Privacy Policy

Last Updated: April 15, 2025

This Privacy Policy explains how RepoBird ("we," "our," or "us") collects, uses, and shares information about you when you use our websites, services, and applications (collectively, the "Services").

1. Information We Collect

Information You Provide

• Account information (name, email, password)
• Payment information
• Communications with us
• Information you input into our Services

Information We Collect Automatically

• Usage data (features used, interactions with Services)
• Device information (browser type, IP address)
• Cookies and similar technologies

Information from Third-Party Logins

If you choose to register or log in using a third-party service (like Google or GitHub via our authentication provider), we may receive basic profile information such as your name, email address, and unique user identifier from that service. We use this information solely to create and manage your account. We do not control, and are not responsible for, the privacy practices of these third-party services.

Sensitive Information

We do not intentionally collect or process sensitive personal information (e.g., data revealing racial or ethnic origin, political opinions, religious beliefs, health data, etc.).

2. How We Use Your Data

We collect and process your personal data for the following purposes:

• Service Provision: To provide our services to you, including processing your identity, contact details, inputs, outputs, and payment information.
• Service Improvement: To maintain and improve our services, including:
  • Research and development of new features
  • Analysis of service usage and performance
  • Technical support and customer service
  • Security and fraud prevention
• Communications: To communicate with you about our services, updates, and relevant offers.
• Legal Compliance: To comply with applicable laws and regulations, and to protect our legal rights.
• Process your transactions (via payment processors)
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and provide customer service
• Develop new products, services, and features
• Monitor and analyze trends, usage, and activities in connection with our Services
• Protect against malicious, deceptive, fraudulent, or illegal activity

3. AI Models and Data Processing

Our Services use artificial intelligence models to generate task breakdowns and project planning assistance. When you use our Services:

• Your inputs are processed by our AI models to generate responses
• We may use your interactions to improve our AI models and Services
• Users should not include sensitive or confidential information in prompts as they are processed by third-party AI models

4. How We Disclose Personal Data

RepoBird will only disclose personal data in specific circumstances and with appropriate safeguards:

Business Operations

• Service providers who assist in providing our Services (such as hosting providers, payment processors)
• Professional advisors (lawyers, accountants) when necessary for our operations

Other Circumstances

• As part of a significant corporate transaction (merger, acquisition, or bankruptcy)
• To comply with legal obligations or respond to lawful requests from authorities
• To protect our rights, privacy, safety, or property
• With your explicit consent

Third-Party Services and Integrations

• We only share data with third-party services when you explicitly choose to use our integrations with them
• When using integrated services, you will be informed about what data is shared
• Third-party services have their own privacy policies, and we recommend reviewing them

5. Data Security

We implement appropriate technical and organizational measures to protect your information. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%.

6. Your Rights and Choices

Depending on your location and subject to applicable law, you may have certain rights regarding your personal data, as described below. We make efforts to respond to such requests, though these rights may be limited by applicable laws and technical constraints.

RepoBird will not discriminate against you for exercising any of these rights. To exercise your rights, you or an authorized agent may submit a request through our website's contact form. After we receive your request, we may verify it by requesting information sufficient to confirm your identity.

7. Data Retention, Data Lifecycle, and Security Controls

RepoBird retains your personal data for as long as reasonably necessary for the purposes and criteria outlined in this Privacy Policy and explained further in our support center.

When the personal data collected is no longer required by us, we and our service providers will perform the necessary procedures for destroying, deleting, erasing, or converting it into an anonymous form as permitted or required under applicable laws.

Aggregated or De-Identified Information

We may process personal data in an aggregated or de-identified form to analyze the effectiveness of our Services, conduct research, study user behavior, and train our AI models as permitted under applicable laws. For instance:

• When you submit Feedback and provide us permission, we disassociate Inputs and Outputs from your user ID to use them for training and improving our models.
• If our systems flag Inputs or Outputs for potentially violating our Usage Policy, we disassociate the content from your user ID to train our trust and safety classification models and internal generative models. However, we may re-identify the materials to enforce our Usage Policy with the responsible user if necessary.
• To improve user experience, we may analyze and aggregate general user behavior and usage data. This information does not identify individual users.

Security controls relating to our processing of personal data

All personal data we process is protected with industry-standard security controls such as internal access controls and encryption in transit and at rest.

8. Children

Our Services are not directed towards, and we do not knowingly collect, use, disclose, sell, or share any information about, children under the age of 18. If you become aware that a child under the age of 18 has provided any personal data to us while using our Services, we will investigate the matter and, if appropriate, delete the personal data.

9. Supplemental Disclosures for Residents of California

This section provides additional details required under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information, as defined by the CCPA:

• Identifiers: Such as name, email address, unique personal identifiers (like user ID, GitHub user ID), IP address.
• Personal Information Categories Listed in the California Customer Records Statute: Such as name, contact information (email), and records related to purchases or subscriptions (e.g., Stripe customer ID, subscription status). Note: Full payment card details are processed directly by our payment processor (Stripe) and are not stored by us, though we do store webhook events from Stripe for billing and subscription management.
• Internet or Other Similar Network Activity: Basic usage data and log information collected automatically as described in Section 1.

We collect this information for the business purposes described in Section 2 ("How We Use Your Data").

Disclosure and Sale/Sharing of Personal Information

We disclose personal information to service providers for business purposes as described in Section 4 ("How We Disclose Personal Data"). We do not "sell" or "share" your personal information as those terms are defined under the CCPA/CPRA. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.

Your California Privacy Rights

Subject to certain limitations, California residents have the right to:

• Know/Access: Request to know the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes for collection, and the categories of third parties to whom we have disclosed information.
• Delete: Request deletion of your personal information.
• Correct: Request correction of inaccurate personal information.
• Non-Discrimination: Not be discriminated against for exercising your CCPA rights.

To exercise these rights, please contact us using the information in Section 15 ("Contact Us"). We will need to verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf, subject to verification of the agent's authority.

Shine the Light

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. As stated elsewhere in this policy, we do not disclose personal information to third parties for their direct marketing purposes. However, if you are a California resident and believe this applies to you or wish to make such a request, please submit your request in writing to us using the contact information provided in Section 15 ("Contact Us").

10. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

11. International Data Transfers

We may transfer your information to countries other than where you live. We implement appropriate safeguards for such transfers.

12. Supplemental Disclosures for Residents of Canada

These supplemental disclosures contain additional information relevant to residents of Canada. This content should be read in conjunction with the rest of our Privacy Policy. In case of conflict between our Privacy Policy and these supplemental disclosures, the supplemental disclosures shall prevail in relation to residents of Canada.

Consent

By expressly consenting to this Privacy Policy, you confirm you have read, understand, and consent to the collection, use, processing, and disclosure of your personal data in accordance with this Privacy Policy and understand that, in jurisdictions where it is available, RepoBird also relies on other lawful bases for the foregoing as more fully set out in this policy. We will only collect, use and disclose your personal data with your consent, unless otherwise permitted or required by law. Your consent may be given expressly or implied, depending on the circumstances and the sensitivity of the information involved. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.

Cross-jurisdictional Transfers

By providing us with personal data, you acknowledge and agree that your personal data may be transferred or disclosed to other jurisdictions for processing and storage outside of Canada, including to the United States and the countries listed on our Subprocessor List, where laws regarding the protection of personal data may be less stringent than the laws in your jurisdiction. Furthermore, we may disclose your personal data in these jurisdictions in response to legal processes or where we believe in good faith that disclosure is required or permitted by law.

Contact

If you have any questions or comments about our processing of your personal data, or to exercise your rights as outlined in Section 6. ("Your Rights and Choices"), please contact us through our website's contact form.

13. Supplemental Disclosures for Residents of Brazil

These supplemental disclosures contain additional information relevant to residents of Brazil. This content should be read in conjunction with the rest of our Privacy Policy. In case of conflict between our Privacy Policy and these supplemental disclosures, the supplemental disclosures shall prevail in relation to residents of Brazil.

Legal Bases

Depending on the specific purpose of the processing, we may rely on different grounds than those listed under Section 2 ("How We Use Your Data"), where permitted by and in accordance with the Brazilian General Data Protection Law (LGPD). For example, we may rely on the "exercise of legal rights" basis to process personal data associated with customer complaints and to enforce our Terms of Service and similar terms and agreements, including our Usage Policy.

Data Subject's Rights

LGPD grants certain rights regarding your personal data, which differ from the ones listed under Section 6 ("Your Rights and Choices"). We will respond to your requests to exercise your rights below in accordance with applicable law:

• Confirmation of whether your data is being processed. You have the right to receive a confirmation on whether RepoBird processes your data.
• Access to your data. You have the right to know what personal data RepoBird processes about you.
• Correction of incomplete, inaccurate or outdated data. You have the right to request the correction of your data that is incomplete, inaccurate, or outdated.
• Anonymization, blocking or erasure of data. You have the right to request the anonymisation, blocking or erasure of data that is unnecessary, excessive or processed in non-compliance with the provisions of the law.
• Portability of personal data to a third party. You have the right to request portability of your data to a third-party, as long as this does not infringe on our trade secrets.
• Information of public and private entities with which we shared data. You have the right to request information of public and private entities with which we have shared your data.
• Information about the possibility to refuse to provide consent and the respective consequences, when applicable.
• Withdrawal of your consent. You have the right to withdraw your consent. This procedure will be carried out free of charge.
• Request a review of decisions made solely based on automated processing of personal data.

Please keep in mind that these rights are not absolute and may not apply in certain circumstances. For example, in certain cases we may continue to process and retain data regardless of your request for deletion, objection, blocking or anonymisation, in order to comply with legal, contractual and regulatory obligations, safeguard and exercise rights, including in judicial, administrative and arbitration proceedings and in other cases provided for by law.

International Data Transfers

You acknowledge that RepoBird is a company based in and headquartered in the United States and that any information we hold about you will be transferred to, used, processed, and stored in the United States and other countries and territories, which may not have data privacy or data protection laws equivalent to the laws in your country or territory. For the proper operation of the Services, RepoBird needs to carry out international transfers of personal data. Until the Brazilian Standard Contractual Clauses, to be issued by the Brazilian Data Protection Authority (ANPD), come into effect, RepoBird will rely on the transfer mechanisms prescribed by Article 33, IX of the LGPD. The "competent supervisory authority" for these transfers, as governed by Brazilian Data Protection Laws, is the ANPD.

14. Changes to This Policy

We may update this policy periodically. We will notify you of material changes by posting the updated policy and updating the "Last Updated" date.

15. Contact Us

If you have questions about this policy, our privacy practices, or wish to exercise your privacy rights, please contact us.