Privacy Policy

Last updated: 8 May 2026 · Version 0.2

This Privacy Policy explains what personal data we process when you visit gitdeployhub.com (the “Service”), why we process it, how long we keep it, who we share it with, and the rights you have under applicable data-protection law (including the EU General Data Protection Regulation 2016/679 (“GDPR”) and the UK GDPR). It applies to visitors of the Service. We have designed the Service to be deliberately minimal in its handling of personal data.

1.Who We Are (Data Controller)

The data controller is BitVibe Labs, reachable at hello@bitvibelabs.com. The legal entity behind BitVibe Labs is in the process of being established as a UK limited company; this Policy and the controller details will be updated when registration completes. We process personal data only on a small and occasional basis, and do not currently maintain an Article 27 GDPR representative; we will reassess if processing volume increases materially.

2.Quick Summary

No accounts. The Service has no sign-up, no login, no profile, and no user-supplied identifiers.
No cookies. The Service sets no cookies and does not use localStorage, sessionStorage, or any client-side tracker for identification or analytics.
No analytics. No Google Analytics, no Mixpanel, no Hotjar, no Plausible, no fingerprinting, no third-party tracking pixels.
No selling. We do not sell, rent, or trade personal data.
Server logs. Our infrastructure provider (Cloudflare) keeps short-term server logs that include IP addresses; we use these only for security, abuse prevention, and operational debugging.

3.What We Process

Data category	Details	Legal basis	Retention
Network metadata	IP address, user-agent, requested URL, referrer (if sent by the browser), timestamp. Logged at the Cloudflare edge as standard request metadata.	Legitimate interests (Art. 6(1)(f) GDPR) — security, abuse prevention, operating the Service.	Up to 30 days at Cloudflare; aggregated metrics may be retained longer but cannot be linked back to identifiable visitors.
Repository identifiers you submit	The `owner` and `repo` values from URLs you visit (e.g. `/vercel/next.js`) or from the paste-form. These are public-repository identifiers; they may be cached server-side as keys for our detection cache.	Legitimate interests — performance caching of detection results.	Up to 24 hours per repository entry, automatically expired by our cache.
E-mail correspondence	If you e-mail hello@bitvibelabs.com, we will receive your e-mail address and message contents.	Legitimate interests — responding to enquiries.	As long as needed for the conversation and any reasonable follow-up; typically 24 months unless required longer by law.

We do not process special-category data (Art. 9 GDPR) and have not designed the Service to elicit such data.

4.Cookies & Similar Technologies

The Service does not set cookies and does not use any client-side storage or tracking mechanism to identify, track, or remember individual visitors. Browser-level functionality such as DNS caching is outside our control. If we ever introduce strictly necessary cookies, we will update this Policy and, where required, display a consent banner.

5.Third-Party Services & Onward Transfers

The Service relies on the following third parties; visiting the Service or interacting with linked third-party flows may involve their processing of your data under their own privacy policies:

Cloudflare, Inc. — hosts the Service (Cloudflare Pages and Workers KV), terminates TLS, and provides edge logs. Cloudflare Privacy Policy.
GitHub, Inc. (a Microsoft subsidiary) — we call the public GitHub API to read public-repository metadata. The GitHub API call is made server-side, but if you click an outbound link to github.com your browser will contact GitHub directly. GitHub Privacy Statement.
Third-party deploy hosts (Vercel Inc., Netlify Inc., Fly.io Inc., Railway Corp., Render Services Inc., DigitalOcean LLC, and any others we link to) — if you click a deploy button, you leave the Service and interact with that host directly under their privacy policy. We do not transmit your data to them; your browser does, when you follow the link.
Migadu (transactional and inbox e-mail provider) — if you e-mail us, the message is delivered to our Migadu inbox. Migadu Privacy Policy.

Some of these processors are located outside the European Economic Area or the United Kingdom. Where a transfer mechanism is required, we rely on the relevant adequacy decision, the EU Standard Contractual Clauses, or the UK International Data Transfer Addendum, as applicable.

6.How We Use the Data

To deliver the Service to you (resolve detection results, render pages, link to deploy flows).
To prevent and investigate abuse, denial-of-service, and other security incidents.
To maintain operational logs and aggregated metrics for capacity planning and reliability.
To respond to enquiries and support requests.
To comply with legal obligations and enforce our Terms of Service.

We do not engage in automated decision-making with legal or similarly significant effects, do not profile visitors, and do not perform behavioural advertising.

7.Your Rights

If the GDPR or the UK GDPR applies to you, you have the following rights, subject to certain exceptions:

Access — obtain confirmation of whether we process your personal data and a copy of it (Art. 15).
Rectification — have inaccurate data corrected (Art. 16).
Erasure — have your data deleted (Art. 17), where one of the listed grounds applies.
Restriction — have processing restricted in certain situations (Art. 18).
Data portability — receive structured, commonly used, machine-readable data and have it transmitted to another controller (Art. 20), where the legal basis is consent or contract.
Objection — object to processing based on our legitimate interests (Art. 21). We do not engage in direct marketing.
Withdraw consent — where processing is based on your consent, you may withdraw it at any time. The Service currently relies on legitimate interests for all processing.
Lodge a complaint — with your local data-protection supervisory authority (in the United Kingdom, the Information Commissioner’s Office at ico.org.uk; in Greece, the Hellenic Data Protection Authority at www.dpa.gr; otherwise the authority of your habitual residence).

To exercise any right, contact us at hello@bitvibelabs.com. Because we do not maintain user accounts, the data we hold about a given visitor is typically limited to short-term Cloudflare edge logs; identifying which records (if any) relate to you may require you to provide identifying information.

8.Security

The Service is served over HTTPS with modern TLS, has DNSSEC enabled, and does not collect credentials or payment data. Server-side data is held by Cloudflare, which maintains industry-standard security controls. No system can be guaranteed perfectly secure, and we make no warranty to that effect.

9.Children

The Service is not directed at children under 16, and we do not knowingly collect personal data from anyone under that age. If you believe we have inadvertently collected such data, please contact us and we will delete it.

10.Do-Not-Track & Global Privacy Control

Because we do not track visitors, no DNT or GPC signal is required to opt out; the default behaviour of the Service is already “do not track”.

11.Changes to This Policy

We may update this Policy from time to time. The “Last updated” date above reflects the most recent revision. Material changes will be communicated by updating this page and, where appropriate, by a notice on the Service. Continued use of the Service after a revision becomes effective constitutes acknowledgement of the revised Policy.

12.Contact

Questions, requests, or complaints about privacy may be sent to hello@bitvibelabs.com.

← Back to GitDeployHub