Privacy Policy

Last updated: 8 May 2026 · Version 0.2

This Privacy Policy explains what personal data we process when you visit gitdeployhub.com (the “Service”), why we process it, how long we keep it, who we share it with, and the rights you have under applicable data-protection law (including the EU General Data Protection Regulation 2016/679 (“GDPR”) and the UK GDPR). It applies to visitors of the Service. We have designed the Service to be deliberately minimal in its handling of personal data.

1.Who We Are (Data Controller)

The data controller for the Service is BitVibe Labs Ltd (in formation), a private company limited by shares with registration pending at Companies House (United Kingdom). Until that registration completes, the natural person operating BitVibe Labs acts as the data controller and is personally responsible for the processing described in this Policy (including, where applicable to any pre-incorporation contractual processing, under section 51 of the Companies Act 2006). All data-protection enquiries should be sent to hello@bitvibelabs.com. This Policy and the controller details will be updated within 14 days of Companies House issuing the certificate of incorporation; dated revisions of this Policy are listed under section 11 below.

EU representative (Article 27 GDPR). We do not currently designate a representative in the European Union. We rely on the exemption in Article 27(2)(a) GDPR: our processing of EU data subjects’ personal data is occasional, is not on a large scale, does not include special-category or criminal-conviction data, and — given that we collect only short-term Cloudflare edge logs (IP address, URL, user-agent), public-repository identifiers, and ad-hoc e-mail correspondence — is unlikely to result in a risk to the rights and freedoms of natural persons within the meaning of Recital 75 GDPR. We will designate a representative within 30 days if (a) monthly unique EU-located visitors regularly exceed 25,000, or (b) we resume processing personal data on the basis of consent for direct marketing (for example, if we re-enable a launch-notification list with EU subscribers), whichever occurs first. EU data subjects may, in the meantime, lodge a complaint with the supervisory authority of their EU Member State of habitual residence (the EDPB member list at edpb.europa.eu/about-edpb/about-edpb/members_en indexes every national authority; see also section 7 below).

2.Quick Summary

No accounts. The Service has no sign-up, no login, no profile, and no user-supplied identifiers.
No cookies. The Service sets no cookies and does not use localStorage, sessionStorage, or any client-side tracker for identification or analytics.
No analytics. No Google Analytics, no Mixpanel, no Hotjar, no Plausible, no fingerprinting, no third-party tracking pixels.
No selling. We do not sell, rent, or trade personal data.
Server logs. Our infrastructure provider (Cloudflare) keeps short-term server logs that include IP addresses; we use these only for security, abuse prevention, and operational debugging.

3.What We Process

Data category	Details	Legal basis	Retention
Network metadata	IP address, user-agent, requested URL, referrer (if sent by the browser), timestamp. Logged at the Cloudflare edge as standard request metadata.	Legitimate interests (Art. 6(1)(f) GDPR) — security, abuse prevention, operating the Service.	Up to 30 days at Cloudflare; aggregated metrics may be retained longer but cannot be linked back to identifiable visitors.
Repository identifiers you submit	The `owner` and `repo` values from URLs you visit (e.g. `/vercel/next.js`) or from the paste-form. These are public-repository identifiers; they may be cached server-side as keys for our detection cache.	Legitimate interests — performance caching of detection results.	Up to 24 hours per repository entry, automatically expired by our cache.
E-mail correspondence	If you e-mail hello@bitvibelabs.com, we will receive your e-mail address and message contents.	Legitimate interests — responding to enquiries.	As long as needed for the conversation and any reasonable follow-up; typically 24 months unless required longer by law.
Product-update signup (the e-mail form on the home page; collects subscribers for GitDeployHub product news and exclusive-early-access notifications)	The e-mail address you submit, a server-generated double-opt-in confirmation token, and the timestamp / IP address / user-agent / origin of your consent action (kept to demonstrate consent under Art. 7(1) GDPR). Confirmed addresses are held under the key `notify:<email>`; unconfirmed pending records under `notify:pending:<token>`.	Consent (Art. 6(1)(a) UK GDPR / EU GDPR), with the marketing communication itself sent under Regulation 22(2) of the UK Privacy and Electronic Communications Regulations 2003 (PECR). Consent is captured by the act of submitting the form; the form fineprint immediately under the input declares that submission constitutes agreement to these Terms and Privacy.	For the duration of your subscription — until you click the one-step unsubscribe link in any e-mail we send you, or until you e-mail us to be removed. Unconfirmed pending records auto-expire after 48 hours. Consent-demonstrability metadata (timestamp / IP / user-agent / origin) is kept for the same period as the underlying e-mail address and is then deleted with it. We may run periodic re-permission checks for long-inactive subscribers in line with ICO direct-marketing guidance.

We do not process special-category data (Art. 9 GDPR) and have not designed the Service to elicit such data.

4.Cookies & Similar Technologies

The Service does not set cookies and does not use any client-side storage or tracking mechanism to identify, track, or remember individual visitors. Browser-level functionality such as DNS caching is outside our control. If we ever introduce strictly necessary cookies, we will update this Policy and, where required, display a consent banner.

5.Third-Party Services & Onward Transfers

The Service relies on the following third parties; visiting the Service or interacting with linked third-party flows may involve their processing of your data under their own privacy policies:

Cloudflare, Inc. — hosts the Service (Cloudflare Pages and Workers KV), terminates TLS, and provides edge logs. Cloudflare Privacy Policy.
GitHub, Inc. (a Microsoft subsidiary) — we call the public GitHub API to read public-repository metadata. The GitHub API call is made server-side, but if you click an outbound link to github.com your browser will contact GitHub directly. GitHub Privacy Statement.
Third-party deploy hosts (Vercel Inc., Netlify Inc., Fly.io Inc., Railway Corp., Render Services Inc., DigitalOcean LLC, and any others we link to) — if you click a deploy button, you leave the Service and interact with that host directly under their privacy policy. We do not transmit your data to them; your browser does, when you follow the link.
Migadu (transactional and inbox e-mail provider) — if you e-mail us, the message is delivered to our Migadu inbox. Migadu Privacy Policy.

Some of these processors are located outside the European Economic Area or the United Kingdom. Cloudflare (current Data Processing Addendum: version 6.3, 20 June 2025) relies on the European Commission Standard Contractual Clauses (Decision 2021/914) for transfers from the EEA, Switzerland and the United Kingdom internationally, and is certified under the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework, and the UK Extension to the EU-US Data Privacy Framework for transfers to the United States; for UK personal data Cloudflare additionally uses the UK International Data Transfer Addendum (version B1.0) issued by the ICO under section 119A of the UK Data Protection Act 2018. GitHub’s onward transfers are governed by GitHub’s published privacy statement and its Data Privacy Framework certification. Migadu-Mail GmbH is established in Switzerland, which benefits from a European Commission adequacy decision, so no separate transfer instrument is required for EU/UK–Switzerland transfers.

6.How We Use the Data

To deliver the Service to you (resolve detection results, render pages, link to deploy flows).
To prevent and investigate abuse, denial-of-service, and other security incidents.
To maintain operational logs and aggregated metrics for capacity planning and reliability.
To respond to enquiries and support requests.
To comply with legal obligations and enforce our Terms of Service.

We do not engage in automated decision-making with legal or similarly significant effects, do not profile visitors, and do not perform behavioural advertising.

7.Your Rights

If the GDPR or the UK GDPR applies to you, you have the following rights, subject to certain exceptions:

Access — obtain confirmation of whether we process your personal data and a copy of it (Art. 15).
Rectification — have inaccurate data corrected (Art. 16).
Erasure — have your data deleted (Art. 17), where one of the listed grounds applies.
Restriction — have processing restricted in certain situations (Art. 18).
Data portability — receive structured, commonly used, machine-readable data and have it transmitted to another controller (Art. 20), where the legal basis is consent or contract.
Objection — object to processing based on our legitimate interests (Art. 21). We do not engage in direct marketing.
Withdraw consent — where processing is based on your consent, you may withdraw it at any time. The Service currently relies on legitimate interests for all processing.
Lodge a complaint — with your local data-protection supervisory authority (in the United Kingdom, the Information Commissioner’s Office at ico.org.uk; elsewhere in the EU/EEA, the authority of your habitual residence — the EDPB member list at edpb.europa.eu/about-edpb/about-edpb/members_en indexes every national authority).

To exercise any right, contact us at hello@bitvibelabs.com; we aim to respond within the one-month period set by Article 12(3) UK GDPR / EU GDPR. If you receive no acknowledgement within seven days, or if e-mail to that address is bouncing, you may write to us care of the BitVibe Labs Ltd registered office, which will be published on this page within 14 days of Companies House registration; in the meantime, the supervisory authority of your habitual residence (see “Lodge a complaint” above) will accept a complaint addressed to BitVibe Labs Ltd (in formation). Because we do not maintain user accounts, the data we hold about a given visitor is typically limited to short-term Cloudflare edge logs; identifying which records (if any) relate to you may require you to provide identifying information.

8.Security

The Service is served over HTTPS with modern TLS and does not collect credentials or payment data. Server-side data is held by Cloudflare, which maintains industry-standard security controls. No system can be guaranteed perfectly secure, and we make no warranty to that effect.

9.Children

The Service is not directed at children under 16, and we do not knowingly collect personal data from anyone under that age. If you believe we have inadvertently collected such data, please contact us and we will delete it.

10.Do-Not-Track & Global Privacy Control

Because we do not track visitors, no DNT or GPC signal is required to opt out; the default behaviour of the Service is already “do not track”.

11.Changes to This Policy

We may update this Policy from time to time. The “Last updated” date above reflects the most recent revision. Material changes will be communicated by updating this page and, where appropriate, by a notice on the Service. Continued use of the Service after a revision becomes effective constitutes acknowledgement of the revised Policy.

12.Contact

Questions, requests, or complaints about privacy may be sent to hello@bitvibelabs.com.

← Back to GitDeployHub