Engineer Journal
Try the demo
Back to home
Legal

Privacy Policy

Last updated June 2026 · Contact support@engineerjournal.app

This Privacy Policy explains what Engineer Journal, a sole proprietorship ("Engineer Journal," "we," "us," or "our") collects, how we use and share it, and the choices you have. It applies to the Engineer Journal website and application. By using the Service, you agree to this policy.

Overview

In short:

  • You sign in with GitHub and choose which repositories the Service can read, through a read-only GitHub App.
  • We process your selected GitHub activity to generate summaries and journal entries, which we save to your account.
  • We do not store your raw source code or raw pull request diffs — diffs are processed only to generate a summary and then discarded.
  • AI summaries are generated by Anthropic; payments are handled by Stripe; hosting and the database run on Google Cloud.
  • You can revoke GitHub access in GitHub, delete your data in the app, and contact us with any privacy request.

Information we collect

Account information: your name, email address, GitHub username and numeric GitHub ID, and avatar, along with your settings and plan status.

GitHub connection information: the GitHub App installation, the account it is installed on, and the repositories you make available and choose to track. We authenticate your GitHub connection using short-lived, on-demand access tokens that are not stored in our database.

GitHub activity processed for summaries: for the work you ask us to summarize, we process pull request titles, descriptions, authorship, branch and commit metadata, labels, file names, change counts, and pull request diffs.

Content you create and we generate: generated single-PR, daily, weekly, sprint, and performance-review summaries and journal entries, plus your own notes, pasted AI-session summaries, edits, titles, and favorites. We also store structured metadata about each entry, such as repository name, PR number, file and line counts, and tags.

Billing information: when you subscribe, Stripe processes your payment. We store billing identifiers and status (Stripe customer and subscription IDs, plan, status, renewal date, and trial state). We do not collect or store your full payment card number.

Usage and log information: we keep limited technical and operational records — such as request metadata, error and security logs, and rate-limit counters — to operate, secure, and debug the Service. We do not log raw diffs, source code, secrets, or access tokens.

GitHub access and permissions

When you sign in, the Service requests read-only access to your basic GitHub profile and email (the GitHub "read:user" and "user:email" scopes) to identify your account.

Repository access is handled separately by a dedicated GitHub App that you install on the repositories you choose. The App requests read-only permissions — repository metadata, contents, pull requests, and issues — and never requests write access. The Service reads pull request activity and diffs; it does not push to, write to, or modify your repositories.

How we use information

We use the information we collect to operate and provide the Service, including to:

  • Authenticate you and connect to GitHub.
  • Fetch your selected repository activity and generate, save, and display summaries and journal entries.
  • Manage previews, subscriptions, usage budgets, and billing status.
  • Provide support, monitor usage limits, prevent abuse, debug, and maintain security.
  • Comply with legal obligations and enforce our Terms.

We do not sell your personal information, and we do not use your repository activity or generated content to show you advertising.

AI processing

We use Anthropic (the Claude API) as our AI provider to generate summaries. To create a summary, we send the relevant pull request content — which may include the title, description, and diff for a single PR, or the structured entries and notes already saved to your account for multi-PR summaries — to Anthropic, which returns generated text that we display and save to your account.

We send only the data needed for the requested summary, and we do not use your repository activity or content to train our own AI models. Anthropic processes this data as our service provider under its commercial API terms; we do not permit it to use your content to train its models under that arrangement.

Raw code and pull request diffs

We do not store your raw source code or raw pull request diffs. A diff is fetched at the moment you generate a summary, used to produce that summary, and then discarded — it is never written to our database. Our ingestion endpoints actively reject payloads that contain raw diff or patch data.

What we keep is the generated summary and structured metadata about the work (such as titles, file and line counts, languages, and the notes and text you and the AI produce). Backups of this stored data may persist for a limited period in the ordinary course of operating the Service.

How we share information

We do not sell your personal information. We share information only with service providers that help us run the Service, and only as needed for that purpose:

  • GitHub — authentication and read-only repository access.
  • Anthropic — AI generation of summaries from the content described above.
  • Stripe — payment processing and subscription management.
  • Google Cloud — hosting, database, networking, logging, and secrets management.

We may also disclose information to professional advisors, or to authorities when required by law or to protect rights, safety, and security. If we are involved in a merger, acquisition, or similar transaction, information may transfer as part of it, subject to this policy.

Cookies and sessions

We use strictly necessary cookies for authentication, session management, and security, and a local browser setting to remember your light or dark theme preference. We do not use third-party advertising or cross-site tracking cookies, and the Service does not currently use third-party analytics or marketing trackers.

Data retention

We keep information for as long as needed to provide the Service and for legitimate business and legal purposes:

  • Account information and your saved summaries, entries, notes, and settings: kept while your account is active, until you delete them or delete your account.
  • Selected-repository references: kept while your account is active or until you change them.
  • Billing records and the limited records we keep for tax, accounting, and fraud-prevention purposes: kept as required by law.
  • Operational, security, and error logs: kept for a limited period appropriate to security and operations.
  • Backups: may retain deleted information for a limited period before being overwritten.

Account deletion and GitHub revocation

You can delete your account from Settings. Deletion permanently removes your journal entries, summaries, notes, repository selections, settings, and subscription record from our active systems; we retain only an opaque, non-reversible marker and, where applicable, your Stripe customer ID for billing and fraud-prevention reconciliation. You can also request deletion by contacting support@engineerjournal.app.

If your account used a free trial or preview, we may also retain a limited opaque identifier — a hashed (non-reversible) version of your GitHub account ID — after deletion, solely to prevent repeated free-trial or promotion abuse. This marker contains no usable identity: not your username, email, name, repositories, or any access token.

Deleting your account does not automatically revoke the GitHub App — to fully cut off access, also remove the App from your GitHub settings. Revoking GitHub access does not cancel a paid subscription; cancel that separately in the billing portal if you no longer want to be billed.

Your privacy rights

Depending on where you live, you may have the right to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to not be discriminated against for exercising these rights.

California residents have rights under the CCPA/CPRA, including the rights to know, delete, and correct personal information and to opt out of its "sale" or "sharing." We do not sell or share personal information as those terms are defined under California law. Residents of the EEA, UK, and other regions with similar laws (such as the GDPR) may exercise the equivalent rights described above. To make a request, contact support@engineerjournal.app; we may need to verify your identity first.

Security

We use reasonable technical and organizational safeguards designed to protect information, including encrypted transport, access controls, secrets management, and short-lived GitHub tokens that are not stored in our database. No service can guarantee perfect security. You can help by keeping your GitHub account secure, limiting repository access to what you need, and not connecting repositories that should not be processed by third-party services.

Children’s privacy

The Service is intended for adults. You must be at least 18, or the age of majority where you live, to use it. We do not knowingly collect personal information from children, and if you believe a child has provided us information, contact us so we can remove it.

International users

We operate the Service in the United States, and we and our providers may process and store information in the United States and other countries. If you use the Service from outside the United States, your information may be transferred to and processed in countries whose data-protection laws differ from those where you live.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by updating the date on this page, posting a notice in the app, sending email, or another reasonable method.

Contact

Questions or privacy requests can be sent to support@engineerjournal.app.

Last updated June 2026. Questions? Contact support@engineerjournal.app.