Privacy Policy

Last updated: April 2026

DeployLog ("we," "us," "our") operates the deploylog.dev website and the DeployLog platform, including the embeddable widget, CLI tool, GitHub Action, and API (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

1. Information We Collect

Account Information

When you create a DeployLog account, we collect your name, email address, and profile information provided through GitHub OAuth. If you subscribe to a paid plan, our payment processor (Stripe) collects your billing information. We do not store credit card numbers on our servers.

Project and Content Data

We store the changelog entries, project metadata, and configuration settings you create through the Service. This is the core data you are using DeployLog to manage.

Subscriber Data

When visitors subscribe to a project's changelog via the email subscription form on the widget or hosted changelog page, we collect their email address. Email addresses are stored in our database and are used solely to deliver changelog email digests for the specific project they subscribed to.

Usage and Analytics Data

We collect anonymized usage data to understand how the Service is used and to improve it. This includes changelog entry view counts (aggregated by source: widget, page, email, API), page views on hosted changelog pages, and feature usage patterns within the dashboard. We do not use third-party advertising trackers. We use PostHog for product analytics and Sentry for error monitoring.

Widget Data

The DeployLog widget uses localStorage in the visitor's browser to track which changelog entries have been viewed (for the unread badge feature). No cookies are set by the widget. No personally identifiable information is collected by the widget unless a visitor voluntarily enters their email address in the subscription form.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve the Service; deliver email digests to subscribers who have opted in; process payments through Stripe; send transactional emails related to your account (password resets, billing receipts, subscription confirmations); respond to support requests; and detect and prevent abuse or fraud.

We do not sell, rent, or trade your personal information or your users' data to third parties. We do not use your data to train AI models. We do not display advertising.

3. Data Sharing

We share data with third-party service providers only as necessary to operate the Service:

• Supabase — database hosting and authentication (EU-Frankfurt region)
• Vercel — web application hosting
• Stripe — payment processing
• Resend — transactional and digest email delivery
• Sentry — error monitoring (no personal user data is sent)
• PostHog — product analytics (anonymized)
• Cloudflare — CDN and DNS
• Anthropic — AI summarization of changelog entries (only when explicitly triggered by you; no personal data is sent, only commit messages and release notes)

We may also disclose information if required by law or to protect our rights.

4. Data Retention

We retain different categories of data for different periods:

• Subscriber emails — deleted immediately upon unsubscribe. No retention period.
• Changelog entry view analytics — retained for 12 months from the date of collection, then automatically purged.
• Account data (projects, entries, subscriber lists, settings) — retained for the duration of the active account. Permanently deleted within 30 days of account deletion.
• Stripe billing records — retained as required by applicable tax and financial reporting laws (typically 7 years), managed by Stripe.
• Error logs (Sentry) — retained for 90 days per Sentry's default retention policy.

Subscribers can unsubscribe at any time using the unsubscribe link in every email, which immediately removes them from future digests.

5. Data Security

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Our database uses Row-Level Security to ensure strict tenant isolation. We do not store payment card data — all payment processing is handled by Stripe, which is PCI DSS Level 1 certified.

6. Your Rights

You have the right to access, update, or delete your personal information at any time through your dashboard settings. If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

For GDPR purposes, our primary database is hosted in the EU (Frankfurt, Germany) via Supabase.

For GDPR purposes, our lawful basis for processing subscriber email addresses is legitimate interest (delivering the changelog digest the subscriber explicitly requested).

To exercise any of these rights or to request data deletion, contact us at hello@deploylog.dev.

7. International Data Transfers

Our Service is operated from servers in the European Union (database) and globally distributed edge networks (Vercel, Cloudflare). If you access the Service from outside the EU, your data may be transferred to and processed in the EU and other jurisdictions where our service providers operate.

8. Children

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service. Your continued use of the Service after the effective date of the revised policy constitutes acceptance of the changes.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: hello@deploylog.dev Website: https://deploylog.dev