Privacy Policy

Maelir collects the following categories of data:

• Account data — name, email address, and profile picture obtained when you sign in via GitHub OAuth.
• GitHub activity data — pull request titles, numbers, authors, timestamps (created, merged), cycle times, commit SHAs, commit messages (first line only), and committer usernames. This data is fetched from repositories you explicitly connect to Maelir.
• Jira data — issue summaries, priorities, statuses, creation and resolution dates, and project keys from Jira projects you link to your Maelir applications. We do not store issue descriptions or comments.
• Team and organisation data — team names, team membership, and role assignments that you create within Maelir.
• Usage data — standard web server logs including IP addresses, browser type, and pages visited, retained for up to 30 days for security and debugging purposes.

Yes. The following information constitutes personal data under GDPR and similar regulations:

• Email addresses and display names of Maelir account holders
• GitHub usernames of contributors appearing in pull request and commit history
• Jira account IDs linked to user profiles
• Avatar image URLs from GitHub

This data is used solely to power the analytics features of Maelir — for example, attributing pull requests and commits to individual developers in your team dashboard. We do not sell, share, or use this data for advertising.

• To provide DORA metrics, developer analytics, and engineering dashboards
• To authenticate you and maintain your session
• To associate GitHub and Jira activity with your organisation and teams
• To send transactional emails related to your account (if applicable)

We do not use your data for any purpose beyond operating the Maelir service.

When you connect GitHub or Jira, you authorise Maelir to read data from those platforms on your behalf using OAuth 2.0. We request only the minimum scopes required:

• GitHub — repo, read:org, read:user — to read repository, pull request, and commit data.
• Jira — read:jira-work, read:jira-user, offline_access — to read issues, projects, and refresh tokens.

OAuth tokens are stored encrypted in our database and are never exposed in API responses or logs.

We retain your data for as long as your account is active. If you delete your account or disconnect an integration, the associated data is removed within 30 days. You may request deletion at any time by contacting us at privacy@maelir.dev.

All data is stored in an encrypted PostgreSQL database. Connections use TLS in transit. Access tokens for third-party integrations are stored at rest and never returned in full through the API. We follow industry-standard security practices and regularly review our access controls.

If you are located in the EEA or UK, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Data portability

To exercise any of these rights, contact us at privacy@maelir.dev. We will respond within 30 days.

We may update this policy from time to time. Material changes will be communicated via the email address associated with your account. Continued use of Maelir after changes constitutes acceptance of the updated policy.

For any privacy-related questions, contact us at privacy@maelir.dev.