Privacy Policy

Introduction

Welcome to Issue Pilot ("we", "us", "our", or "the Service"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Issue Pilot is a software-as-a-service (SaaS) application that integrates with Slack and GitHub to convert Slack conversations into GitHub issues using AI-powered summarization technology powered by Google's Gemini.

By using Issue Pilot, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Information You Provide Directly

When you use Issue Pilot, we collect:

• Authentication Data: OAuth tokens and credentials from Slack and GitHub when you authorize our application
• Profile Information: Your Slack user ID, username, email address, and workspace information
• GitHub Information: Your GitHub username, repository access permissions, and organization memberships
• Configuration Data: Your preferences for default repositories, notification settings, and other customization options

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Usage Data: Number of issues created, frequency of use, feature interactions, and error logs
• Technical Data: IP addresses, browser type, operating system, device information, and timestamps
• Performance Metrics: Response times, API call success rates, and system performance indicators

1.3 Payment Information

We use third-party payment processors (Dodo Payments) to handle subscription payments. We do not store your credit card numbers or banking information directly. Our payment processors collect and store payment method details, billing addresses, and transaction histories in accordance with their own privacy policies.

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

• To authenticate your access to Slack and GitHub
• To retrieve Slack thread content when you request a conversion
• To process messages through AI summarization (OpenAI)
• To create GitHub issues with summarized content
• To store your configuration preferences and settings
• To send notifications about created issues

2.2 Service Improvement

• To analyze usage patterns and improve our features
• To identify and fix technical issues
• To develop new features based on user needs
• To optimize AI summarization quality
• To enhance user experience and interface design

2.3 Communication

• To send service-related notifications and updates
• To respond to your support requests and inquiries
• To notify you of important changes to the Service
• To send billing and subscription information
• To provide product updates and feature announcements (you may opt out)

2.4 Security and Compliance

• To detect and prevent fraud or unauthorized access
• To enforce our Terms and Conditions
• To comply with legal obligations and regulatory requirements
• To protect our rights, property, and safety

2.5 Analytics and Research

• To understand how users interact with our Service
• To conduct research on AI summarization effectiveness
• To generate aggregated, anonymized statistics
• To measure the success of our features and improvements

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

3.1 Third-Party Service Providers

We share information with trusted third-party providers who assist in operating our Service:

• Slack: We access your workspace data through Slack's API as authorized by you
• GitHub: We create issues in your repositories using GitHub's API as authorized by you
• OpenAI: We send message content to OpenAI's AI service for summarization (processed in real-time, not stored by OpenAI for training purposes)
• Payment Processors: We use Dodo Payments to process subscription payments
• Cloud Infrastructure: We host our services on secure cloud platforms (Heroku)
• Analytics Services: We may use analytics tools to understand service usage patterns

All third-party providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, search warrants)
• Governmental or regulatory requests
• Enforcement of our Terms and Conditions
• Protection of our rights, property, or safety, or those of others
• Detection and prevention of fraud or security issues

3.3 Business Transfers

If Issue Pilot is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our Service before your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information for any other purpose with your explicit consent or at your direction.

4. Data Retention

4.1 Message Content

Slack message content is processed in real-time and is NOT permanently stored on our servers. When you convert a thread to an issue:

1. We retrieve the thread content from Slack
2. We summarizate it and create the GitHub issue
3. The original message content is discarded from our systems

The summarized content becomes part of your GitHub issue and is stored in your GitHub repository according to GitHub's data retention policies.

4.2 Account and Configuration Data

We retain the following data for the duration of your account:

• OAuth Tokens: Stored securely and encrypted, retained while your account is active
• User Settings: Retained to maintain your preferences and configuration
• Subscription Data: Retained for billing and tax purposes as legally required

4.3 Usage Logs and Analytics

We retain aggregated, anonymized usage statistics indefinitely for service improvement. Detailed logs containing identifiable information are retained for 90 days unless needed for security investigations or legal compliance.

4.4 Deleted Accounts

When you delete your account or uninstall the app:

• Your OAuth tokens are immediately revoked and deleted
• Your configuration data is deleted within 30 days
• Anonymized usage statistics may be retained for analytical purposes
• Billing records are retained as required by law (typically 7 years)
• GitHub issues created through Issue Pilot remain in your GitHub repositories

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Technical Safeguards

• Encryption in Transit: All data transmitted between your browser, our servers, and third-party services is encrypted using TLS/SSL (HTTPS)
• Encryption at Rest: OAuth tokens and sensitive configuration data are encrypted in our databases
• Secure Authentication: We use OAuth 2.0 for secure, token-based authentication
• Access Controls: Strict role-based access controls limit who can access your data internally
• Regular Security Audits: We conduct periodic security assessments and vulnerability scans

5.2 Organizational Safeguards

• Employee access to user data is limited to those who need it for their job functions
• All employees sign confidentiality agreements
• We maintain incident response procedures for security breaches
• Regular security training for team members

5.3 Limitations

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your Slack and GitHub accounts, as unauthorized access to those accounts could compromise your Issue Pilot data.

6. Your Privacy Rights and Choices

6.1 Access and Portability

You have the right to request access to the personal information we hold about you. You can export your configuration settings through the dashboard or contact us to request a copy of your data.

6.2 Correction

You can update your profile information and preferences directly through the Issue Pilot dashboard or by contacting [email protected].

6.3 Deletion

You can delete your account at any time by:

• Uninstalling the Issue Pilot app from your Slack workspace
• Revoking OAuth permissions in your Slack and GitHub settings
• Contacting us at [email protected] to request account deletion

Upon account deletion, we will remove your data as described in Section 4.4.

6.4 Opt-Out of Communications

You can opt out of marketing communications by:

• Clicking "unsubscribe" links in our emails
• Adjusting notification preferences in your dashboard
• Contacting us at [email protected]

Note: You cannot opt out of essential service-related communications (e.g., billing notifications, security alerts, Terms updates).

6.5 Do Not Track

We do not currently respond to "Do Not Track" browser signals, but we do not track users across third-party websites.

7. International Data Transfers

Issue Pilot is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to the United States and other countries as necessary to provide the Service.

We take appropriate measures to ensure that your personal information remains protected in accordance with this Privacy Policy, regardless of where it is processed.

8. Children's Privacy

Issue Pilot is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]. We will promptly delete such information from our systems.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

9.1 Right to Know

You have the right to request information about the categories and specific pieces of personal information we have collected, the sources from which we collected it, the purposes for which we use it, and the third parties with whom we share it.

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal compliance requirements).

9.3 Right to Opt-Out

You have the right to opt out of the "sale" of your personal information. We do not sell personal information as defined by the CCPA.

9.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

9.5 Exercising Your Rights

To exercise your CCPA rights, contact us at [email protected]. We will verify your identity and respond within 45 days.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

10.1 Legal Basis for Processing

We process your personal information based on:

• Consent: When you authorize our app to access Slack and GitHub
• Contract Performance: To provide the Service you've subscribed to
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Legal Obligations: To comply with applicable laws and regulations

10.2 Your GDPR Rights

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)

10.3 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

11. Third-Party Links and Services

Our Service integrates with and may contain links to third-party services (Slack, GitHub, Google). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies:

• Slack: slack.com/privacy-policy
• GitHub: docs.github.com/en/site-policy/privacy-policies
• Google: policies.google.com/privacy

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email (if you have provided an email address)
• Display a prominent notice in the Service
• Obtain your consent if required by applicable law

Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: