Privacy Policy

At Kestrel ("we," "our," or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you create an account or sign in, we collect:

• Email address — Used for account identification and communication
• Authentication credentials — Securely stored via Firebase Authentication

1.2 GitHub Integration

When you connect your GitHub account, we collect:

• GitHub OAuth tokens — Used to access your repositories on your behalf
• Repository metadata — Names, branches, and file structures you choose to access
• Code content — Files you edit or generate through the Service

1.3 Usage Information

We automatically collect:

• Device information — Device type, operating system version
• App usage data — Features used, session duration, interactions
• Error logs — Crash reports and diagnostic information

1.4 Payment Information

When you subscribe to Kestrel Pro, payment processing is handled by our third-party payment processor, Creem. We do not store your credit card numbers or banking information directly. We receive only:

• Subscription status — Whether you have an active subscription
• Transaction identifiers — For managing your subscription

2. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve the Service
• Process your code generation requests through our AI agent
• Sync your code with GitHub repositories
• Trigger and monitor cloud builds via GitHub Actions
• Process and manage your subscription
• Communicate with you about updates, security alerts, and support
• Analyze usage patterns to improve user experience
• Detect and prevent fraud or abuse

3. Third-Party Services

We integrate with the following third-party services:

3.1 Firebase (Google)

We use Firebase for authentication, analytics, and hosting. Firebase's privacy practices are governed by Google's Privacy Policy.

3.2 GitHub

We use GitHub for OAuth authentication and repository management. Your use of GitHub features is governed by GitHub's Privacy Statement.

3.3 Creem

We use Creem for payment processing and subscription management. Payment data is handled according to Creem's Privacy Policy.

4. Data Storage and Security

We implement industry-standard security measures to protect your information:

• Encryption in transit — All data is transmitted via HTTPS/TLS
• Encryption at rest — Sensitive data is encrypted when stored
• Secure authentication — OAuth 2.0 protocols for third-party integrations
• Access controls — Limited access to user data by authorized personnel only

Your code and project files are processed for AI code generation but are not stored permanently on our servers beyond what is necessary to provide the Service. GitHub OAuth tokens are stored securely and can be revoked by you at any time.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

6. Your Rights

You have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate personal data
• Deletion — Request deletion of your personal data
• Portability — Request a copy of your data in a portable format
• Revoke access — Disconnect your GitHub account or revoke OAuth permissions at any time

To exercise these rights, contact us at the email address below.

7. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.