We use third-party cookies in order to personalize your site experience. See our Privacy Policy.

GitLoom logo GitLoom

Privacy Policy

Last Updated: April 18, 2025

Introduction

Swiftmade OÜ ("we," "our," or "us"), registered in Estonia (registry code: 14173141, VAT ID: EE101997148) with our office at Pärnu mnt 148, 11317, Tallinn, Estonia, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GitLoom service ("Service").

We are the data controller for the personal data collected through our Service and are committed to complying with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Information We Collect

Personal Data

We collect personal data that you provide directly to us when you:

  • Register for an account

  • Set up your profile

  • Connect your GitHub account

  • Subscribe to our Service

  • Contact our support team

  • Respond to surveys or communications

This may include:

  • Contact information (name, email address, company name)

  • Account login credentials

  • Billing information (payment card details, billing address)

  • Profile information (job title, avatar/photo)

  • GitHub username and access tokens

GitHub Repository Data

When you connect your GitHub account, we collect:

  • Repository metadata (names, descriptions, languages used)

  • Commit data (timestamps, messages, authors)

  • Pull request and issue data

  • Team contribution metrics

  • Code change metadata

Please note that we do not access or store full copies of your source code. We process only the relevant information to generate reports and then retain only the data necessary for our Service to function.

Usage Data

We automatically collect certain information when you use our Service:

  • IP address

  • Browser type and version

  • Operating system

  • Pages visited and features used

  • Time and date of your visits

  • Time spent on pages

  • Unique device identifiers

  • Referring websites

Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to distinguish you from other users of our Service. This helps us provide you with a good experience, improve our Service, and personalize content.

For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy.

How We Use Your Information

We use your personal data for these purposes:

Providing and Maintaining the Service

  • Setting up and managing your account

  • Authenticating and authorizing your access

  • Processing GitHub data to generate reports

  • Delivering features and functionality

  • Processing payments and subscriptions

Improving and Developing the Service

  • Understanding how users interact with our Service

  • Identifying usage trends and areas for improvement

  • Developing new features and functionality

  • Testing and debugging issues

Communication

  • Sending you service and administrative messages

  • Providing customer support

  • Sending marketing and promotional communications (only with your consent)

  • Responding to your inquiries and requests

Legal Compliance and Protection

  • Complying with legal obligations

  • Enforcing our Terms of Service

  • Protecting our rights, privacy, safety, or property

  • Protecting against legal liability

Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Performance of a Contract: Processing necessary to provide you with the Service you have subscribed to as set out in our Terms of Service.

  • Legitimate Interests: When necessary for our legitimate interests or those of third parties, such as for improving our Service, preventing fraud, or ensuring network security, provided these interests are not overridden by your rights and freedoms.

  • Legal Obligation: Processing necessary to comply with our legal obligations, such as responding to legal requests or maintaining tax records.

  • Consent: When you have given your consent for specific purposes, such as marketing communications. You can withdraw your consent at any time.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

  • Account Information: We retain your account information for as long as your account is active or as needed to provide you with the Service. If you close your account, we will delete or anonymize your personal data within 30 days, unless retention is necessary for legal purposes.

  • GitHub Data: Repository metadata and insights derived from your GitHub data are retained for as long as needed to provide the Service. If we come across raw source code or sensitive secrets, we redact these to the best of our abilities and avoid storing them on our platform.

  • Usage Data: We retain usage data for analytical purposes for up to 26 months.

  • Billing Information: We retain billing and payment information as required by tax and accounting laws (typically 7 years).

Data Sharing and Disclosure

We do not sell your personal data or intellectual property. We may share your information in the following circumstances:

Service Providers

We share information with third-party vendors and service providers who perform services on our behalf, such as:

  • Cloud hosting and infrastructure providers

  • Payment processors

  • Email service providers

  • Customer support services

  • Analytics services

All service providers are contractually obligated to use your personal data only as necessary to provide their services and are bound by confidentiality and data protection requirements.

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or the use of your personal data.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

Protection of Rights

We may disclose your information when we believe in good faith that disclosure is necessary to protect our rights, enforce our Terms of Service, investigate fraud, or protect the safety of our users or others.

Your Data Protection Rights

Under the GDPR and other applicable data protection laws, you have certain rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.

  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.

  • Right to Erasure: You can ask us to delete your personal data in certain circumstances.

  • Right to Restrict Processing: You can ask us to restrict the processing of your data in certain circumstances.

  • Right to Data Portability: You can ask us to transfer your data to another service provider in a structured, commonly used, and machine-readable format.

  • Right to Object: You can object to our processing of your personal data in certain circumstances.

  • Rights Related to Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you.

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may ask you to verify your identity before responding to your request.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit and at rest

  • Access controls and authentication procedures

  • Regular security assessments and penetration testing

  • Staff training on data security

  • Incident response procedures

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Children's Privacy

Our Service is not directed to children under the age of 16, and we do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by email or through the Service before the changes take effect. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • By email: [email protected]

  • By mail: Swiftmade OÜ, Pärnu mnt 148, 11317, Tallinn, Estonia

Supervisory Authority

If you are located in the European Economic Area and believe we are processing your personal data in violation of the GDPR, you have the right to lodge a complaint with your local data protection authority.

Last Updated: April 18, 2025