Privacy Policy
Last updated: March 12, 2026
1. What We Collect
ScrumChum is a GitHub App. When you install it, we receive data from GitHub through webhooks. This includes:
- Issue titles, descriptions, labels, and comments on repositories where ScrumChum is installed
- Pull request titles and metadata
- Milestone data (titles, due dates, associated issues)
- GitHub account identifiers (user/org login, installation ID)
- Repository names and metadata
We do not collect or access your source code, private messages, email addresses, or payment information (billing is handled entirely by GitHub Marketplace).
2. How We Use Your Data
Data received from GitHub is used solely to provide ScrumChum's features:
- Issue and PR data is sent to Anthropic's Claude API for AI analysis (triage, summarization, quality scoring, etc.)
- Installation and plan data is stored in Redis to manage your subscription tier and feature access
- Webhook delivery IDs are stored temporarily (24 hours) to prevent duplicate processing
We do not sell, rent, or share your data with third parties for marketing or advertising purposes.
3. AI Processing
ScrumChum uses Anthropic's Claude API to analyze issue and PR content. Anthropic's API does not use your data to train models. Data sent to the API is processed and discarded according to Anthropic's privacy policy.
4. Data Storage
We store minimal operational data:
- Installation records (account login, plan tier, install date) in Upstash Redis
- Usage counters (monthly API call counts) with automatic monthly expiration
- Deduplication keys (webhook delivery IDs) with 24-hour expiration
We do not store issue content, comments, or AI responses beyond the time needed to process a single request.
5. Data Retention and Deletion
When you uninstall ScrumChum, we delete your installation record and associated data from our systems. Temporary data (dedup keys, usage counters) expires automatically.
To request deletion of any remaining data, contact us at [email protected].
6. Security
All communication between GitHub, our servers, and third-party APIs occurs over encrypted HTTPS connections. Webhook payloads are verified using GitHub's signature mechanism to prevent tampering. Our infrastructure runs on Fly.io with encrypted connections to Upstash Redis.
7. Third-Party Services
- GitHub — webhook delivery and API access (privacy policy)
- Anthropic — AI processing via Claude API (privacy policy)
- Fly.io — application hosting (privacy policy)
- Upstash — Redis database (privacy policy)
8. Changes to This Policy
We may update this policy from time to time. Significant changes will be noted with an updated "Last updated" date at the top of this page.
9. Contact
Questions about this privacy policy? Email us at [email protected].