Back to home

Privacy Policy for Branchline

Last Updated: November 24, 2025

Introduction

This Privacy Policy describes how Branchline ("we", "our", or "us") collects, uses, and protects your information when you use our Chrome browser extension and related services.

By installing and using Branchline, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our service.

Information We Collect

Automatically Collected Information

When you use Branchline, we automatically collect:

1. Authentication Token

  • A unique API token is generated when you first use the extension
  • This token is stored locally in your Chrome browser (using Chrome's sync storage)
  • The token is sent with each API request for authentication
  • We store the token server-side to validate requests and track usage

2. Usage Data

  • Number of summary/review requests made
  • Timestamps of requests
  • API endpoints accessed
  • Request success/failure status

3. Error Logs

  • Technical error information for debugging
  • Browser and extension version information
  • Error messages and stack traces (no personal data)

Information You Provide

When you use Branchline to analyze GitHub pull requests:

1. Pull Request Data

  • PR title and description you choose to analyze
  • This data is temporarily sent to our servers and OpenAI's API
  • We do not permanently store PR content

Information We Do NOT Collect

  • Email addresses
  • Names or usernames
  • GitHub credentials or access tokens
  • Browsing history
  • Personal identifiable information (PII)
  • Advertising identifiers or ad personalization data

How We Use Your Information

We use the collected information to:

1. Provide the Service

  • Process your summarization and review requests
  • Track your monthly usage against free tier limits
  • Maintain service functionality

2. Improve the Service

  • Monitor for errors and bugs
  • Analyze usage patterns to improve features
  • Ensure API performance and reliability

3. Enforce Usage Limits

  • Track free tier usage (30 requests/month)
  • Prevent abuse of the service
  • Manage plan upgrades

Website Analytics and Cookies

On branchline.dev we use Google Analytics 4 (gtag.js) for product analytics only; advertising features are disabled.

  • Data collected: page views, device/browser info, approximate location (city-level), and basic engagement events. We do not use advertising identifiers.
  • Consent Mode v2: visitors in the EU/EEA/UK/CH start with analytics and functionality storage denied until they provide consent in our banner. Without consent, only cookieless, aggregated pings are sent.
  • With consent, Google may set first-party cookies to improve measurement; security storage remains enabled to protect the site.
  • You can withdraw or change consent at any time via our consent banner or by contacting support@branchline.dev.

For details, see Google's Privacy Policy.

How We Share Your Information

Third-Party Services

We share data with the following third parties:

1. OpenAI

  • PR titles and descriptions are sent to OpenAI's API for analysis
  • Subject to OpenAI's Privacy Policy
  • Data is processed according to OpenAI's data usage policies

2. Fly.io (Hosting Provider)

3. Google Analytics (Website Analytics)

  • Used on branchline.dev to measure site traffic and performance; advertising features are off
  • Consent Mode v2 defaults analytics/functionality storage to denied for EU/EEA/UK/CH until consent is given
  • Subject to Google's Privacy Policy

We Do NOT:

  • Sell your data to third parties
  • Share your data for advertising purposes
  • Use your data for purposes other than providing the service

Data Storage and Security

Storage Location

  • Data is stored on servers in Amsterdam, Netherlands (EU)
  • Compliant with GDPR requirements for EU data storage

Security Measures

  • All data transmission uses HTTPS encryption
  • API authentication via secure Bearer tokens
  • Database stored on encrypted volumes
  • Regular security updates and monitoring

Data Retention

  • API tokens: Stored in our database for authentication and usage tracking
  • Usage logs: Retained indefinitely for service analytics
  • Error logs: Retained for 90 days
  • PR content: Not permanently stored; only temporarily processed
  • Inactive accounts: May be deleted after 12 months of inactivity
  • Local storage: API token stored in your Chrome browser (removed when you uninstall)

Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

1. Right to Access - Request a copy of your data
2. Right to Deletion - Request deletion of your data
3. Right to Rectification - Request correction of inaccurate data
4. Right to Data Portability - Request your data in a machine-readable format
5. Right to Object - Object to processing of your data

To exercise these rights, contact us at support@branchline.dev.

Children's Privacy

Branchline is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If you believe a child has provided us with information, please contact us.

California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

Chrome Web Store Compliance

This extension complies with Chrome Web Store policies:

  • Limited Use Disclosure: Data collected through Chrome APIs is only used to provide/improve Branchline functionality, not for any other purpose
  • No Data Sale: We do not sell user data
  • Secure Transmission: All data is transmitted securely via HTTPS

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

  • Updating the "Last Updated" date
  • Posting the new policy on our website
  • Notifying users via the extension (for material changes)

Your continued use of Branchline after changes constitutes acceptance of the updated policy.

Third-Party Links

Branchline may contain links to third-party websites (GitHub, OpenAI, etc.). We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

Data Deletion Instructions

To delete your data:

1. Local Data (Immediate):

  • Uninstall the Branchline extension from Chrome
  • This immediately removes your API token from your browser

2. Server Data:

  • Email us at support@branchline.dev with subject "Data Deletion Request"
  • Include your API token (if known) or describe when you started using the service
  • We will delete your API token and usage logs within 30 days

Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: support@branchline.dev

Website: https://branchline.dev

For GDPR-related requests, please include "GDPR Request" in your email subject.

Consent

By using Branchline, you consent to (subject to the choices you make in our consent banner for analytics and cookies):

  • Collection and use of information as described in this policy
  • Transfer of data to third-party services (OpenAI) for processing
  • Storage of data in accordance with this policy
  • Activation of website analytics cookies only after consent where required (EU/EEA/UK/CH default to denied until you choose)

This policy is effective as of November 22, 2025.