Privacy Policy

Your privacy is important to us.


Mergify knows that you care how information about you and your customers is used and shared. We appreciate your trust that we will do so carefully and sensibly.

We put in place measures to ensure that any personal information or data that we obtain from you is processed in accordance with the accepted principles of proper information handling.

This policy gives you information about how we treat personal information received from our website visitors and customers.

Information collection and use

We collect visitors information in the following ways:

  • Mergify collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Mergify collects this to better understand how visitors use its website.

  • Mergify uses cookies to store information on your computer --- see the Cookies section.

If you authorize Mergify to access your GitHub account, we'll use your account information to act on your behalf to conduct automation as configured for your repositories. We'll use your GitHub email address to contact you about significant changes regarding Mergify that concerns you. We respect your privacy and will not rent, sell, or share personal information about you with other people or non-affiliated companies without your express permission.

How does Mergify access my GitHub account?

When you sign up for Mergify, we collect an OAuth token from GitHub, which allows us to request data from the GitHub API on your behalf. This OAuth token is stored encrypted and securely in our database and is protected from unauthorized access.

How does Mergify access my source code?

Other than reading your Mergify configuration file to determine the actions to execute, the only time Mergify accesses your repository directly is when checking out the source code on one of our engine machines. This data is not stored for longer than required by the operations. Source code is only accessed via HTTPS.

Protection of Certain Personally-Identifying Information

Mergify discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information to process it on Mergify's behalf or to provide services available at Mergify's websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors, and affiliated organizations may be located outside of your home country; by using the Service, you consent to the transfer of such information to them.

Mergify discloses potentially personally-identifying and personally-identifying information only when required to do so by law, or when Mergify believes in good faith that disclosure is reasonably necessary to protect the property or rights of Mergify, third parties or the public at large.

Mergify takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.


Our web site uses cookies to collect system-related information, such as the type of internet browser and operating system you use, the website from which you have come to our website, the duration of individual page views, paths taken by visitors through the website, and other general information and your IP address which is automatically recognized by our web server. This information is collected for system administration and to report aggregate information to our subcontractors and partners to enable them to provide services to us. It is statistical data about our users' browsing actions and does not, of itself, contain any personally identifiable information.

Our web site also uses cookies when registered users access the private sections of our website. Cookies are used to facilitate the log in process. In this case, we may be able to identify that your login details have been used.

Data Storage

Mergify uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Service. You understand that although you retain full rights to your data, it may be stored on third party storage and transmitted through third-party networks.

Your Rights

You have the rights to:

  • Access and correct your personal information. If you want to review or correct your personal information, you can login to your account or send us an email at the address noted in the Contact Information section below.

  • Request deletion of any personal information we hold about you. If you do so, we will erase this information so long as this information is no longer necessary in relation to the purpose for which it was processed and there are no overriding legitimate grounds for the processing.

  • Request a copy of your personal information, where: we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for the processing, and when personal information is processed by automatic means.

To exercise these rights, you can send us an email at the address noted in the Contact section below, enclosing a copy of an identity document and the address our response should be sent to.

Privacy Policy Changes

Although most changes are likely to be minor, Mergify may change its Privacy Policy from time to time, and in Mergify's sole discretion. We encourage visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.


If you have questions about this Privacy Policy, please contact us at

Last Updated: November 25, 2020

By using this website you agree to our Privacy Policy and its use of cookies.