Privacy Policy

Last updated: April 23, 2026

Privacy Policy

Last Updated: April 23, 2026

At RepoGo ("RepoGo," "we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, transmit, and safeguard your information when you use our mobile, desktop, and web-based development Service (the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described here. If you do not agree, do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Email address
  • Name
  • Profile picture
  • GitHub username and OAuth access tokens (when connected)
  • Credentials, API keys, or access tokens you provide for third-party integrations (for example, AI providers and sandbox providers)

Content You Submit:

  • Code, repository files, diffs, project configurations, and related project metadata you choose to sync
  • Environment files (.env) and any environment variables you add to the Service
  • Prompts, chat messages, AI instructions, generated responses, and tool outputs
  • Chat attachments, uploaded images, video, documents, ZIP archives, and other files you upload through the Service
  • Comments, support requests, correspondence, and usage preferences

Payment Information:

  • Payment details (processed by Stripe, RevenueCat, or the applicable app-store billing system)
  • Billing address
  • Transaction history

1.2 Information Automatically Collected

Usage Data:

  • IP address and approximate location derived from it
  • Device information (type, model, OS, browser, language, time zone)
  • Access times, session duration, and dates
  • Features used, commands invoked, and actions taken
  • Referral URLs

Technical Data:

  • Cookies and similar technologies
  • Session tokens and authentication state
  • Error logs, crash reports, and diagnostics
  • Push-notification identifiers (such as APNs tokens and any equivalent push tokens supported by the Service)

1.3 Information From Third Parties

GitHub:

When you connect your GitHub account so you can download and sync repositories to your phone and other connected devices, we receive:

  • Repository metadata (names, branches, commits, file contents you choose to download)
  • Your GitHub profile information
  • Organization memberships, as scoped by the OAuth permissions you grant
  • Information necessary to read or write repositories you have authorized

Third-Party CLI Agents and AI Providers:

When you use AI-powered or CLI-agent features (including but not limited to Anthropic Claude / Claude Code, OpenAI / Codex CLI, Google Gemini / Gemini CLI, Cursor / Cursor Agent, GitHub Copilot, Vercel AI Gateway, and xAI Grok), metadata about your usage (such as counts, errors, and latency) may be returned to us. The AI providers and gateways themselves process your prompts and file contents directly under their own privacy policies and terms.

Sandbox and Infrastructure Providers:

When you launch sandboxes through integrated providers (including but not limited to Vercel, Amazon Web Services / EC2, Upstash, Daytona, and other infrastructure partners), metadata such as sandbox IDs, status, resource usage, and logs may be returned to RepoGo to facilitate the Service.

2. How We Use Your Information

2.1 To Provide the Service

  • Create, authenticate, and manage your account
  • Connect your GitHub account so repositories can be downloaded to your phone and other devices
  • Receive, store, cache, and transmit your code, files, diffs, hashes, commit metadata, and related project data as necessary to synchronize changes between your devices, your source control provider (such as GitHub), and sandbox environments
  • Store chat histories, prompts, responses, tool outputs, attachments, and offloaded message parts so you can reload conversations, continue work across devices, and use related Service features
  • Forward prompts and file contents to third-party AI agents at your direction
  • Provision and orchestrate sandbox environments through third-party providers
  • Transmit environment files (.env) you attach to RepoGo up to the applicable sandbox provider when a sandbox starts, so that sandbox processes can access the environment values you have supplied
  • Send service-related notifications (including push notifications)
  • Detect, investigate, and prevent abuse, fraud, and security incidents

2.2 To Improve the Service

  • Analyze usage patterns and performance
  • Diagnose bugs and technical issues
  • Develop new features and capabilities
  • Conduct internal analytics and research
  • Optimize reliability and cost

2.2.1 No Model Training Without Opt-In

RepoGo does not currently use your data, code, prompts, or chat history to train our own models without your explicit opt-in. We do not sell your data to model-training providers. When we control an optional setting that would allow a third-party provider to use your content for model training, we do not intentionally enable that setting on your behalf without your explicit opt-in.

However, third-party AI providers and gateways that you choose to use through the Service may handle prompts, files, and outputs under their own terms, retention settings, enterprise controls, and account configuration, especially when you bring your own API keys or provider accounts. Whether such a provider uses your content for model training is governed by your agreement with that provider, not solely by this Privacy Policy.

If this ever changes in the future, we will:

  • Provide you with clear, prominent advance notice
  • Require your explicit, affirmative opt-in before any of your data, code, prompts, or chat history is used for AI model training
  • Allow you to decline without losing access to the core Service
  • Update this Privacy Policy and notify you of the change

Silence, continued use of the Service, or pre-checked boxes will not be treated as consent for model training.

We may use aggregated, de-identified usage data (that cannot reasonably be linked back to you or your code) for product analytics and to improve the Service.

2.3 Communication

  • Send service updates, security alerts, and administrative messages
  • Respond to your inquiries and support requests
  • Send marketing communications (only with your consent where required by law; you may opt out at any time)

2.4 Security, Compliance, and Legal

  • Prevent fraud, abuse, unauthorized access, and other harmful activity
  • Enforce our Terms of Service and other policies
  • Comply with legal obligations, court orders, and lawful requests
  • Protect the rights, property, and safety of RepoGo, our Users, and others

3. How We Share Your Information

We do not sell your personal information or share it for cross-context behavioral advertising. We may share your information as described below.

3.1 Service Providers and Subprocessors

We work with third-party service providers that perform services on our behalf:

  • Authentication, Database, and Sync: Firebase and Google Cloud services, including Firebase Authentication, Firestore, and Cloud Storage
  • Cloud Hosting and Transport: Google Cloud (including Cloud Run), AWS (including S3), Cloudflare, and similar infrastructure providers used to host the Service and transport data between devices and sandboxes
  • Payment Processing and Platform Billing: Stripe, RevenueCat, Apple App Store, and other applicable billing platforms
  • Push Notifications and Live Activity Delivery: APNs and related Apple services used to deliver notifications and Live Activity updates
  • Email and Transactional Messaging: Resend and similar providers used for account and support emails
  • Operational Monitoring and Diagnostics: Logging, metrics, crash reporting, and related infrastructure used to keep the Service reliable

Where these companies act as our service providers or subprocessors, they process information pursuant to their contracts with us. In other cases, such as payment platforms or provider accounts you connect, they may also process information under their own terms with you.

3.2 GitHub

When you connect your GitHub account, we access the repositories and metadata you authorize via OAuth. We do not share your information with GitHub beyond what is required to perform the integration (for example, reading, writing, or cloning repositories you direct us to).

3.3 Third-Party AI Providers and CLI Agents

When you invoke AI features or CLI agents through the Service, we forward the prompts, commands, and relevant code context you have directed to be sent to the selected provider, which may include:

  • Anthropic (Claude, Claude Code)
  • OpenAI (GPT models, Codex CLI)
  • Google (Gemini, Gemini CLI)
  • Cursor (Cursor Agent / Cursor CLI)
  • GitHub (Copilot and related services)
  • Vercel (AI Gateway and related services)
  • xAI (Grok)
  • Other AI providers that may be integrated from time to time

Each such provider handles your data under its own privacy policy, security controls, and retention practices. You should review the privacy policy of any AI provider you choose to use through the Service.

3.4 Sandbox and Infrastructure Providers

When you launch sandboxes or provision infrastructure through the Service, we transmit relevant data to the provider you selected, including but not limited to:

  • Vercel (Vercel Sandbox and related services)
  • Amazon Web Services (including Amazon EC2)
  • Upstash
  • Daytona
  • Cloudflare, and other infrastructure partners

Data transmitted may include your repository files, environment variables and .env file contents, build artifacts, prompts, and commands required to operate the sandbox. Once transmitted, this data is subject to the provider's own privacy policy, security controls, retention practices, and terms of service. RepoGo does not control how these providers handle data after it has been transmitted to them.

3.5 Legal and Safety

We may disclose your information if we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, or legal process (including subpoenas and court orders)
  • Enforce our Terms of Service
  • Protect the rights, property, or safety of RepoGo, our Users, or others
  • Investigate and prevent fraud, abuse, or security incidents

3.6 Business Transfers

If RepoGo is involved in a merger, acquisition, reorganization, financing, or sale of assets, your information may be transferred as part of the transaction, subject to customary confidentiality safeguards. We will notify you before your information becomes subject to a materially different privacy policy.

4. Code, Repository Files, Chat History, Attachments, and Environment Data

Because the Service depends on synchronizing source code and configuration between devices and sandbox environments, the following practices apply:

4.1 Transport and Storage of Code

To provide synchronization and related functionality, RepoGo may receive and store copies of your code, repository files, diffs, hashes, commit metadata, and related configuration on our systems and object storage used by us. This may include database records, cached copies, and content-addressable blob storage used for sync, offline access, conflict resolution, recovery, and continuity of the Service.

Depending on the feature, some copies may persist until you delete the relevant project, disconnect the integration, or close your account, subject to backups and provider retention.

4.2 Environment Files (.env) and Secrets

When you add an environment file to RepoGo, the environment file and its contents are stored by RepoGo and transmitted to the applicable sandbox provider when your sandbox starts, so that the environment values are available to processes running inside the sandbox. You acknowledge that:

  • Environment files may contain sensitive credentials, API keys, and secrets
  • You are responsible for the contents of your environment files and for ensuring that you have the right to transmit them to third-party sandbox providers
  • After transmission to a sandbox provider, environment data is handled under that provider's security controls and retention practices
  • You should rotate credentials that you believe may have been exposed and remove environment files you no longer wish RepoGo to transmit

RepoGo uses commercially reasonable technical and organizational measures to protect environment data in transit and at rest on our systems, including encryption, access controls, and audit logging, but cannot guarantee absolute security.

4.3 Prompts and AI Inputs

When you use chat or AI-agent features, prompts, responses, tool outputs, attachments, and message parts may be stored in our databases and object storage so that you can reload conversations, continue work across devices, and allow the Service to rehydrate large or offloaded message payloads. In some cases, large message parts or attachments may be stored in object storage and referenced by key from our database.

When you invoke an AI agent, the prompts you submit and the file contents you direct to be included as context are transmitted to the selected AI provider. RepoGo may also process or retain this data for debugging, rate limiting, abuse prevention, and service reliability.

4.4 Local Device Storage and Offline Copies

RepoGo may store local copies of repositories, chats, attachments, caches, and configuration data on your devices to support offline use, previews, widgets, and background synchronization. Data stored locally is subject to your device security, backup providers, and operating system behavior.

5. Data Security

We implement a combination of technical and organizational measures to protect your information:

Technical Safeguards:

  • Encryption in transit (TLS)
  • Encryption at rest for sensitive stored data, including environment files and credentials
  • Token scoping and least-privilege access
  • Regular security reviews and vulnerability management

Operational Safeguards:

  • Access controls and authentication requirements
  • Incident-response, change-management, and service-reliability procedures
  • Vendor review and permission management appropriate to the services we use

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk. You are responsible for protecting your own account credentials and the credentials you submit for third-party integrations.

6. Data Retention

We retain your information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements:

  • Account Data: Until you delete your account
  • Code, Repositories, Diffs, and Sync Metadata: Until you delete them, disconnect the relevant integration, or close your account, subject to caches, backups, and provider retention
  • Chat Histories, Messages, Tool Outputs, and Message Parts: Until you delete the relevant chat or close your account, subject to backups and storage-provider retention
  • Environment Files and Integration Credentials: Until you delete them from RepoGo; however, values already transmitted to sandbox, gateway, or AI providers are subject to that provider's retention
  • Uploads and Attachments: Until you delete the relevant content or close your account, subject to backups and storage-provider retention
  • Usage Logs and Diagnostics: Typically up to 90 days
  • Payment Records: As required by tax and financial laws (typically up to 7 years)
  • Backups: May persist for a commercially reasonable period after deletion (generally up to 90 days)

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access your personal information and to request an export in a portable format.

7.2 Correction and Deletion

You may update your account information, delete your projects and code, remove environment files, and request deletion of your account.

7.3 Opt-Out

You may opt out of:

  • Marketing communications (via unsubscribe links)
  • Non-essential analytics where offered
  • AI-agent features (by not invoking them)
  • Sandbox provisioning (by not launching sandboxes)

7.4 Third-Party Integrations

You may revoke GitHub OAuth access through your GitHub account settings and remove third-party credentials from RepoGo at any time. Doing so may disable portions of the Service.

7.5 Do Not Track

We do not currently respond to Do Not Track ("DNT") signals, as there is no industry standard.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, maintain sessions, remember preferences, and analyze usage. You can control cookies through your browser settings. Disabling certain cookies may impair functionality.

9. Children's Privacy

The Service is not directed to, and not intended for use by, children under 13 years of age. You must be at least 13 years old to use the Service. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete it and terminate the account in accordance with the Children's Online Privacy Protection Act ("COPPA") and other applicable laws.

If you reside in the European Economic Area, the United Kingdom, or another jurisdiction with a higher age of digital consent, you must meet the minimum age of digital consent in your jurisdiction (typically 16) or obtain the consent of a parent or legal guardian.

If you are a parent or guardian and believe your child has provided information to us, please contact repogoapp@gmail.com so we can remove the information.

10. International Data Transfers

Your information may be transferred to, processed, and stored in countries other than the country in which you reside, including the United States. Where required by law (for example, transfers out of the EEA or UK), we use appropriate safeguards, such as Standard Contractual Clauses, to protect your information.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the CPRA:

  • Right to Know what personal information we collect, the sources, purposes, and categories of recipients
  • Right to Delete your personal information, subject to legal exceptions
  • Right to Correct inaccurate personal information
  • Right to Opt-Out of Sale/Sharing (we do not sell personal information or share it for cross-context behavioral advertising)
  • Right to Limit Use of Sensitive Personal Information
  • Right to Non-Discrimination for exercising your rights

To exercise these rights, contact repogoapp@gmail.com.

12. European Privacy Rights (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR and UK GDPR.

Legal Bases for Processing:

  • Performance of a contract (to provide the Service)
  • Legitimate interests (security, product improvement, fraud prevention)
  • Consent (for marketing and certain analytics, where required)
  • Legal obligations

Your Rights:

  • Access, rectification, and erasure ("right to be forgotten")
  • Restriction of processing and objection to processing
  • Data portability
  • Withdraw consent at any time (without affecting prior processing)
  • Lodge a complaint with a supervisory authority

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date and, for material changes, provide notice via email, in-app notification, or website banner. Continued use of the Service after changes take effect constitutes acceptance.

14. Third-Party Links and Services

The Service may contain links to, or integrate with, third-party websites and services. We are not responsible for the privacy practices of those third parties. Please review their privacy policies before providing them with your information.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Email: repogoapp@gmail.com
Website: https://repogo.app

16. Data Protection Contact

For EU/EEA, UK, and Swiss Users, or for any other privacy-specific inquiries, you can reach us at:

By using RepoGo, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, transmission, and disclosure of your information as described herein, including the transmission of your code, files, and environment variables to third-party sandbox and AI providers as necessary to provide the Service.