Privacy Policy
Last updated: May 13, 2026
1. Information We Collect
We collect the following information:
- Account data: email address, name, and profile picture (via Google OAuth)
- Content data: changelog posts, categories, and project settings you create
- Usage data: page views, reactions, and widget interactions
- Payment data: processed securely by Stripe — we do not store card numbers
2. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Process payments and manage subscriptions
- Send transactional emails (account, billing)
- Improve the Service based on usage patterns
3. Data Storage
Your data is stored on Supabase (hosted on AWS) and Vercel infrastructure. All data is encrypted in transit (TLS) and at rest.
4. Data Sharing
We do not sell your data. We share data only with:
- Stripe — for payment processing
- Supabase — for database and authentication
- Vercel — for hosting and deployment
5. Cookies
We use essential cookies for authentication and session management. We do not use tracking or advertising cookies. The embeddable widget uses localStorage to track read/unread state — no cookies.
6. Your Rights (GDPR)
If you are in the EU, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your data
- Object to processing
7. Data Retention
We retain your data for as long as your account is active. When you delete your account, all associated data is removed within 30 days.
8. Widget Visitor Data
The embeddable widget generates a random visitor ID stored in the end-user's browser localStorage. This is used solely to track reactions (one per post per visitor). No personal information is collected from widget visitors.
9. Changes to This Policy
We may update this policy at any time. We will notify you of significant changes via email.
10. Contact
For privacy-related questions, contact us at privacy@changelo.dev