Privacy Policy

Last updated: March 28, 2026

1. Who We Are

WhatShipped is an AI-powered release notes generator operated at whatshipped.dev. If you have any questions about this Privacy Policy or how we handle your data, please contact us at support@whatshipped.dev.

2. Data We Collect

We collect the following categories of personal data:

  • Account information — your email address and name, provided at registration or via OAuth.
  • OAuth tokens — access tokens from GitHub, GitLab, Bitbucket, or Google, stored in encrypted form using AES-256-GCM encryption.
  • Usage data — page views and feature interactions collected via Google Analytics (only with your consent).
  • Repository metadata — commit messages, branch names, and tag names from repositories you connect. We do not store your source code.
  • Payment data — billing is processed by Stripe. We do not store payment card details.

3. How We Use Your Data

  • To authenticate you and maintain your session.
  • To connect to your git repositories and fetch commit data for release note generation.
  • To process commit data through AI language models (Anthropic Claude or OpenAI) to generate release notes. Commit data sent to LLM providers is subject to their respective privacy policies.
  • To send transactional emails (email verification, password reset).
  • To process payments and manage your credit balance via Stripe.
  • To improve the service, understand usage patterns, and diagnose issues — using anonymised analytics data only when you have consented.

4. Data Retention

  • Account data (email, name, preferences) is kept until you delete your account via Settings → Danger Zone.
  • OAuth tokens are deleted immediately when you disconnect a provider or delete your account.
  • Generated release notes are retained until you delete them or delete your account.
  • Credit transaction records may be retained for up to 7 years for accounting and legal compliance purposes, even after account deletion.

5. Third-Party Services

We use the following third-party services, each with their own privacy policies:

  • GitHub, GitLab, Bitbucket — OAuth authentication and repository data access.
  • Google — OAuth authentication.
  • Anthropic / OpenAI — LLM processing of commit data to generate release notes.
  • Stripe — payment processing and billing.
  • Google Analytics — website usage analytics (requires your consent; see our Cookie Policy).

6. Your Rights

Under GDPR (if you are located in the EEA or UK) and CCPA (if you are a California resident), you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — update your name and email via Settings.
  • Right to erasure — delete your account and all associated data via Settings → Danger Zone. Account deletion is permanent and irreversible.
  • Right to withdraw consent — you may withdraw analytics consent at any time via the cookie banner.
  • Right to lodge a complaint — with your local data protection authority.

To exercise your rights, contact us at support@whatshipped.dev.

7. Cookies

We use cookies for authentication and, with your consent, for analytics. For full details see our Cookie Policy.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the application. Continued use of WhatShipped after changes are posted constitutes your acceptance of the updated policy.

9. Contact

For any privacy-related questions or requests, please email support@whatshipped.dev.