Privacy Policy

1. Introduction

Cullit LLC (“Company,” “we,” “us,” or “our”) operates cullit.io and the Cullit CLI and GitHub Action (collectively, the “Service”). This Privacy Policy explains how we collect, use, and protect information when you use our Service.

2. Information We Collect

Information You Provide

Account information: Email address when you sign up for our waitlist or create an account.
Payment information: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card information directly. See Stripe’s privacy policy.
Configuration data: Settings you provide in your .cullit.yml configuration file, including AI provider preferences and integration settings.

Information Processed Temporarily

When you use the Service to generate release notes, the following data is processed in-memory and is not stored after your session:

Git Commit Data

Commit messages, author names, dates, and PR references between the refs you specify.

Enrichment Data

Ticket information retrieved from Jira or Linear using your credentials.

API Keys

Your third-party API keys are used only for the current request and are never logged or stored by us.

Generated Content

Release notes generated during your session are not retained on our servers.

Information Collected Automatically

Usage analytics: We may collect anonymous usage data such as command frequency, feature usage, and error rates to improve the Service. This data does not include your code, commit messages, or generated content.
Website analytics: When you visit cullit.io, we may collect standard web analytics data including IP address, browser type, and pages visited.

3. How We Use Information

We use the information we collect to:

Provide, maintain, and improve the Service.
Process payments for paid subscriptions.
Send you updates about the Service (you can opt out at any time).
Respond to your requests and support inquiries.
Monitor and analyze usage trends to improve user experience.
Comply with legal obligations.

4. Information Sharing

We do not sell your personal information. We may share information only in the following circumstances:

Third-party AI providers: When you use the Service, your git commit data is sent to the AI provider you selected (Anthropic, OpenAI, Gemini, Ollama, or OpenClaw) to generate release notes. This data is subject to the AI provider’s terms and privacy policies.
Payment processing: Payment information is processed by Stripe.
Legal requirements: We may disclose information if required by law, regulation, or legal process.
Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

Account Data

Retained while your account is active. Deleted within 30 days of deletion request.

Session Data

Commits & generated notes are not retained. Processed in-memory only.

API Keys

Never stored. Used only for the duration of the request.

Payment Records

Retained as required for accounting and tax purposes.

6. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

HTTPS encryption for all web traffic.
No storage of third-party API keys.
No logging of your git commit content or generated release notes.
Secure payment processing through Stripe (PCI-compliant).

However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal information we hold about you.
Request correction of inaccurate information.
Request deletion of your information.
Opt out of marketing communications.
Object to or restrict certain processing of your information.

To exercise any of these rights, contact us at matt@cullit.io.

8. Children’s Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16.

9. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. For users in the European Economic Area (EEA), such transfers are conducted under Standard Contractual Clauses as approved by the European Commission.

10. Your Rights Under GDPR & CCPA

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your personal data (“right to be forgotten”).
Portability: Request your data in a structured, machine-readable format.
Opt-out: California residents may opt out of the “sale” of personal information under CCPA. We do not sell personal data.

To exercise any of these rights, contact us at matt@cullit.io. We will respond within 30 days.

11. Cookies & Local Storage

The Cullit website and dashboard use browser localStorage to persist user preferences (e.g., saved API URL, generation history, widget dismissed state). We do not set cookies for tracking. No personal data is stored in localStorage — only functional configuration values.

If we introduce analytics or cookies in the future, we will update this policy and provide appropriate consent mechanisms.

12. Open Source Components

The Cullit CLI and GitHub Action are open-source software licensed under the MIT License. When you use the open-source components locally, no data is transmitted to us. Data is only sent to the third-party AI provider you configure.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the “Last Updated” date.

14. Contact

If you have questions about this Privacy Policy, contact us at:

Cullit LLC

Email: matt@cullit.io

Website: cullit.io