Privacy Policy

1. Introduction

Taktibt ("we," "our," or "us") operates a documentation automation service that helps teams keep their project documentation up-to-date using AI. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.

2. Information We Collect

2.1 Account Information

When you create an account through GitHub OAuth, we collect:

• GitHub username and user ID
• Email address
• Display name
• GitHub access tokens (to access your repositories)
• GitHub App installation IDs

2.2 Project and Repository Data

To provide our documentation automation service, we collect and process:

• Repository content (documentation files, issue content, pull request data)
• GitHub webhook data (issues, pull requests, comments)
• Project configuration settings you provide
• Custom instructions and settings for AI processing

2.3 Usage and Analytics Data

We collect information about how you use our service:

• API usage statistics (execution counts, search queries)
• Error logs and debugging information
• Billing and subscription information (processed through Stripe)
• Email interaction data (opens, clicks for service emails)

2.4 Technical Information

We automatically collect certain technical information:

• IP addresses (for rate limiting and security)
• Browser and device information
• Session data
• Application logs for debugging purposes

3. How We Use Your Information

3.1 Service Provision

We use your information to:

• Process GitHub issues and pull requests to update documentation
• Generate AI-powered documentation updates using OpenAI and Anthropic APIs
• Create and manage documentation embeddings for search functionality
• Monitor service usage and enforce subscription limits
• Provide customer support

3.2 Communication

We use your email address to send:

• Welcome emails and service onboarding
• Usage quota warnings and limit notifications
• Billing and subscription updates
• Service announcements and security notifications
• Trial and subscription expiration reminders

3.3 Service Improvement

We analyze usage patterns and errors to improve our service quality and performance.

4. Information Sharing and Disclosure

4.1 Third-Party Services

We share your information with essential service providers:

• OpenAI and Anthropic: Repository content and issues are processed by AI models to generate documentation updates
• GitHub: We access your repositories and receive webhook data through GitHub Apps integration
• Stripe: Payment processing and subscription management
• AWS: Email delivery through Amazon SES
• Cloud hosting providers: For service infrastructure

Third-party privacy policies: When you interact with these external services, their respective privacy policies also apply. We encourage you to review the privacy policies of OpenAI, Anthropic, GitHub, Stripe, and AWS.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights and safety.

4.3 Business Transfers

If we're acquired or merged, your information may be transferred to the new entity.

5. Data Security

We implement appropriate security measures including:

• Encryption in transit and at rest
• Access controls and authentication
• Regular security audits
• Rate limiting to prevent abuse
• Secure webhook signature verification

6. Data Retention and Account Deletion

We retain your information as follows:

• Account data: Until you delete your account
• Documentation and repository data: Until you delete your account or remove specific projects
• Project configurations: Until you remove projects or delete your account
• Usage statistics (anonymized): Retained permanently for analytics and service improvement purposes
• Billing data: Retained as required by tax and accounting regulations (typically 7 years)
• System logs: Automatically purged after 90 days

6.1 Account Deletion

You can delete your account at any time through your profile settings. When you delete your account:

• Immediately deleted: Your personal data (name, email, password), organization data, project data, documentation files, repository connections, and subscription information
• Preserved anonymously: Usage statistics are retained without personal identifiers for analytics and service improvement purposes
• Cannot be restored: Account deletion is permanent and irreversible - we cannot restore deleted accounts or data

Data Backup Disclaimer: We do not maintain backups of deleted user accounts and cannot restore deleted data under any circumstances.

7. Your Rights and Choices

7.1 Account Management

You can:

• Update your account information through the dashboard
• Remove repository connections and projects
• Configure notification preferences
• Cancel your subscription at any time

7.2 Data Access and Deletion

You have the following rights regarding your data:

• Right to Access: Request access to your personal data
• Right to Rectification: Correct inaccurate information through your account settings
• Right to Deletion (Right to be Forgotten): Delete your account and associated data through your profile settings
• Complete Data Removal: Request deletion of anonymized usage statistics by contacting our support team

7.3 GDPR and CCPA Rights

If you are located in the EU or California, you have additional rights under GDPR and CCPA respectively. The account deletion feature serves as our primary implementation of the "Right to be Forgotten" for most use cases. For additional data requests beyond standard account deletion, please contact us through your account dashboard.

8. Cookies and Tracking

We use essential cookies only:

• Session cookies: For authentication and maintaining your login state
• CSRF tokens: For security and preventing cross-site request forgery
• Remember me tokens: If you choose to stay logged in (optional)
• Preference cookies: For remembering your dashboard settings

We do not use advertising cookies, tracking pixels, or third-party analytics. All cookies are essential for service functionality.

9. International Transfers

Your data may be processed by third-party services (OpenAI, Anthropic, AWS, Stripe) located in various jurisdictions including the United States. We ensure appropriate safeguards are in place for international data transfers.

We are planning to incorporate in the United States, at which point this privacy policy will be updated to reflect any additional compliance requirements.

10. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

11. Data Security Incidents

In the unlikely event of a data security incident that affects your personal information, we will:

• Investigate and contain the incident promptly
• Notify affected users via email within 72 hours when feasible
• Provide clear information about what data was involved and steps we're taking
• Comply with applicable data breach notification laws

12. Changes to This Policy

We may update this Privacy Policy periodically. We'll notify you of significant changes via email or through our service. Your continued use of Taktibt constitutes acceptance of the updated policy.

13. Contact Information