Privacy Policy

Last updated: June 2025

1. Introduction

ekwix ("we", "us", "our") is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This policy applies to both our cloud SaaS product and self-hosted installations of GitInsight.

2. Data Controller

For cloud users, ekwix acts as the data controller. For self-hosted installations, the installing organisation is the data controller; no data is transmitted to ekwix servers.

3. What Data We Collect

Account data: organisation name, email address, hashed password, billing status, IP addresses.

Git analytics data: PR metadata, commit metadata, pipeline results, issue tracker data. No source code content is stored.

4. Legal Basis

We process personal data on the basis of contractual necessity, legitimate interest, and — where required — consent.

5. How We Use Your Data

• Provision and operate the GitInsight service
• Billing and subscription management
• Transactional emails (invoices, alerts)
• Security monitoring and fraud prevention
• Legal compliance

6. Data Retention

Data is retained for the duration of your subscription plus 30 days after cancellation. Deletion is available upon request under Art. 17 GDPR.

7. Third-Party Processors

• Stripe — payment processing
• SendGrid — transactional email
• Hetzner / DigitalOcean — EU data centres

8. Data Transfers

All cloud data is processed within the EU (Frankfurt). No third-country transfers occur without Standard Contractual Clauses (SCCs).

9. Your Rights (GDPR)

You have the right to: Access · Rectification · Erasure · Portability (JSON export in-app) · Objection · Lodge a complaint with a supervisory authority. We respond within 30 days.

10. Security

TLS in transit · AES-256 at rest · bcrypt passwords · per-tenant data isolation · HttpOnly cookies · MFA available.

11. Changes

We will provide 14 days' email notice before material changes to this policy.

12. Contact

For data and privacy inquiries: privacy@ekwix.com