Connect GitHub
Legal

Privacy Policy

Last updated: May 11, 2026

This Privacy Policy explains how Branchpost (“Branchpost,” “we,” “us”) collects, uses, and shares information when you use our website at branchpost.comand the Branchpost service (together, the “Service”). By using the Service you agree to the practices described here.

1. Information we collect

1.1 Information you provide

  • Account information: When you sign in with GitHub we receive your GitHub user ID, username, display name, email address, and avatar URL.
  • Publication context and prompts: Any site context, topic queue, tone, audience, claims to avoid, or other inputs you save in the dashboard.
  • Communications: When you email us, content of those messages and any attachments.

1.2 Information from GitHub

When you install our GitHub App and select repositories to connect, GitHub provides us with read access (and pull-request write access) to those repositories. We read:

  • Repository metadata (name, default branch, languages, README);
  • Existing blog content and frontmatter in the content directory you select;
  • Commit metadata for recent activity used to inform topic suggestions;
  • Pull request information for drafts we open on your behalf.

We do not access repositories you have not granted to the Branchpost GitHub App, and we do not push to your default branch.

1.3 Billing information

Payment processing is handled by Stripe. We receive a Stripe customer ID, plan, subscription status, last-four digits of your card, and country — we do not receive or store full card numbers. See Stripe's Privacy Policy for how Stripe processes your data.

1.4 Automatically collected information

  • Cookies: A single httpOnly session cookie (blog_session) used to keep you signed in. We do not use third-party advertising cookies.
  • Local storage: Your theme preference and dashboard sidebar state are stored in your browser. We do not transmit these to our servers.
  • Server logs: Standard request logs including IP address, user agent, timestamps, and route accessed. Used for security, debugging, and abuse prevention. Retained for up to 30 days.

2. How we use information

  • To provide, maintain, and improve the Service;
  • To generate blog drafts, topic suggestions, and optional cover images on your behalf;
  • To send transactional emails about your account, billing, and generation results;
  • To detect and prevent abuse, fraud, and security incidents;
  • To comply with legal obligations and enforce our Terms.

3. AI processing

To generate a draft, we send your repository context and prompt to Anthropic (Claude). For optional images we send your prompt to Replicate. These providers act as our processors under contractual data protection terms. We have configured our integrations so that your prompts and outputs are not used to train their models.

4. How we share information

We do not sell your personal information. We share information with:

  • Service providers (processors) who help us operate the Service:
    • GitHub — authentication and repository integration;
    • Stripe — payments and billing;
    • Anthropic — AI text generation;
    • Replicate — AI image generation (only when you request an image);
    • Unsplash — image search (only when you use it);
    • Cloudflare R2 — storage of uploaded and generated cover images;
    • Resend — transactional email delivery;
    • Vercel — hosting, edge networking, and logs;
    • Neon — managed Postgres database;
    • Upstash (QStash) — background job queue.
  • Legal and safety: If required by law, legal process, or to protect rights, safety, or property.
  • Business transfers: In a merger, acquisition, or sale of assets, subject to a successor honoring this Policy.

5. International transfers

We and our providers may process information in the United States, the European Union, and other countries. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

6. Data retention

  • Account data: Retained while your account is active.
  • Generated drafts and PR history: Retained while your account is active; you can delete individual entries from the dashboard.
  • Credit ledger: Retained for at least 7 years for tax and accounting purposes.
  • Server logs: Up to 30 days.
  • After account deletion: We delete or anonymize personal data within 30 days, except where retention is required by law or to resolve disputes.

7. Your rights

Depending on where you live, you may have the right to access, correct, port, restrict, or delete your personal data, and to object to certain processing. To exercise any of these rights, email support@branchpost.com. We will respond within the timeframe required by applicable law (typically 30 days).

You can revoke the Branchpost GitHub App at any time from your GitHub settings, which will immediately end our repository access. You can cancel your subscription and delete your account from the dashboard or by emailing us.

8. Children

The Service is not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Security

We use industry-standard safeguards including TLS in transit, encryption at rest for stored credentials and tokens, httpOnly session cookies, scoped GitHub App permissions, and audited third-party processors. No system is perfectly secure; if you suspect unauthorized access to your account, contact us immediately at support@branchpost.com.

10. Changes to this Policy

We may update this Policy from time to time. If we make a material change we will notify you by email or in-product notice at least 14 days before the change takes effect. The “Last updated” date at the top of this page indicates the most recent revision.

11. Contact

Questions, complaints, or requests? Email support@branchpost.com.