Privacy in plain English.
You build in public; we don’t profile you in private. Short version below.
What we collect
- Account: Your email, handle, and OAuth identity from X or GitHub if you choose to connect those.
- Content: The ships you publish, drafts you save server-side, and associated metadata (template, version, slug, timestamps).
- Usage: Anonymous request logs (route, status, response time) for 30 days for ops & abuse prevention. No third-party advertising trackers.
- AI input: When you hit ✨ Rewrite, the line you typed plus the card state is sent to our model provider (OpenAI). We do not retain it past the response.
What we never collect
- Browsing on other sites · we do not run third-party ad scripts.
- Card-on-file unless you upgrade to Pro (Stripe stores it, not us).
- Contents of your repos. GitHub mode reads only the public commits you point us at.
Why
- Account + content: To show your ships on /explore and your
/handlepage. - OAuth: To post your card to X with your permission, and to read your GitHub repos in changelog mode.
- API keys: SHA-256 hashed on issue. We cannot recover lost secrets — you re-issue.
Your controls
- Export your ships as JSON from Settings.
- Delete your account — all ships, drafts, OAuth tokens, and API keys are erased within 7 days. Public OG images on social cache may take longer to evict.
- Revoke any API key from Settings; takes effect immediately.
Sub-processors
- Hosting: Vercel (US) for app, Postgres for data.
- AI: OpenAI for draft generation.
- Email: Mailrith for newsletters and subscribe digests.
- Payments: Stripe for Pro and Team plans.
Contact
Privacy or deletion requests: shiplog@sarthakrawool.com. We reply within 5 business days.