# Privacy Policy — Heliostat

Last updated: 2026-04-24

This is a plain-language summary. The HTML version at [/privacy](/privacy) is the legally binding copy.

## What we collect

- **Account data** — your email and (if you sign in via GitHub) your GitHub username, avatar URL, and the OAuth token used to read commit metadata from repos you've connected.
- **What you write** — pitches, scopes, hill check-ins, retros, lessons, cooldown tasks/ideas, daily check-ins, mind-map notes. We need this to render the app.
- **Commit metadata** — branch name, commit message, SHA, author, timestamp from connected GitHub repos. Used to auto-link commits to scopes. **We do not read source code.**
- **Operational logs** — request URLs, status codes, timing, and Sentry-captured errors. No request bodies are logged.
- **Stripe billing data** — handled by Stripe; we store your `customer_id` and subscription state only.

## What we do not do

- No analytics or ad trackers. No Google Analytics, no Facebook Pixel, no Mixpanel.
- No data sales, no data sharing with brokers.
- No reading the source code of your repositories.
- No model training on your data.

## Third parties we use

- **Stripe** — payments
- **Resend** — transactional email
- **Sentry** — error tracking
- **OpenAI** — Senior / Retro Coach inference (only the prompts you initiate; pitch and check-in content is included in those prompts)
- **GitHub** — OAuth login + commit metadata for connected repos
- **AWS S3 (R2-compatible)** — image storage

## Your rights

- Export every map note as a `.tar.gz` at any time from `/think`.
- Delete your account permanently from `/settings` — cascades through your data and cancels any Stripe subscription.
- Send anything else via [/feedback](/feedback).