Skip to content
  • Docs
  • Pricing
  • FAQ
Run Free Audit Log In

Privacy Policy

Effective date: 2026-07-13 · Version privacy-2026-07-13-r2

Data Demon Systems Limited ("Data Demon", "we", "us") operates repod, a GitHub access-operations service for engineering teams. Data Demon Systems Limited is registered in England and Wales with company number 16158110. This Privacy Policy explains what information repod processes, why we process it, how we protect it, and how to contact us.

repod is designed to work with GitHub organization metadata and access-control state. In normal operation, repod does not clone repositories, retrieve repository contents, analyse source files, or process commit diffs, issue bodies, pull-request bodies, Actions logs, or build artifacts.

1. Roles And Scope

For account registration, authentication, billing, support, website, analytics, marketing, security, and service-operation data, Data Demon acts as controller. For GitHub organization metadata and access-control data connected by a customer, the customer acts as controller and Data Demon acts as processor under the Data Processing Addendum. The customer is responsible for having authority to connect that GitHub organization and for deciding which users may access the account in repod.

2. Information We Collect

  • Account data: email address, name fields if provided, password hash, account membership, role, plan, subscription state, and account settings.
  • GitHub metadata: GitHub organization login, repository names and metadata, repository visibility and archived state, teams, team descriptions, team membership, organization members, repository-team permissions, direct collaborator access, base repository permission, and sync status.
  • Access operations data: audit entries, change previews, change plans, job status, import/export metadata, and records of applied permission changes.
  • Credential data: GitHub personal access tokens submitted by authorized users, GitHub App configuration data, encrypted GitHub App private keys, and installation metadata. For PAT auth, repod only accepts fine-grained GitHub PATs for new connections and rotations. PATs and GitHub App private keys are encrypted at rest and are not intentionally written to plaintext application logs. Core repod workflows do not require Repository Contents permission or Organization Members write. If a customer grants broader GitHub permissions than repod needs, repod does not use those credentials to retrieve source-code contents in normal operation.
  • Billing data: Stripe customer and subscription identifiers, plan status, and checkout events. Payment card details are handled by Stripe rather than stored directly by repod.
  • Support and sales data: contact form submissions, email correspondence, and information you provide when asking for help or vendor review.
  • Technical data: session cookies, CSRF tokens, IP-derived request metadata, browser/user-agent details, security logs, error traces, performance metrics, and service-health telemetry.

3. Sources Of Information

We collect information directly from users, from GitHub APIs when an authorized user connects an organization, from Stripe for billing status, and from operational systems that run and secure the service.

We ask customers not to paste source code, secrets, special-category data, or unrelated personal data into support messages, import files, account fields, team descriptions, repository names, or other metadata that repod will process.

4. How We Use Information

  • Provide, secure, maintain, and improve repod.
  • Sync GitHub organization metadata and access-control state.
  • Show access reports, dashboards, exports, imports, and permission-change previews.
  • Apply GitHub changes only when an authorized user requests a write-mode action.
  • Authenticate users, enforce account roles, enforce plan limits, and prevent abuse.
  • Maintain audit history, troubleshoot sync issues, and respond to support requests.
  • Process billing, subscriptions, and service communications.

5. Legal Bases

Where UK GDPR or similar laws apply, our controller legal bases are:

  • Contract: creating accounts, authenticating users, providing requested service functionality, support, billing administration, and service communications.
  • Legitimate interests: securing repod, preventing abuse, maintaining audit logs, improving product reliability, responding to business enquiries, and operating privacy-safe first-party traffic counters. We balance these interests against individual rights and avoid using sensitive GitHub data for analytics.
  • Legal obligation: accounting, tax, company-law, sanctions, dispute, and regulatory compliance.
  • Consent: optional Google Analytics browser analytics and any other feature that expressly asks for consent.

Customers are responsible for ensuring they have an appropriate basis for connecting their GitHub organization, inviting users to repod, and instructing repod to process customer GitHub metadata and access-control data.

6. GitHub Credentials And Permission Modes

repod can call GitHub APIs through PAT auth or GitHub App beta. For PAT auth, new and rotated tokens must be fine-grained PATs beginning with github_pat_. GitHub App beta stores an encrypted private key and uses short-lived installation tokens. Audit/read mode uses read-oriented access to organization settings, repository metadata, members, teams, and repo-team permission state. Write mode is needed only for applying repo-team permission changes, repository metadata changes, repository renames, or team-management actions. Optional Team management is an elevated mode because it requires Organization Members write, which is also the GitHub permission used for organization invitations and membership changes.

You can revoke or rotate a PAT, GitHub App private key, or GitHub App installation in GitHub at any time. If credentials are revoked or removed, sync and apply operations may stop until valid credentials are restored.

7. Analytics

We may use Google Analytics (GA4), when enabled, to understand aggregate website and feature usage and improve stability. In production, repod is configured for strict opt-in analytics unless a later review approves limited pre-consent measurement. If you allow analytics, GA4 may use analytics cookies for session and workflow reporting. We do not send email addresses, PATs, repository names, team names, org names, form messages, or full query strings to GA4. IP anonymization is enabled by default.

  • Strict opt-in default: optional GA4 browser analytics begins only when you choose “Allow analytics”.
  • Consent for session analytics: analytics cookies and pseudonymous session reporting begin only when you choose “Allow analytics”.
  • Simple objection: choosing “Necessary only” or “Disable analytics” stops optional browser analytics on later page loads and removes analytics cookies.
  • Optional loading: if analytics environment variables are not configured, the browser GA4 snippet is omitted.
  • Sensitive pages: analytics is excluded from login, registration, password reset, invite acceptance, public access-audit pages, and the machine-readable security.txt route.
  • Privacy signals: Do-Not-Track (DNT) and Global Privacy Control signals prevent browser and request-linked analytics events.
  • Pseudonymous identifiers: logged-in analytics uses stable pseudonymous IDs derived from internal IDs, not raw email addresses or raw account IDs.
  • Events: registration, organisation add, and sync completions may emit non-PII event counts.
  • First-party traffic counters: repod aggregates daily page, coarse source, device-category, consent-state, and bot-category totals for public sitemap pages. These counters do not retain visitor IDs, IP addresses, complete referrer URLs, full user agents, or individual browsing histories.

See the Cookie And Storage Notice for storage names and consent controls.

You may additionally block analytics at the browser or network layer.

8. Anonymized Outcome Benchmarks

Benchmark and cohort reuse of customer GitHub governance outcome metrics is disabled by default for broad launch unless expressly enabled by a customer-controlled setting or separate documented instruction.

  • No raw account ids, org names, repo names, or team names are published.
  • Only grouped aggregates are used and only when minimum cohort thresholds are met.
  • Customers may object to or disable this type of reuse where it is made available.

9. Sharing And Subprocessors

We do not sell customer data. We use service providers to host, operate, bill, monitor, email, and improve repod. These providers receive only the information needed for their service category. See our Subprocessors page for the current public summary.

10. International Transfers

repod and its service providers may process information in countries other than where you are located, including the United Kingdom, the United States, and other countries where our providers operate. Where Data Demon initiates a restricted transfer under UK data protection law, we rely on an applicable adequacy regulation, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or another lawful safeguard, together with appropriate technical and organisational measures.

11. Retention

We retain personal data only as long as needed for the purposes described in this policy, unless a longer period is required for legal, accounting, security, or dispute reasons. Current retention commitments are:

  • Account and contract records: while the account is active, then up to 6 years after closure for contract, tax, accounting, and legal-record purposes.
  • GitHub metadata and access history: while the account is active. Org-history deltas are subject to the configured retention sweep, currently 180 days by default, unless plan features, customer configuration, legal hold, or support investigation require a different period.
  • GitHub credentials: retained only while needed for the connected organisation and deleted or overwritten when revoked, rotated, disconnected, or the account is closed, subject to backup expiry.
  • Exports and imports: retained while needed for the workflow or support request. Customers should download and manage exported files according to their own internal controls.
  • Security, audit, and access logs: usually retained for up to 12 months, and longer where needed for security investigation, abuse prevention, legal claims, or compliance.
  • Support and sales correspondence: usually retained for up to 3 years after the last interaction, and longer where needed for contract or legal purposes.
  • Billing, invoice, and tax records: retained for up to 6 years after the relevant accounting period, or longer if legally required.
  • Optional analytics cookies: see the Cookie And Storage Notice for cookie-level lifetimes.
  • Backups: protected backup copies expire on the production backup lifecycle. During that period, deleted live-service data is put beyond ordinary use and restored only where needed for disaster recovery, security, or legal reasons.

If you request deletion, we remove or de-identify applicable live-service data within a reasonable period, normally within 30 days for data under Data Demon's control, subject to legal, security, backup, and technical limitations. For customer-controlled GitHub data, we may refer requests to the customer where the customer is controller.

12. Security

repod applies account scoping, role-based access controls, CSRF protections for web forms, encrypted PAT and GitHub App private-key storage, audit logging, and operational safeguards. No internet service can guarantee absolute security. Security issues should be reported through Vulnerability Disclosure.

13. Your Rights

Depending on where you live and the legal basis for processing, you may have rights to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent. We may need to verify your identity and account authority before acting on a request.

Right to object: you may object to processing based on legitimate interests, including direct marketing and certain product analytics or service-improvement processing. You can object verbally or in writing by contacting support@repod.dev. We will stop direct marketing when you object. For other legitimate-interest processing, we will assess whether we have compelling legitimate grounds or need the data for legal claims.

14. Automated Decision-Making

repod may generate scores, diagnostics, and recommendations about GitHub access posture. These are operational decision-support features and are not intended to make solely automated decisions with legal or similarly significant effects about individuals.

15. Children

repod is intended for business use by engineering teams and is not directed to children.

16. Changes

We may update this Privacy Policy as the service changes. Material changes will be signposted in-app, on the website, or by email where appropriate.

17. Privacy Requests And Complaints

Questions, privacy-rights requests, objections, or data protection complaints should be sent to support@repod.dev. We will acknowledge data protection complaints within 30 days of receipt, take appropriate steps to investigate without undue delay, keep you informed of progress where appropriate, and tell you the outcome without undue delay.

If UK data protection law applies to your use of the service, you may also have the right to complain to the UK Information Commissioner's Office. ICO contact details are available at ico.org.uk/make-a-complaint or by calling 0303 123 1113.

Company details: Data Demon Systems Limited, company number 16158110, registered in England and Wales. Contact: support@repod.dev.

© 2026 Data Demon Systems Limited. repod.dev is a business SaaS product for GitHub access operations.
Docs Pricing Contact Terms DPA Privacy Cookies Subprocessors Security Vulnerability Disclosure LinkedIn

Data Demon Systems Limited is registered in England and Wales with company number 16158110.

Help improve repod Allow session analytics so we can understand which workflows are useful. Optional analytics begins only after consent in production. Sensitive GitHub data is never sent. Privacy details