Overview
Stacklane is operated by Lucent Enterprises Ltd., a corporation incorporated in British Columbia, Canada ("we," "our," "us," or "Company"). We provide a GitHub App that automatically adds stack visualization comments to your pull requests. This Privacy Policy explains how we collect, use, and protect your information when you use our service.
The short version: We only collect the minimum data needed to make Stacklane work. We do not sell, rent, or otherwise monetize personal information, we don't use it for advertising, and we protect it carefully.
What Information We Collect
GitHub App Data
When you install the Stacklane GitHub App, we automatically collect repository information such as repository names, owner usernames, and basic metadata. We also collect pull request data including PR numbers, branch names, titles, base and head references, and merge status. Additionally, we store installation details like your GitHub installation ID and account type (user/organization), along with webhook data such as event types and delivery IDs for processing GitHub events.
Optional Account Data
If you choose to create an account on our website, we collect your email address for account verification and communication, your name as provided during registration, and authentication tokens for secure access to your account.
Technical Data
We automatically collect log data including IP addresses, timestamps, request URLs, and response codes for debugging and security monitoring. We collect usage analytics such as installation counts, feature usage frequency, and performance metrics (but not individual user behavior tracking). We also collect error reports containing technical information like stack traces and system configurations when errors occur, which may temporarily include IP addresses for debugging purposes.
How We Use Your Information
We use the collected information solely to provide the service by detecting stacked PRs and posting helpful comments, maintain functionality by keeping track of PR relationships and updating comments, improve the service by debugging issues and enhancing performance, communicate with you by sending important service updates (if you have an account), and ensure security by verifying webhook authenticity and preventing abuse.
We do not sell, rent, or otherwise monetize personal information to third parties. We do not use your data for advertising or marketing to third parties. We do not access your code or repository contents beyond what's necessary for PR metadata. We do not store your GitHub access tokens permanently.
Legal Basis for Processing
We process your personal information based on legitimate interest in providing our GitHub App service and maintaining its functionality. For users who create accounts, we process data based on contract performance to provide the requested services. Where required by law, we obtain your consent for specific processing activities.
GitHub App Permissions
The Stacklane GitHub App requests the following permissions:
Repository Permissions
The Stacklane GitHub App requests Contents: Read permission to access branch information and detect PR relationships, Issues: Write permission to post and update comments on pull requests, Metadata: Read permission to access basic repository information, and Pull requests: Write permission to read PR data and post stack visualization comments.
Events We Subscribe To
We subscribe to Installation and Installation repositories events to track where the app is installed, Pull request events to detect new PRs and changes to existing ones, and Push events to update comments when branches are updated. Webhook verification ensures all GitHub communications are authentic and secure.
We only access repositories where you explicitly install the app through GitHub's authorization process. We cannot access private repositories unless you specifically grant permission during installation. We do not access repository contents, source code, or files - only metadata necessary for PR stack visualization.
Data Storage and Security
Where We Store Data
Your data is stored securely in PostgreSQL databases with encryption at rest, secure cloud infrastructure with industry-standard protections, and geographically distributed backups for reliability.
How We Protect Data
We protect your data through encryption where all data is encrypted in transit and at rest, access controls with strict limits on who can access data, regular security audits including ongoing monitoring and vulnerability assessments, and webhook verification where all GitHub webhooks are cryptographically verified.
Data Retention
For active installations, data is retained while the app is installed and for up to 90 days thereafter for service continuity and troubleshooting. For removed installations, we delete associated data within 30 days of app removal, except where retention is required for legal compliance, dispute resolution, fraud prevention, or enforcement of our terms. Log data from our servers is retained for 90 days for debugging, security monitoring, and compliance purposes. Account data is retained until you delete your account, become inactive for 3 years, or as required by applicable law. Some data may persist in encrypted backups for up to 90 days after deletion for disaster recovery purposes, after which it is permanently destroyed.
Your Rights and Choices
Control Your Data
Under applicable privacy laws, you have the right to access your personal data by requesting a copy from us, rectify any inaccurate or incomplete information, request erasure of your data (subject to legal retention requirements), restrict processing in certain circumstances, object to processing based on legitimate interests, and request data portability in a structured, machine-readable format. You also have the right to withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
Uninstall the App
You can remove Stacklane from your repositories at any time:
- Go to your GitHub Settings → Applications → Installed GitHub Apps
- Find "Stacklane PR Stack Visualizer" and click Configure
- Click "Uninstall" to remove the app completely
When you uninstall the app, we will delete all associated data within 30 days, except where retention is legally required.
Account Deletion
If you created an account on our website, you can request account deletion by emailing us at [email protected]. We will process deletion requests within 30 days unless we are legally required to retain certain information.
Supervisory Authority Rights
If you are located in the EU/UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your privacy concerns.
Third-Party Services
Stacklane integrates with GitHub, Inc. where we use GitHub's API to access repository and PR data under GitHub's Terms of Service and Privacy Policy. We use cloud infrastructure providers (such as Amazon Web Services, Google Cloud Platform, or similar providers) for secure hosting and data storage services. We may use error monitoring and analytics services to improve service reliability and performance.
We act as a data controller for data we collect directly and as a data processor for certain GitHub data. We do not share your personal data with third parties beyond what's necessary for service functionality and only with providers who maintain adequate data protection standards.
International Data Transfers
Lucent Enterprises Ltd. is operated from Canada. However, your data may be transferred to, stored, and processed in the United States where our cloud infrastructure and database services are located. For users in the European Economic Area (EEA) or United Kingdom, we ensure adequate protection through Standard Contractual Clauses or other approved transfer mechanisms as required by applicable data protection laws.
By using our service, you acknowledge and consent to the international transfer and processing of your information as described in this policy. If you are located in a jurisdiction with data localization requirements, please contact us before using the service.
Automated Decision-Making
Stacklane does not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Our service uses automated algorithms solely to detect PR stack relationships and generate informational comments - these do not make decisions about you as an individual.
Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of becoming aware of the breach, where feasible. We will also notify relevant supervisory authorities as required by applicable law. Our notification will include information about the nature of the breach, the data involved, steps we have taken to address the breach, and recommendations for protecting your information.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or other factors. When we make material changes, we will post the updated policy on this page, update the "Last updated" date at the top, and provide at least 30 days advance notice via email (if you have an account) or through prominent notice in the GitHub App.
Your continued use of Stacklane after the effective date of any changes constitutes acceptance of the updated policy. If you do not agree to the changes, you should discontinue use of the service and may request deletion of your data.
Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us:
Lucent Enterprises Ltd.
Email: [email protected]
Subject line: "Privacy Policy Question"
For data protection inquiries from EU/UK residents, please use the subject line "GDPR/Data Protection Request".
We will respond to privacy-related inquiries within 7 business days, or within 30 days for formal data subject requests as required by law.