Privacy Policy

Last updated: April 4, 2026

1. Introduction

Adoptr ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

2. Information We Collect

Account Information

When you sign in via GitHub OAuth, we collect your GitHub username, email address, and profile information. We do not store your GitHub password.

Repository Data

When you connect repositories, we access repository metadata, release information, commit messages, and code diffs. We use read-only access and never modify your code.

Social Media Tokens

When you connect your X (Twitter) account, we store OAuth access tokens in encrypted format (AES-256-GCM) to publish posts on your behalf. Tokens are encrypted at rest and never exposed to the client.

Usage Data

We collect information about your use of the Service including generation counts, published posts, and feature usage for the purpose of enforcing plan limits and improving the Service.

3. How We Use Your Information

  • To provide and maintain the Service
  • To generate AI-powered product updates from your release data
  • To publish content to social media platforms on your behalf
  • To enforce plan limits and manage your subscription
  • To improve and optimize the Service
  • To communicate with you about service updates and changes

4. Data Storage and Security

Your data is stored in Firebase Firestore with the following security measures:

  • Sensitive tokens are encrypted using AES-256-GCM encryption
  • All data is transmitted over HTTPS with TLS encryption
  • API endpoints are protected with rate limiting and input validation
  • Sessions expire after 5 minutes of inactivity
  • Security headers (HSTS, CSP, X-Frame-Options) are enforced on all pages

5. Third-Party Services

We use the following third-party services to operate:

  • GitHub — Authentication and repository access
  • X (Twitter) — Social media publishing
  • OpenAI — AI content generation (your release data is sent to OpenAI for processing)
  • Firebase / Google Cloud — Data storage
  • Vercel — Application hosting
  • Upstash QStash — Scheduled job processing

Each third-party service has its own privacy policy. We encourage you to review them.

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your data only in the following circumstances:

  • With third-party services listed above, solely to provide the Service
  • When required by law or legal process
  • To protect the rights, property, or safety of Adoptr, our users, or the public

7. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and associated data at any time. Upon account deletion, your data will be permanently removed within 30 days.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Disconnect third-party integrations at any time
  • Export your data in a machine-readable format

9. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party analytics cookies. Session cookies are httpOnly and expire after 5 minutes of inactivity.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

12. Contact

If you have any questions about this Privacy Policy, please contact us at privacy@adoptr.ai.