We put in place measures to ensure that any personal information or data that we obtain from you is processed in accordance with the accepted principles of good information handling.
This policy gives you information about how we treat personal information received from our website visitors and customers.
Information collection and use
How does Mergify.io access my GitHub account?
When you sign up for Mergify.io, we collect an OAuth token from GitHub, which allows us to request data from the GitHub API on your behalf. This OAuth token is stored securely in our database and is protected from unauthorized access.
How does Mergify.io access my source code?
Other than reading your .mergify.yml to determine the actions to execute, the only time Mergify.io accesses your repository directly is when checking out the source code on one of our engine machines. Source code is only accessed via HTTPS, using your token for authentication.
Protection of Certain Personally-Identifying Information
Mergify.io discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Mergify.io's behalf or to provide services available at Mergify.io's websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using the Service, you consent to the transfer of such information to them.
Mergify.io discloses potentially personally-identifying and personally-identifying information only when required to do so by law, or when Mergify.io believes in good faith that disclosure is reasonably necessary to protect the property or rights of Mergify.io, third parties or the public at large.
Mergify.io takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
Mergify.io uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Service. You understand that although you retain full rights to your data, it may be stored on third party storage and transmitted through third-party networks.
Last Updated: November 7, 2018