Privacy Policy

1. Information We Collect

1.1 Account Information

When you sign up through GitHub OAuth, we receive:

• Your GitHub username
• Your GitHub user ID
• Your email address (if public on your GitHub profile)
• Your profile avatar URL

1.2 Repository Data

When you install the FlakyWatch GitHub App, we access:

• Repository metadata (name, default branch, owner)
• Workflow run data from GitHub Actions
• Test result artifacts (JUnit XML files) uploaded by your CI
• Commit SHA, branch names, and run timestamps

We do NOT access:

• Your source code
• Any repository files other than test result artifacts
• Private data outside the scope you explicitly grant

1.3 Usage Data

We automatically collect:

• Pages you visit on flakywatch.dev
• Actions you take in the dashboard
• Timestamps and frequency of usage
• Browser type and version
• IP address (for security and rate limiting)

1.4 Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

2. How We Use Your Information

We use the collected data to:

• Provide and maintain the FlakyWatch service
• Analyze your test results and compute flaky test metrics
• Create GitHub issues on your behalf when you authorize it
• Send you weekly digest emails (if you opt in)
• Notify you of important service changes
• Prevent fraud, abuse, and security threats
• Improve our service based on usage patterns

3. Data Storage and Retention

• Test execution data is retained for 30 days by default
• Aggregated statistics (daily stats) are retained for 90 days on paid plans, 14 days on free
• Account information is retained as long as your account is active
• Upon account deletion, all associated data is removed within 30 days

Data is stored on secure servers hosted by Railway (PostgreSQL) with encryption at rest and in transit.

4. Data Sharing

We do NOT sell your personal data. We share data only:

• With GitHub (to create issues or access repository data, as authorized by you)
• With service providers under strict confidentiality (Railway for hosting, Resend for email if applicable)
• When required by law (subpoena, court order, etc.)

5. Your Rights

You have the right to:

• Access the data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Export your data in a machine-readable format
• Revoke GitHub App authorization at any time

To exercise these rights, contact us at privacy@flakywatch.dev.

6. Security

We implement industry-standard security measures:

• HTTPS encryption for all data in transit
• Encrypted database storage
• Access controls on all production systems
• Regular security audits
• Principle of least privilege for all data access

7. Third-Party Services

FlakyWatch relies on the following third-party services:

• GitHub: For authentication and repository integration
• Railway: For infrastructure hosting
• Cloudflare: For DNS and DDoS protection

8. Children's Privacy

FlakyWatch is not intended for users under the age of 16. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email or in-app notification.

10. Contact Us

For privacy-related questions or requests:

• Email: privacy@flakywatch.dev
• Website: https://flakywatch.dev

If you believe we have violated this policy, you may file a complaint with your local data protection authority.