Your privacy, respected.

The data controller is the individual operating Gitoryx as a French auto-entrepreneur (micro-entrepreneur), SIRET 90145569100021. For any privacy-related request, contact: privacy@gitoryx.com.

Gitoryx collects only the data strictly necessary to provide the service:

• Account creation: email address and a hashed password (or OAuth provider identifier if you sign in via GitHub or another provider). No password is stored in plain text.
• Purchases & billing: when you buy a licence or subscribe, payment is processed by Stripe (the payment processor). Gitoryx receives order confirmation data (order ID, licence key, plan) but never your card number or bank details.
• App update checks: the app periodically contacts releases.gitoryx.com to check for updates. The request contains only the current app version and OS version — no personal data.
• Git data (local only): the app reads your local repositories, commits, branches, and credentials solely to perform Git operations on your device. This data never leaves your machine through Gitoryx.

Personal data is processed on the following legal bases (GDPR Art. 6):

• Performance of a contract — account management, licence delivery, subscription handling.
• Legitimate interest — fraud prevention and security.
• Legal obligation — retention of billing records as required by French tax law (10 years).

Account data is retained as long as your account is active. If you delete your account, personal data is erased within 30 days, except for billing records which are kept for 10 years as required by French law.

Gitoryx uses a limited set of trusted sub-processors, each bound by a Data Processing Agreement:

• Vercel — website hosting (EU/US servers, Standard Contractual Clauses apply).
• Lemon Squeezy — payment processing and Merchant of Record.
• Prisma / Accelerate — database infrastructure.

No data is sold or shared with advertising networks, data brokers, or any other third party.

The website (gitoryx.com) uses Vercel Analytics for anonymous, aggregate traffic statistics (page views, referrers). No cookies are set, no cross-site tracking is performed, and IP addresses are not stored.

As a data subject, you have the right to:

• Access — obtain a copy of the personal data held about you.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your account and associated data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact privacy@gitoryx.com. You also have the right to lodge a complaint with the French supervisory authority: CNIL.

This policy may be updated occasionally. Material changes will be noted in the Changelog. Continued use of Gitoryx after a change constitutes acceptance of the updated policy.