Legal

Privacy Policy

Last updated: June 26, 2026

This Privacy Policy explains how Changelog Fast ("we", "us", the service available at changelogfa.st) collects, uses, and protects your information. Changelog Fast is operated by an independent maker (the "operator of changelogfa.st"). If you have any questions, contact us at hello@changelogfa.st.

1. Who we are

For the purposes of applicable data-protection law (including the EU/UK GDPR), the operator of changelogfa.st is the data controller for the personal data described in this policy. You can reach the controller at hello@changelogfa.st.

2. Information we collect

We collect only what we need to provide the service:

  • Account data. When you sign in, we receive basic profile information from your identity provider (such as your name, email address, and avatar).
  • Integration credentials. When you connect a tool, we store the OAuth access (and, where applicable, refresh) tokens needed to read data on your behalf. Supported tools include source hosts (GitHub, GitLab, Gitea), issue trackers (Linear, Jira), and delivery channels (Slack).
  • Content we process to generate release notes. Commits, pull/merge requests, tags, branch names, diffs, and the issue/ticket data referenced by them. We do not store your source code or diffs — they are fetched only at generation time, used to produce the note, and then discarded.
  • The generated changelog (and the references shown in it). We retain the release notes we generate for you. When a note is published to a public changelog page, we also store the specific references that appear on that page: for each commit, its SHA, the first line of its message, the author name, and a link; for each linked ticket, its key, title, and link. We do not store full commit bodies, ticket descriptions, or any other commit/ticket content beyond those references.
  • Configuration. The streams, workflows, schedules, tones, and output channels you set up.
  • Usage and technical data. Log data such as IP address, browser type, and timestamps, used for security and to operate the service.

3. How we use your information

  • To authenticate you and operate your account.
  • To read data from the tools you connect and generate release notes, QA checks, and related content.
  • To deliver generated content to the channels you configure.
  • To maintain security, prevent abuse, debug, and improve the service.
  • To communicate with you about the service when necessary.

We do not sell your personal data, and we do not use your repository or ticket content to train our own models.

4. AI processing

Release notes and related content are generated using third-party large language model providers (currently Anthropic's Claude). To produce output, the relevant commit, diff, and ticket content is sent to that provider for processing. We rely on providers that do not train their models on data submitted through their API. AI-generated output may contain errors; please review it before publishing.

5. Service providers and sub-processors

We share data with vendors strictly to run the service, including cloud hosting, database storage, and the AI provider described above. We also access data from, and deliver content to, the third-party tools you choose to connect (GitHub, GitLab, Gitea, Linear, Jira, Slack). Your use of those tools is governed by their own privacy policies.

6. Data retention

We retain account, integration, and configuration data for as long as your account is active. Generated release notes are retained until you delete them or close your account. You can disconnect any integration at any time, which revokes our stored token for that tool. When you ask us to delete your account, we delete or anonymize your personal data within a reasonable period, except where we must retain it to comply with legal obligations.

7. Security

We use industry-standard measures to protect your data, including encryption in transit and access controls around stored credentials. No method of transmission or storage is completely secure, but we work to protect your information and to limit access to it.

8. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise any of these rights, email hello@changelogfa.st. You also have the right to lodge a complaint with your local data-protection authority.

9. Cookies

We use strictly necessary cookies to keep you signed in and to operate the application. We do not use advertising cookies.

10. International transfers

Your data may be processed in countries other than your own, including by the service providers listed above. Where required, we rely on appropriate safeguards for such transfers.

11. Children

Changelog Fast is not directed to children under 16, and we do not knowingly collect their personal data.

12. Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, take reasonable steps to notify you.

13. Contact

Questions about this policy or your data? Email hello@changelogfa.st.