← Back to home

Privacy Policy

Last updated: May 24, 2026

This Privacy Policy explains what data ChangelogStack collects, how it's used, and the choices you have. ChangelogStack ("we", "us") is an AI-powered changelog generation service operated by Selçuk Gönen, based in Türkiye.

If you have any questions, email us at gonenselcuk@gmail.com.

What we collect

GitHub account data. When you sign in with GitHub, we receive your public profile (username, email, avatar URL) and an OAuth access token. The token is stored encrypted at rest in our database.

Repository data. For repositories you explicitly connect to ChangelogStack, we read metadata needed to generate changelogs: repo name, pull request titles and descriptions, commit messages, and merge timestamps. We do not read source code, issues, or repos you have not connected.

AI-generated content. Notes, drafts, edits, and published changelogs you create or save inside ChangelogStack.

Account and usage data. Email, sign-in timestamps, basic counters (changelogs generated, repos connected) used to enforce tier limits.

Payment data. Subscriptions are processed by Lemon Squeezy, our Merchant of Record. They handle all card details — we never see or store card numbers. We receive only the subscription status, plan, renewal date, and a customer identifier.

How we use it

We use this data to: generate changelogs you request, show them to you and your published-page visitors, enforce tier limits, send transactional email (sign-in, billing receipts), and improve the service. We do not sell your data and we do not use your private repo content to train AI models.

Who we share it with

ChangelogStack is built on standard cloud infrastructure. Your data is processed by vetted third-party providers — including an encrypted database with authentication, large language model providers for AI generation, a payment processor (acting as Merchant of Record), application hosting, and transactional email — each receiving only the data they need to perform their function.

We do not share your data with advertisers, data brokers, or marketing networks.

AI and publishing

Changelog text is generated by industry-standard large language models from the PR data you connect. Generated content is shown only to you as a draft. Nothing is auto-published. A changelog only becomes public when you explicitly click publish.

Cookies

We use essential cookies for authenticated sessions only. No analytics cookies, no tracking pixels, no advertising cookies.

Your rights

You can:

  • Export your data — email us and we'll send a JSON export within 7 days
  • Delete your account and associated data — email us and we'll process within 7 days
  • Disconnect any GitHub repository at any time from the dashboard
  • Revoke GitHub access entirely via your GitHub settings → Applications

If you are in the EU/UK, you also have rights under GDPR (access, rectification, erasure, portability, objection). Email us to exercise them.

Data retention

We keep your data while your account is active. After deletion, residual backups may persist for up to 30 days before being purged. Payment records are retained by Lemon Squeezy per their own policy and applicable tax law.

Security

Access tokens are encrypted at rest. All traffic uses HTTPS. We follow standard practices for a small SaaS, but no system is perfect — if you believe your account has been compromised, email us immediately.

Children

ChangelogStack is not directed at children under 16 and we do not knowingly collect their data.

Changes to this policy

If we make material changes, we'll update the "Last updated" date above and, for significant changes, notify active users by email.

Contact

Selçuk Gönen — gonenselcuk@gmail.com