giTshirt

Privacy Policy

Last updated: August 24, 2025

This Privacy Policy explains how giTshirt ("we," "us," or "our") collects, uses, and shares information about you when you use our websites, apps, and services (the "Service"). By using the Service, you agree to this Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account and Authentication

  • GitHub OAuth data: name, email, username, avatar URL, and an access token to read your repositories/commits as permitted by you. We use NextAuth for authentication.
  • Session data: session identifiers, timestamps, and security metadata to keep you signed in.

1.2 Content You Provide

  • Repository and commit selections: when you select repos/branches/commits, we process commit metadata and messages to generate the layout for your shirt.
  • WE DO NOT access nor store any code from the repositories.
  • Order details: size, quantity, product and transaction identifiers, and (if necessary) shipping info. Payment is processed by Stripe; we do not store full card numbers.
  • Generated assets: shirt previews and production images (e.g., hosted via Cloudinary) linked to your product.
  • Reviews and feedback: star ratings, comments, and related metadata if you submit a review.

1.3 Automatically Collected

  • Usage data: pages viewed, actions (e.g., refresh, generate), device/browser type, and approximate location inferred from IP.
  • Cookies and similar technologies: required cookies for authentication and security; analytics/ads cookies if enabled (see Section 5).

2. How We Use Information

  • Authenticate you with GitHub and maintain your session.
  • Fetch branches/commits you select and lay them out to generate previews and final production images.
  • Process payments (Stripe), fulfill orders via our print partner, and provide customer support.
  • Improve the Service, including performance, reliability, and UX (e.g., caching commit measurements, rate-limiting endpoints).
  • Detect, prevent, and address security or abuse, including API misuse (e.g., rate limiting).
  • Perform analytics and run marketing (if enabled), measure conversions, and understand product interest.

3. Data Retention

  • Account data: retained until you request deletion or your account becomes inactive for a reasonable period.
  • Commit data: retrieved on demand for selection and layout. We do not need to store raw commits long-term; when we store, we retain only what's necessary to generate and display your product (e.g., the final selection and generated images).
  • Orders: retained as required for accounting, compliance, and customer support.
  • Logs: short-term for security/diagnostics (e.g., ~30-90 days), unless required longer by law or to investigate abuse.

4. How We Share Information

  • Print provider: to produce and ship your custom shirt (e.g., print files, product details, shipping info).
  • Payment processor (Stripe): for secure transactions and fraud detection.
  • Hosting and media: to host images and serve the app (e.g., Cloudinary, Vercel or similar).
  • Analytics/ads partners: if enabled, we may share pseudonymous identifiers, page views, and conversion events with Google Analytics 4, X/Twitter (UWT), and potentially Reddit Ads for performance measurement and marketing.
  • Legal and safety: to comply with law, enforce our terms, or protect our rights, property, and users.

5. Cookies, Analytics, and Ads

  • Strictly necessary: auth and security cookies to keep your session.
  • Analytics: Google Analytics 4 for usage metrics.
  • Advertising/Attribution: X/Twitter UWT and Ahrefs analytics; we may also run Reddit ads. These partners may set cookies or use similar tech for measurement and attribution.

You can control cookies in your browser settings. Some features may not work if you block essential cookies. For analytics/ads, you can opt out via your Ad Preferences or device settings where available.

6. Data Security

We use reasonable technical and organizational measures to protect your data (e.g., HTTPS, token scoping, rate limiting). However, no method is 100% secure. You are responsible for safeguarding your account and reviewing commit content before printing.

7. International Transfers

We may process and store data in countries other than yours. By using the Service, you consent to the transfer and processing of your data in those countries, which may have different data protection laws.

8. Your Rights

Depending on your region (e.g., EU/EEA, UK, California), you may have rights to access, correct, delete, or restrict processing of your personal data, and to portability. To make a request, contact us at support@gitshirt.dev. We may need to verify your identity and may be unable to fulfill requests that would impact our legal obligations or the rights of others.

9. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.

10. Third-Party Links

We may link to third-party sites or services. Their privacy practices are governed by their own policies. We are not responsible for third-party practices.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide notice (e.g., update the "Last updated" date or post an in-app notice). Your continued use of the Service after changes become effective constitutes acceptance.

12. Contact

Questions or requests? Email support@gitshirt.dev.