Mergify knows that you care how information about you and your customers is used and shared. We appreciate your trust that we will do so carefully and sensibly.
We put in place measures to ensure that any personal information or data that we obtain from you is processed in accordance with the accepted principles of proper information handling.
This policy gives you information about how we treat personal information received from our website visitors and customers.
Information collection and use
We collect visitors information in the following ways:
Mergify collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Mergify collects this to better understand how visitors use its website.
If you authorize Mergify to access your GitHub account, we'll use your account information to act on your behalf to conduct automation as configured for your repositories. We'll use your GitHub email address to contact you about significant changes regarding Mergify that concerns you. We respect your privacy and will not rent, sell, or share personal information about you with other people or non-affiliated companies without your express permission.
How does Mergify access my GitHub account?
When you sign up for Mergify, we collect an OAuth token from GitHub, which allows us to request data from the GitHub API on your behalf. This OAuth token is stored encrypted and securely in our database and is protected from unauthorized access.
How does Mergify access my source code?
Other than reading your Mergify configuration file to determine the actions to execute, the only time Mergify accesses your repository directly is when checking out the source code on one of our engine machines. This data is not stored for longer than required by the operations. Source code is only accessed via HTTPS.
Protection of Certain Personally-Identifying Information
Mergify discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information to process it on Mergify's behalf or to provide services available at Mergify's websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors, and affiliated organizations may be located outside of your home country; by using the Service, you consent to the transfer of such information to them.
Mergify discloses potentially personally-identifying and personally-identifying information only when required to do so by law, or when Mergify believes in good faith that disclosure is reasonably necessary to protect the property or rights of Mergify, third parties or the public at large.
Mergify takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
Mergify uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Service. You understand that although you retain full rights to your data, it may be stored on third party storage and transmitted through third-party networks.
You have the rights to:
Access and correct your personal information. If you want to review or correct your personal information, you can login to your account or send us an email at the address noted in the Contact Information section below.
Request deletion of any personal information we hold about you. If you do so, we will erase this information so long as this information is no longer necessary in relation to the purpose for which it was processed and there are no overriding legitimate grounds for the processing.
Request a copy of your personal information, where: we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for the processing, and when personal information is processed by automatic means.
To exercise these rights, you can send us an email at the address noted in the Contact section below, enclosing a copy of an identity document and the address our response should be sent to.
Last Updated: November 25, 2020