Legal

Privacy Policy

How Git Replica collects, uses, protects, and shares your information when you connect provider accounts and mirror your repositories.

01 Who we are

Git Replica (“Git Replica”, “we”, “us”, or “our”) is a service operated by GitReplica LLC. Git Replica mirrors and backs up Git repositories between supported hosting providers — currently GitHub, GitLab, and Bitbucket — on your behalf.

This Privacy Policy explains what information we collect, why we collect it, how we protect it, and the choices you have. If you have questions, contact us at [email protected].

02 Information we collect

Account and identity information from your Git providers

When you sign in or connect an account using OAuth, the provider shares basic profile information with us: your provider user ID, username, display name, email address, and avatar URL. We are OAuth-only — we never receive or store your provider password.

Authorization tokens

We store the OAuth access and refresh tokens the provider issues so we can perform the repository operations you ask us to perform. These tokens are encrypted at rest using AES-256-GCM.

Repository and configuration data

To run the syncs you set up, we store the names of the repositories involved and your binding settings — which source and destination accounts are linked, and which repositories are included or excluded.

Operational records

For each sync we record its status (pending, running, success, or failed), timestamps, the amount of data transferred, and any error messages, so you can review your backup history and so we can troubleshoot.

Technical and log data

Like most online services, our servers record standard request information such as IP address and request metadata in operational logs.

03 How we use your information

We use the information we collect to:

  • authenticate you and keep your session secure;
  • provide the mirroring and backup service you configure;
  • communicate with you about the service, including important changes;
  • operate, secure, maintain, and improve the service; and
  • comply with legal obligations and enforce our terms.

We do not use your information for advertising, and we do not sell it.

04 How we handle repository contents

When a sync runs, our background worker clones the source repository into temporary storage on our servers and then pushes it to the destination you selected. The temporary copy is deleted as soon as the operation completes. We do not keep a separate long-term copy of your repository contents beyond the destination repository that you control.

05 How we share information

We share data only with the third-party services required to operate Git Replica — principally the Git providers you connect and our infrastructure providers. See our Third-Party Services page for the full list and exactly what is shared with each.

We may also disclose information when required by law, or when necessary to protect the rights, safety, and security of Git Replica and its users. We do not sell your personal information.

06 Cookies

We use one essential cookie: an httpOnly authentication cookie that holds your session token and keeps you signed in. It expires after one hour. We do not currently use cookies for analytics or advertising; if we add features that rely on additional cookies — such as analytics — we will update this policy and, where required, ask for your consent.

Note that our marketing pages load web fonts from Google Fonts, which receives your IP address as part of serving those fonts. See Third-Party Services.

07 Data security

We never store provider passwords. OAuth tokens are encrypted at rest with AES-256-GCM, with the encryption key held separately from the database. Traffic is served over HTTPS, session cookies are httpOnly, and our API endpoints are rate-limited. No method of transmission or storage is completely secure, but we work hard to protect your data.

08 Data retention

We keep your account and configuration data for as long as your account is active. When you disconnect a provider account, its stored tokens and associated webhooks are removed. When you delete an account or a binding, the related records — including backup history and webhook registrations — are deleted along with it. Operational logs are kept for a limited period for security and troubleshooting.

09 Your rights and choices

You can review and update your connected accounts at any time from your dashboard, and disconnect any provider account or delete bindings — which removes the associated data. You can also revoke Git Replica’s access entirely from within your GitHub, GitLab, or Bitbucket account settings.

Depending on where you live, you may have additional rights such as access, correction, deletion, or portability. To exercise them, contact [email protected].

10 International data transfers

We operate using cloud infrastructure that may process and store data in regions outside your own country. Where we transfer data internationally, we rely on appropriate safeguards consistent with applicable law.

11 Children’s privacy

Git Replica is not directed to children and is not intended for anyone under the age of 16. We do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.

12 Changes to this policy

We may update this policy from time to time. When we make material changes, we will post the updated policy on this page and, where appropriate, notify you.

13 Contact us

Questions about this policy or your data? Email us at [email protected].