Legal
Privacy Policy
Last updated: March 2026
How we handle your data
Read our detailed docs on token scopes, commit fetching, and what we never store.
1. Introduction
This Privacy Policy explains how Talksprout Ltd ("we", "us", "our") collects, uses, and protects your personal information when you use Gitsprout ("the Service"). By using the Service you agree to the practices described here.
2. Information We Collect
We collect information you provide when creating an account (name, email address, profile image via OAuth). We also collect payment information through Stripe — we never see or store your full card details. We collect server-side log data (IP address, browser type, operating system, pages visited) via Loki, a self-hosted log aggregation system, used solely to monitor service health and diagnose issues. We also use Umami, a self-hosted, cookieless web analytics tool, to understand aggregate usage patterns. Umami does not use cookies or track individuals across sites. No third-party tracking or advertising cookies are used.
3. Git Tokens & Commit Data
To generate reports, you provide a personal access token (PAT) for your Git provider. Your token is used only within your active session to fetch commit data and is never written to our database or logs. Commit data fetched during a session is used solely to generate your report and is discarded when the session ends. We do not store, index, or analyse your commit history beyond what is needed to fulfil your immediate request.
4. How We Use Your Information
We use your account information to authenticate you and keep your reports accessible across sessions. We use payment data to process purchases and issue receipts. We use usage data to monitor service health, diagnose issues, and improve the product. We may send transactional emails (receipts, account notices) but will not send unsolicited marketing without your consent.
5. Information Sharing
We do not sell your personal data. We share data only with trusted third-party service providers (including Anthropic for AI report generation, Stripe for payments, and infrastructure providers) who are bound by confidentiality obligations and only process data as instructed. We may disclose information if required by law or to protect the rights, property, or safety of Talksprout Ltd or its users.
6. AI Report Generation
Reports are generated by Claude, an AI model provided by Anthropic. Commit data submitted for report generation is processed by Anthropic in accordance with their API terms and privacy policy. We recommend reviewing Anthropic's privacy policy at anthropic.com/privacy.
7. Data Security
We employ industry-standard security measures including encryption in transit (TLS) and at rest to protect your data. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
8. Data Retention
We retain your account information for as long as your account is active. Generated reports are stored so you can access them across sessions but can be deleted at any time from within the app. You may request deletion of all your data by emailing hello@talksprout.com.
9. Your Rights
You have the right to access, correct, or delete your personal information. To exercise any of these rights, email us at hello@talksprout.com. We will respond within 30 days.
10. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or via a notice in the app. The date at the top of this page reflects when the policy was last revised.
12. Contact
Questions about this Privacy Policy? Email us at hello@talksprout.com.