Privacy

Repo Bridge moves files from one GitHub repository to another as a pull request. We never store the contents of your source code in our database. File bytes flow GitHub → our edge worker (in memory) → GitHub. What we persist is metadata about the sync itself: which repos, which commit, which paths, which PR.

• Account data. Your email address and Supabase auth user record, plus an optional display name and avatar URL.
• Workspace data. Workspace names, members, roles, and invite records.
• GitHub App installation references. The numeric installation ID, account login, and account type — not your access token. Tokens are minted on demand from our GitHub App private key and held only in memory for the duration of a sync.
• Sync configuration. Source/destination repo names, branch names, path mappings, include/exclude rules, and PR title templates.
• Sync job records. Status, timestamps, source commit SHA, destination branch name, and counts (created/updated/deleted).
• File-level metadata per job. Source path, destination path, action (create/update/delete/skip), and Git blob SHAs. Not the file contents.
• Pull request references. PR number, URL, and state.
• AI-generated PR summaries. The text of the summary we post to the destination PR (also written into the PR body on GitHub).
• Webhook delivery logs. GitHub delivery ID, event type, repo name, and a small JSON summary of the payload — used to debug missed syncs and detect merges.
• Audit logs. Workspace-scoped record of admin actions.

• Your source code. File bytes are streamed GitHub-to-GitHub through our edge worker and discarded as soon as the destination tree is built. They never touch our database or any persistent disk.
• Your GitHub password or personal access tokens. We authenticate via the GitHub App you install — there is nothing for us to store on your behalf.
• GitHub installation tokens. Minted per request, held in memory, expire in under an hour.
• Payment information. Not collected by this application.

• Supabase — database, authentication, and edge function runtime. Hosts everything listed in “What we store”.
• GitHub — source of truth for your repositories. We access them through the GitHub App you install, with the permissions GitHub displays at install time.
• Anthropic (Claude) — generates the AI summary that ends up in each sync PR body. When AI summaries are enabled on a sync profile, we send Claude the diff (file paths and patches) for the commit being synced. We do not send credentials, secrets, or unrelated repo content. You can disable this per profile by turning off “AI comment”; the PR will fall back to a template-only body.
• Cloudflare — hosts the web app and serves the preview/published URLs.

Every domain row is scoped by workspace_id and protected by Postgres Row-Level Security. A user in one workspace cannot query rows belonging to another workspace — the database itself rejects the query. See the Security page for the operational trust model and what the operator (us) can technically access.

Sync jobs, PR records, and AI summaries are retained for the lifetime of your workspace. Deleting a sync profile removes its mappings, rules, and configuration. Deleting a workspace removes all workspace-scoped rows. Email privacy@gitsync.mikai.ai to request account deletion or a copy of your data.

Questions about this policy? privacy@gitsync.mikai.ai.