Privacy Policy

Last updated: April 9, 2026

This Privacy Policy explains how CommitMind (β€œwe”, β€œour”, or β€œus”) collects, uses, and protects your information when you use our AI-powered commit generation platform. We are committed to transparency and protecting your data.

GDPR Compliant CCPA Ready πŸ” SOC2 Type II

Information We Collect

When you create an account or use CommitMind, we collect only the information necessary to provide our service:

  • Account Information: Your name and email address
  • Billing Information: Subscription status and payment identifiers (not full credit card details)
  • Usage Statistics: Credit usage (monthly and purchased), daily operation counts, generation metrics
  • Activity Data: Account activity timestamps (e.g., last login, last generation)
We do NOT collect or store: Your full repository content, source code, file contents, or any intellectual property. CommitMind only processes Git diffs temporarily and never permanently stores them.

AI Processing & Git Data

CommitMind processes your Git diff data to generate AI commit messages. This is a temporary, stateless process:

  • Your Git diff is transmitted securely to our servers or configured AI provider
  • Data is processed only for the duration of the generation request
  • All diffs are immediately discarded after generation completes
  • We maintain no logs or copies of your repository code
Important: CommitMind does NOT use your Git diffs, repository code, or generated commit messages to train our AI models or any third-party AI models. Your code stays your code.

AI generation may be performed using third-party AI providers such as OpenAI or Anthropic. These providers process requests according to their own privacy policies and data handling practices. CommitMind does not control how these providers process data beyond the request itself.

πŸ“‹ Third-party providers we may use: OpenAI (GPT-4, GPT-3.5), Anthropic (Claude). You can review their privacy policies at openai.com/privacy and anthropic.com/privacy.

Bring Your Own API Key (BYOK)

Pro users have the option to provide their own AI provider API key. This gives you more control:

  • Local Storage: Your API key is stored locally in the CommitMind extension on your device, not on our servers
  • Transmission Only: The key is transmitted only when generating AI responses
  • No Persistence: CommitMind servers do not store or persist your API key
  • Your Billing: You are responsible for usage charges incurred with your AI provider
Note: With BYOK, CommitMind acts as a proxy. Your API key is encrypted during transmission, but you should follow your provider's security best practices.

Credit Usage Tracking

CommitMind operates on a transparent credit-based system. We track usage strictly to enforce fair usage and maintain system stability:

Free Plan
10
monthly credits
Pro Plan
200
monthly credits
Daily Limit (Free)
20
operations/day
Daily Limit (Pro)
200
operations/day
  • Monthly system credits reset at each billing cycle
  • Purchased credits never expire
  • We only track aggregate usage, not the content of each generation

Cookies & Authentication

We use cookies and session tokens strictly for functional purposes:

  • User Authentication: Keeping you logged in securely
  • Session Management: Maintaining your session state
  • Security Protection: CSRF tokens and rate limiting
We do NOT use: Advertising cookies, tracking pixels, analytics cookies, or any third-party tracking systems. Your privacy is not for sale.

Subscription & Billing

Payment processing is handled by secure third-party payment providers (Stripe/Paddle). We follow industry best practices:

  • We never store full credit card information on our servers
  • All payment data is processed directly by PCI-DSS compliant providers
  • We only store necessary billing identifiers (subscription IDs, plan references, last 4 digits for reference)
  • Invoices are generated and stored securely for tax compliance

Data Retention

We believe in data minimization and right to deletion:

  • Your account data is retained while your account remains active
  • You may request account deletion at any time via support or your account settings
  • Upon deletion, personal data is permanently removed within 30 days
  • Exceptions: Financial records may be retained for legal/regulatory compliance (typically 7 years)

To request deletion: Email support@commitmind.com or use the "Delete Account" option in your settings.

Security Measures

We implement comprehensive technical and organizational measures to protect your data:

  • Encryption: All communication over HTTPS (TLS 1.3)
  • Access Control: Strict internal access policies and authentication
  • Monitoring: 24/7 automated monitoring against abuse and suspicious activity
  • Rate Limiting: Protection against brute force and DoS attacks
  • Regular Audits: Security reviews and dependency scanning
Please note: Despite our best efforts, no system can guarantee 100% absolute security. We encourage you to use strong passwords and enable 2FA where available.

All communication between the CommitMind extension, our servers, and AI providers is performed over secure HTTPS connections with modern cipher suites.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal compliance.

  • Material changes will be notified via email or in-app notification
  • The "Last updated" date at the top will always reflect the latest revision
  • Continued use of CommitMind after changes constitutes acceptance of the revised policy

Contact & Your Rights

Depending on your jurisdiction (e.g., GDPR in Europe, CCPA in California), you may have specific rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Deletion: Request deletion of your data
  • Right to Portability: Receive your data in a structured format
  • Right to Object: Object to certain processing activities

To exercise these rights or for any privacy-related questions, please contact us:

πŸ“§ Privacy Inquiries

support@commitmind.com

We typically respond within 48 hours on business days.

CommitMind Inc.
Data Protection Officer
support@commitmind.com

Back to top