Privacy Policy

Last updated: April 2025

1. Who we are

DevEcho ("we", "our", "us") provides a software service that reads GitHub commit metadata and generates plain-English summaries for non-technical stakeholders. This Privacy Policy describes how we collect, use, and protect data you provide when using DevEcho.

2. What we collect

  • Account information: name, email address, and password (hashed).
  • Organisation information: organisation name, plan, and billing details (handled by Stripe).
  • GitHub data: commit metadata (commit messages, author names, timestamps, file paths changed). We do not store raw source code.
  • Usage data: pages visited, features used, and error logs for debugging.
  • Payment data: handled entirely by Stripe. We store only a Stripe customer ID. We never see or store full card numbers.

3. How we use your data

  • To provide the DevEcho service — generating work item summaries, reports, and digest emails.
  • To communicate with you about your account, billing, and service updates.
  • To improve the product through aggregated, anonymised usage analytics.
  • To comply with legal obligations.

We do not sell your data to third parties. We do not use your data to train AI models without explicit consent.

4. Data sharing

We share data only with:

  • GitHub — to read commit metadata via the GitHub API.
  • Stripe — for payment processing.
  • Resend — for transactional email delivery.
  • Cloudflare R2 — for storing uploaded assets (logos, data exports).
  • OpenAI — commit metadata is sent to OpenAI to generate plain-English summaries. No personally identifiable information beyond developer names (from GitHub commits) is included.

5. Data retention

We retain your data for as long as your account is active. When you delete your account, your personal data is deleted within 30 days. Aggregated, anonymised analytics data may be retained indefinitely. Stripe retains billing records per their own retention policy.

6. Your rights

Under GDPR and applicable data protection law, you have the right to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Export your data (available from Account Settings)
  • Delete your account and associated data (available from Account Settings)
  • Object to or restrict certain processing

To exercise any right, email us at privacy@devecho.app.

7. Cookies

We use a single session cookie to keep you signed in. We do not use third-party advertising cookies. We use Cloudflare for infrastructure, which may set its own security cookies.

8. Security

All data is transmitted over HTTPS. Passwords are hashed using bcrypt. We conduct regular security reviews. If you discover a security vulnerability, please email security@devecho.app.

9. Changes to this policy

We may update this policy from time to time. We will notify you by email of any material changes at least 14 days before they take effect.

10. Contact

For privacy questions or requests, contact us at privacy@devecho.app.