Privacy Policy

Last updated: March 2026

1. What We Collect

When you sign in with GitHub we receive your GitHub username, email address, and avatar. We store a session token in a cookie to keep you logged in. We also store the GitHub OAuth token used to clone your private repositories; it is encrypted at rest using AES-256-GCM.

If you subscribe to a paid plan, Stripe processes your payment information. We store only the Stripe customer ID and subscription ID — no card numbers touch our servers.

2. How We Use It

Authenticate you and maintain your session
Clone your GitHub repositories to build and deploy your apps
Send transactional emails (e.g. billing receipts via Stripe)
Provide support if you contact us

We do not sell your data. We do not use your data for advertising.

3. Data Storage

Your data is stored on servers located in the European Union (Hetzner, Germany). Encrypted backups are retained for up to 7 days.

4. Third-Party Services

GitHub — authentication and repository access. Governed by GitHub's Privacy Statement.
Stripe — payment processing. Governed by Stripe's Privacy Policy.

5. Cookies

We use a single HTTP-only session cookie to authenticate you. No tracking or analytics cookies are set.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing us. Account deletion removes all associated data within 30 days.

7. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice in the dashboard.

8. Contact

Privacy questions or data requests: hello@nibulo.com.