Privacy Policy

How ApprovalOps handles GitHub and Marketplace data.

ApprovalOps processes GitHub App, Marketplace, pull request, and support metadata to provide source-linked approval evidence for human reviewers. ApprovalOps does not approve, merge, or replace human code review.

Contact privacy supportTerms of Service
Last updatedMay 12, 2026

Privacy and security requests are handled through support@approvalops.dev. Do not include tokens, private keys, or secrets in support messages.

ProductGitHub App
EvidenceSource-linked
SupportEmail
Information We Process

Data categories are tied to GitHub App operation

  • GitHub account and installation informationGitHub user, organization, repository, installation, and permission metadata needed to authenticate users, bind Marketplace setup, and scope repository access.
  • Pull request and repository signalsPull request metadata, changed-file summaries, review/check state, comments, ownership and policy signals, and source links needed to build approval evidence.
  • Marketplace and support metadataGitHub Marketplace account, plan, entitlement, setup, cancellation, billing-cycle, and support-routing metadata needed to operate the service.
  • Operational diagnosticsDelivery status, webhook digest metadata, projection state, queue state, and logs used to investigate reliability, access, billing, and security issues.
How We Use Information

Service use is limited to approval evidence operations

  • Provide approval evidenceApprovalOps organizes pull request signals into source-linked evidence so human reviewers can understand blockers, freshness, and changed-subset confidence.
  • Publish GitHub App outputsWhen enabled for a repository, ApprovalOps may publish GitHub check runs, annotations, sticky evidence comments, and short bump notifications.
  • Operate Marketplace accessApprovalOps uses Marketplace and installation metadata to connect accounts, enforce entitlement state, process cancellations, and support future paid plans.
  • Secure and support the serviceApprovalOps uses diagnostic metadata to detect failed deliveries, repair setup issues, investigate suspicious activity, and answer support requests.
Security And Retention

Controls are designed around scoped access and bounded evidence

  • Scoped accessRepository access is limited by the GitHub App installation scope and checked against GitHub collaborator permissions for product access.
  • No secret handling by supportCustomers should not send tokens, private keys, or secrets to ApprovalOps support. Support requests should include account, installation, or repository context only.
  • Bounded publicationApprovalOps generated GitHub comments and checks use bounded evidence summaries and source links. Raw review bodies and private source content are not copied into generated comments.
  • Bounded retentionOperational records are retained only as needed for service operation, support replay, security investigation, and applicable retention workflows.
Choices And RequestsRepository owners can revoke the GitHub App installation from GitHub.

To request account, privacy, security, or deletion support, contact support@approvalops.dev. Cancellation or revocation stops new gated publication and access; retained operational data is handled according to the applicable retention workflow.