swiftmade OÜ ("we," "our," or "us"), registered in Estonia (registry code: 14173141, VAT ID: EE101997148) with our office at Pärnu mnt 148, 11317, Tallinn, Estonia, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GitLoom service ("Service"). We are the data controller for the personal data collected through our Service and are committed to complying with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Information We Collect

• •Personal Data: We collect personal data that you provide directly to us when you register for an account, set up your profile, connect your GitHub account, subscribe to our Service, contact our support team, or respond to surveys or communications. This may include contact information (name, email address, company name), account login credentials, profile information (job title, avatar/photo), and GitHub username and access tokens.
• •Payment and Billing Information: When you purchase our Service, we collect billing information through our payment processors. For direct purchases via Paddle, this includes payment card information (processed and stored by Paddle, not by us), billing address and contact information, transaction history, and VAT/tax identification numbers where applicable. For GitHub Marketplace purchases, we receive GitHub account information and marketplace transaction data. We do not directly store full payment card details.
• •GitHub Repository Data: When you connect your GitHub account, we collect repository metadata (names, descriptions, languages used), commit data (timestamps, messages, authors), pull request and issue data, team contribution metrics, and code change metadata. We do not access or store full copies of your source code. We process only the relevant information to generate reports and retain only the data necessary for our Service to function.
• •Repository Contributor (Author) Data: When a repository is connected to our Service, we also process limited information about other contributors to that repository, including their GitHub username, profile picture, and commit activity. This data is processed under our legitimate interest to provide the Service to the account holder. If you are a repository contributor and wish to have your data removed, please contact us at privacy@gitloom.ai.
• •Usage Data: We automatically collect certain information when you use our Service, including IP address, browser type and version, operating system, pages visited and features used, time and date of your visits, time spent on pages, unique device identifiers, and referring websites.
• •Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about your browsing activities. We use PostHog to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay. PostHog processes this data on servers located in the European Union. For detailed information, see our Cookie Policy.

How We Use Your Information

• •Providing and Maintaining the Service: Setting up and managing your account, authenticating and authorizing your access, processing GitHub data to generate reports, and delivering features and functionality.
• •Payment Processing and Billing: Processing payments through our payment service providers (Paddle, GitHub), managing subscriptions, upgrades, downgrades, and cancellations, handling billing inquiries and payment disputes, tax reporting and compliance as required by law, and fraud prevention and risk assessment.
• •Improving and Developing the Service: Understanding how users interact with our Service, identifying usage trends and areas for improvement, developing new features and functionality, and testing and debugging issues.
• •Communication: Sending you service and administrative messages, providing customer support, sending marketing and promotional communications (only with your consent), and responding to your inquiries and requests.
• •Legal Compliance and Protection: Complying with legal obligations, enforcing our Terms of Service, protecting our rights, privacy, safety, or property, and protecting against legal liability.

Legal Basis for Processing

• •Performance of a Contract: Processing necessary to provide you with the Service you have subscribed to as set out in our Terms of Service.
• •Legitimate Interests: When necessary for our legitimate interests or those of third parties, such as for improving our Service, preventing fraud, or ensuring network security, provided these interests are not overridden by your rights and freedoms.
• •Legal Obligation: Processing necessary to comply with our legal obligations, such as responding to legal requests or maintaining tax records.
• •Consent: When you have given your consent for specific purposes, such as marketing communications. You can withdraw your consent at any time.

Data Retention

• •Account Information: We retain your account information for as long as your account is active or as needed to provide you with the Service. If you close your account, we will delete or anonymize your personal data within 30 days, unless retention is necessary for legal purposes.
• •GitHub Data: Repository metadata and insights derived from your GitHub data are retained for as long as needed to provide the Service. If we come across raw source code or sensitive secrets, we redact these to the best of our abilities and avoid storing them on our platform.
• •Usage Data: We retain usage data for analytical purposes for up to 26 months.
• •Billing Information: We retain billing and payment information as required by tax and accounting laws (typically 7 years).

Data Sharing and Disclosure

We do not sell your personal data or intellectual property. We may share your information with service providers who perform services on our behalf (payment processors, cloud hosting, email services, customer support, analytics), all bound by confidentiality and data protection requirements. Your information may be transferred in connection with business transfers such as mergers or acquisitions. We may also disclose information when required by law, in response to valid requests by public authorities, or when necessary to protect our rights, enforce our Terms of Service, investigate fraud, or protect the safety of our users.

Your Data Protection Rights

• •Right to Access: You can request a copy of the personal data we hold about you.
• •Right to Rectification: You can ask us to correct inaccurate or incomplete data.
• •Right to Erasure: You can ask us to delete your personal data in certain circumstances.
• •Right to Restrict Processing: You can ask us to restrict the processing of your data in certain circumstances.
• •Right to Data Portability: You can ask us to transfer your data to another service provider in a structured, commonly used, and machine-readable format.
• •Right to Object: You can object to our processing of your personal data in certain circumstances.
• •Rights Related to Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you.
• •To exercise these rights, please contact us at privacy@gitloom.ai. We will respond to your request within 30 days.
• •Rights Regarding Payment Data: For direct purchases, contact privacy@gitloom.ai or Paddle's support. For GitHub Marketplace purchases, contact GitHub directly for marketplace purchase data, or privacy@gitloom.ai for subscription status information.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include encryption of data in transit and at rest, access controls and authentication procedures, regular security assessments and penetration testing, staff training on data security, and incident response procedures. While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure.

Children's Privacy

Our Service is not directed to children under the age of 16, and we do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by email or through the Service before the changes take effect. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: By email: privacy@gitloom.ai By mail: Swiftmade OÜ, Pärnu mnt 148, 11317, Tallinn, Estonia

Supervisory Authority

If you are located in the European Economic Area and believe we are processing your personal data in violation of the GDPR, you have the right to lodge a complaint with your local data protection authority.