CommitGuard

Privacy Policy - CommitGuard

Last Updated: December 14, 2025

This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use CommitGuard ("the Service") and tells you about your privacy rights and how the law protects you.

We use your personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

1.1 Interpretation

The words with initial capital letters have meanings defined under the following conditions. These definitions shall have the same meaning regardless of whether they appear in singular or plural.

1.2 Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for you to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to CommitGuard.
  • Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing details of your browsing history on that website among its many uses.
  • Country refers to South Africa.
  • Device means any device that can access the Service such as a computer, cellphone, or digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the CommitGuard platform and website.
  • Service Provider means any natural or legal person who processes data on behalf of the Company.
  • Third-party Social Media Service refers to any website or social network website through which a user can log in or create an account to use the Service.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
  • Website refers to CommitGuard, accessible from https://www.commitguard.io
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service.

We process your personal data based on the following legal grounds:

  • Contractual Necessity: To provide the Service you've subscribed to and fulfill our contractual obligations
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: For marketing communications and non-essential cookies (where required)
  • Legal Obligations: To comply with applicable laws and regulations

3. Types of Data We Collect

3.1 Personal Data

While using our Service, we may ask you to provide certain personally identifiable information, including but not limited to:

  • Email address
  • First name and last name
  • Phone number (optional)
  • Company name and address (for business accounts)
  • Payment information (processed by third-party payment processors)
  • Usage Data

3.2 Usage Data

Usage Data is collected automatically when using the Service and may include:

  • Your device's Internet Protocol address (IP address)
  • Browser type and version
  • Pages of our Service that you visit
  • Time and date of your visit
  • Time spent on pages
  • Unique device identifiers
  • Database usage statistics
  • Query performance metrics
  • Feature usage patterns
  • Error logs and diagnostic data

3.3 Information from Third-Party Social Media Services

We allow account creation and login through:

  • Google
  • GitHub
  • Microsoft

When you use these services, we may collect:

  • Name and email address
  • Profile picture
  • Any other information you authorize the third-party service to share

3.4 Payment Information

We use third-party payment processors (Polar) to handle payments. We do not store full credit card information on our servers. We may store:

  • Last four digits of payment method
  • Payment method type
  • Billing address
  • Transaction history

4. Cookies and Tracking Technologies

4.1 Types of Cookies We Use

Essential Cookies (Session Cookies)

  • Purpose: Authentication, security, and core functionality
  • Legal Basis: Contractual necessity
  • Retention: Session duration

Functionality Cookies (Persistent - 1 year)

  • Purpose: Remember user preferences and settings
  • Legal Basis: Legitimate interests
  • Retention: 12 months

Analytics Cookies (Persistent - 2 years)

  • Purpose: Understand usage patterns and improve the Service
  • Legal Basis: Consent (where required)
  • Retention: 24 months
  • Third parties: Google Analytics, Mixpanel

4.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect Service functionality.

5. How We Use Your Personal Data

We use personal data for the following purposes:

5.1 Service Provision

  • Purpose: Provide and maintain the Service
  • Legal Basis: Contractual necessity
  • Data Used: Account information, usage data, payment information

5.2 Account Management

  • Purpose: Manage your registration and account access
  • Legal Basis: Contractual necessity
  • Data Used: Email, name, authentication data

5.3 Communication

  • Purpose: Send service updates, security alerts, and support responses
  • Legal Basis: Contractual necessity and legitimate interests
  • Data Used: Email address, account information

5.4 Marketing (Optional)

  • Purpose: Send promotional content and product updates
  • Legal Basis: Consent
  • Data Used: Email address, usage patterns
  • Opt-out: Available in all emails and account settings

5.5 Service Improvement

  • Purpose: Analyze usage patterns, fix bugs, develop new features
  • Legal Basis: Legitimate interests
  • Data Used: Usage data, performance metrics (anonymized when possible)

5.6 Security and Fraud Prevention

  • Purpose: Detect and prevent unauthorized access and fraudulent activity
  • Legal Basis: Legitimate interests and legal obligations
  • Data Used: IP addresses, login attempts, usage patterns

6. Data Sharing and Disclosure

6.1 Service Providers

We share data with trusted third parties who assist in operating our Service

All service providers are contractually obligated to protect your data and use it only for specified purposes.

6.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide 30 days' notice before your data becomes subject to a different privacy policy.

We may disclose your data when required by law or to:

  • Comply with legal obligations or court orders
  • Protect our rights and property
  • Prevent fraud or illegal activity
  • Protect user safety
  • Respond to government requests

We may share your information for any other purpose with your explicit consent.

7. International Data Transfers

Your data may be transferred to and processed in countries outside South Africa, including the United States and European Union. We ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy Decisions where available
  • Certification schemes such as Privacy Shield successors

You can request copies of the safeguards we use by contacting us at [email protected].

8. Data Retention

We retain your personal data for the following periods:

8.1 Account Data

  • Active accounts: While your account remains active
  • Closed accounts: 3 years after account closure for legal and business purposes
  • Essential account data: May be retained longer if required by law

8.2 Usage Data

  • Detailed usage logs: 12 months
  • Aggregated analytics: 36 months
  • Error logs: 6 months

8.3 Marketing Data

  • Active subscribers: Until you unsubscribe
  • Former subscribers: 6 months after unsubscribe for suppression purposes

8.4 Payment Data

  • Transaction records: 7 years for tax and accounting purposes
  • Payment method details: Until you remove them or 1 year after last use

Data may be retained longer when subject to legal proceedings or regulatory investigations.

9. Your Privacy Rights

9.1 Access and Portability

  • Request a copy of your personal data
  • Receive data in a structured, commonly used format
  • Transfer data to another service provider

9.2 Correction and Updates

  • Correct inaccurate personal data
  • Update incomplete information
  • Access account settings to make changes

9.3 Deletion ("Right to be Forgotten")

  • Request deletion of your personal data
  • We will comply unless retention is required by law
  • Some data may be retained in anonymized form

9.4 Restriction and Objection

  • Restrict processing of your data in certain circumstances
  • Object to processing based on legitimate interests
  • Object to direct marketing at any time
  • Withdraw consent for marketing communications
  • Withdraw consent for non-essential cookies
  • This doesn't affect processing based on other legal grounds

9.6 Exercising Your Rights

To exercise any of these rights:

  • Email us at [email protected]
  • Include your account information and specific request
  • We will respond within 30 days (may be extended to 60 days for complex requests)
  • No fee unless requests are excessive or unfounded

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

10.1 Technical Safeguards

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Multi-factor authentication for accounts
  • Regular security audits and penetration testing
  • Secure coding practices and code reviews
  • Automated security monitoring and alerting

10.2 Organizational Safeguards

  • Staff training on data protection
  • Limited access on a need-to-know basis
  • Background checks for personnel with data access
  • Incident response procedures
  • Regular security policy reviews

10.3 Data Breach Notification

In the event of a data breach:

  • We will notify affected users within 72 hours
  • Notification will include nature of breach and steps taken
  • We will report to relevant authorities as required by law

11. Automated Decision-Making and Profiling

We may use automated systems for:

  • Fraud detection: To identify suspicious account activity
  • Service optimization: To improve performance and user experience
  • Content personalization: To show relevant features and recommendations

You have the right to:

  • Request human intervention in automated decisions
  • Express your point of view about automated decisions
  • Contest decisions that significantly affect you

12. Children's Privacy

Our Service is not intended for anyone under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

If we become aware that we have collected personal data from a child under 16 without proper consent, we will delete that information from our servers promptly.

13. California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have additional rights:

13.1 Right to Know

  • Categories of personal information collected
  • Sources of personal information
  • Purposes for collecting or selling personal information
  • Categories of third parties with whom we share personal information

13.2 Right to Delete

Request deletion of personal information we have collected from you.

13.3 Right to Opt-Out

We do not sell personal information. If this changes, we will provide an opt-out mechanism.

13.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

To exercise CCPA rights, email us at [email protected] with "CCPA Request" in the subject line.

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read the privacy policies of every website you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we do:

  • We will post the new policy on this page
  • We will update the "Last Updated" date
  • For material changes, we will notify you via email or prominent notice
  • Changes become effective immediately upon posting
  • Continued use of the Service after changes constitutes acceptance

16. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: [email protected]

Subject Line for Specific Requests:

  • General privacy questions: "Privacy Policy Question"
  • Data access requests: "Data Access Request"
  • Data deletion requests: "Data Deletion Request"
  • CCPA requests: "CCPA Request"
  • Data breach reports: "Security Incident Report"

We aim to respond to all privacy-related inquiries within 30 days.