Privacy Policy

Effective date: February 11, 2026

1. Introduction

XTCraft is operated by LGL Tecnologia. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at xtcraft.ai and app.xtcraft.ai.

By using XTCraft, you agree to the collection and use of information as described in this policy.

2. Information We Collect

We collect the following types of information:

  • Account information — your name, email address, and password (hashed)
  • GitHub OAuth token — encrypted and used solely to access your authorized repositories, commits, and pull requests
  • Usage data — projects created, releases generated, feature usage, and interactions with the platform
  • Billing information — payment details processed securely through Stripe (we do not store your card number)
  • Uploaded files — project logos and branding assets you choose to upload

3. How We Use Your Data

We use your information to:

  • Deliver the service — access your GitHub repositories to fetch commits and pull requests for release note generation
  • Generate content with AI — send commit data to AI providers to generate changelogs and email announcements
  • Process billing — manage subscriptions and payments through Stripe
  • Improve the product — analyze usage patterns to enhance features and user experience
  • Communicate with you — send transactional emails (account verification, password resets) and important service updates

4. Third-Party Services

XTCraft integrates with the following third-party services:

  • GitHub API — to access your repositories, commits, and pull requests based on your authorization
  • Stripe / Autumn — for secure payment processing and subscription management
  • Cloudflare — for hosting, CDN, and application delivery (Workers, R2 storage)
  • AI providers — for generating release note content from your commit data (commit messages and PR titles are sent for processing)
  • Supabase — for database hosting (Postgres)

5. Data Storage & Security

We take the security of your data seriously:

  • GitHub OAuth tokens are encrypted with AES-256 at rest
  • The application is hosted on Cloudflare Workers with edge-level security
  • Database is hosted on Supabase Postgres with encryption at rest
  • File storage (logos, assets) uses Cloudflare R2 with access controls
  • All data transmission uses HTTPS/TLS encryption
  • Passwords are securely hashed and never stored in plain text

6. Cookies

XTCraft uses session cookies managed by Better Auth for authentication purposes. These cookies are:

  • HTTP-only — not accessible via JavaScript
  • Secure — transmitted only over HTTPS
  • Same-site — restricted to prevent cross-site request forgery

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

7. Your Rights

You have the right to:

  • Access your data — request a copy of all personal data we hold about you
  • Export your data — download your projects, releases, and account information
  • Delete your data — request deletion of your account and all associated data
  • Revoke GitHub access — disconnect your GitHub account at any time through your GitHub settings
  • Update your information — modify your account details through the application settings

To exercise these rights, contact us at the email address below or use the account settings within the application.

8. Data Retention

We retain your data as follows:

  • Active accounts — your data is retained for as long as your account is active
  • Deleted accounts — upon account deletion, all personal data, projects, and releases are permanently removed within 30 days
  • Billing records — transaction records may be retained as required by law

9. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email at the address associated with your account. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or your data, contact us at:

Email: privacy@xtcraft.ai