Privacy Policy
Last updated: April 5, 2026
Data we collect
When you sign in with GitHub or GitLab, we receive and store the following information from your provider profile:
- Display name and avatar URL
- Email address (if publicly available or authorized)
- Provider username
To provide the service, we also store:
- OAuth access and refresh tokens, encrypted at rest using AES-256-GCM
- Metadata about your monitored projects (names, URLs, namespaces)
- Issue and merge request metadata (titles, states, authors, labels, review data, pipeline status)
- Sync logs (status, duration, error messages)
- Session data (JWT-based)
GitGumbo does not access, read, or store your source code or commit contents.
How we use your data
- To authenticate you and maintain your session
- To sync issues, merge requests, and pipeline data from your connected accounts
- To display your kanban boards
- To register webhooks for real-time updates from GitHub and GitLab
- To monitor sync health and diagnose errors
Legal basis for processing
We process your data on the following grounds:
- Contract performance — processing necessary to provide the service you signed up for
- Consent — you explicitly authorize access to your data via OAuth when you sign in
- Legitimate interest — service operation, security, and error monitoring
Data retention
- Account and project data — retained until you delete your account or remove a project
- Sync logs — automatically deleted after 30 days
- OAuth tokens — retained while your account exists, encrypted at rest
- Sessions — expire according to session configuration
Third parties
We share data with the following third-party services solely to provide the service:
- GitHub (github.com) — source of issues, merge requests, and webhook events
- GitLab (gitlab.com) — source of issues, merge requests, and webhook events
We do not use analytics or advertising services. We do not sell or share your data with any other third parties.
Your rights
Under the GDPR and similar data protection laws, you have the right to:
- Access your data — you can export all of your data at any time from your account settings
- Erasure — you can delete your account and all associated data from your account settings
- Data portability — your data export is provided in a machine-readable JSON format
- Rectification — profile information is sourced from your GitHub or GitLab account and can be corrected there
- Restrict processing — you can disable sync for individual projects
- Object to processing — contact us at the address below
- Lodge a complaint with your local data protection supervisory authority
Cookies
GitGumbo uses a single session cookie to keep you signed in. We do not use tracking cookies, analytics cookies, or any third-party cookies.
Data security
All OAuth tokens are encrypted at rest using AES-256-GCM. All traffic is served over HTTPS. We do not access or store your source code. Access to your data is restricted to your authenticated session.
Children
GitGumbo is not directed at children under the age of 16. We do not knowingly collect personal data from children.
Changes to this policy
We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated date. Continued use of GitGumbo after changes are posted constitutes acceptance of the revised policy.
Contact
If you have any questions about this policy or wish to exercise your data rights, please reach out at [email protected].