Privacy Policy — Post2Git
1. Introduction
Post2Git ("we", "our", "the Service") enables you to turn WhatsApp messages into GitHub/GitLab issues and comments. This policy explains how we collect, use, and protect personal data in accordance with the GDPR and French law.
Data Controller:
Projet ZETA — SARLU
10 chemin des joyaux, 38113 Veurey-Voroize, France
SIREN: 820 156 032
Contact: privacy@post2git.com
The Service is not intended for minors under 15 years old.
2. Data Collected
2.1 WhatsApp Messages (temporary processing)
When you use the Service, we receive via the WhatsApp Cloud API:
- message text content,
- metadata (phone number, timestamp, message type),
- media (images, videos, documents), where applicable.
WhatsApp messages are processed solely to create or update issues and are automatically deleted after processing.
2.2 User Account Data
We store in Firestore:
- WhatsApp phone number and user identifier,
- creation date and onboarding status,
- preferences (direct/validation mode, default repository, keywords),
- configuration of connected repositories (GitHub/GitLab),
- usage statistics (e.g., issues created, quota used),
- selected bot interface language and issue language (global or per repository).
2.3 GitHub/GitLab OAuth Tokens
To act on your behalf on GitHub/GitLab, we store OAuth access tokens:
- encrypted before storage (AES-256-CBC),
- never stored in plaintext,
- used only to perform actions you have authorized.
Tokens are kept until account deletion or revocation by the user.
2.4 Subscriptions and Billing (Stripe)
We store only:
- Stripe customer ID,
- subscription ID,
- price/plan ID,
- payment status and billing period dates.
Stripe is responsible for processing payment card data.
2.5 Technical Logs
We collect technical logs required for the security and proper functioning of the Service (e.g., errors, timestamps, technical identifiers, request information). Retention period: 30 days.
2.6 AI Processing (OpenAI)
To provide the Service, we temporarily send certain text content to OpenAI for:
- task splitting,
- summarization,
- cleanup/reformatting,
- description generation.
This content is not used by OpenAI to train its models. We only transmit data necessary for processing.
3. Purposes of Processing
We process your data to:
- create GitHub/GitLab issues from WhatsApp,
- add comments and labels to existing issues,
- manage OAuth authentication and onboarding,
- apply your preferences (repositories, languages, modes),
- manage billing and subscriptions,
- prevent fraud and abuse,
- improve Service reliability and security,
- provide user support.
We do not resell your data and do not display advertising.
4. Legal Basis
| Purpose | Legal basis |
|---|---|
| Providing the Service (issues, comments, labels) | Performance of a contract |
| GitHub/GitLab OAuth connection | Consent / Performance of a contract |
| Billing and subscription management | Legal obligation / Contract |
| Security, abuse prevention | Legitimate interest |
| Support | Performance of a contract |
5. Location and Transfers
Your data is hosted and/or processed by:
- Firestore (EU) for account data,
- Cloud Functions (us-central1) for processing,
- Meta WhatsApp Cloud API for message transmission,
- OpenAI (United States) for AI processing,
- Stripe (EU/US) for billing.
Transfers outside the EU are governed by the European Commission's Standard Contractual Clauses (SCC) and, where necessary, additional safeguards.
6. Retention
| Data | Retention period |
|---|---|
| WhatsApp messages | a few minutes (processing time) |
| Account data | until account deletion |
| OAuth tokens | until deletion or revocation |
| Technical logs | 30 days |
| Stripe data (invoices) | 10 years |
| Onboarding data | expiry + 30 days |
| WhatsApp attachments forwarded to GitHub/GitLab | not stored by Post2Git (kept in your repos) |
Upon account deletion, data is deleted or anonymized within 30 days, except where legal obligations require longer retention.
7. Your Rights
Under the GDPR you have the right to:
- access, rectify, and delete your data,
- data portability,
- object to or restrict processing,
- withdraw OAuth consent at any time,
- lodge a complaint with the French Data Protection Authority (CNIL).
You may exercise your rights:
- via WhatsApp (dedicated commands),
- or by email at privacy@post2git.com.
We respond within one month (extendable where necessary).
8. Account Deletion
You may request deletion via:
- WhatsApp (command
/delete), - email at privacy@post2git.com.
Your data will be deleted within 30 days, except Stripe billing records kept for legal obligations.
9. Sub-processors
We use the following sub-processors:
- Meta (WhatsApp Cloud API),
- Google Cloud / Firebase,
- GitHub,
- GitLab,
- Stripe,
- Firebase Hosting,
- OpenAI.
Each processes data only to provide the Service.
10. Security
We implement appropriate technical and organizational measures, including:
- encrypting OAuth tokens before storage,
- encrypting data in transit (TLS) and at rest (Google Cloud),
- strict access control based on least privilege,
- logging and monitoring,
- rotation of sensitive secrets and keys.
11. Changes
We may update this policy. The current version is available on our website. In case of material changes, we will notify you.
Want to try Post2Git?
Start on WhatsApp in 30 seconds. No app to install. Messages are deleted after processing.
Try on WhatsApp