How ShipCadence handles customer and workspace data.

This Privacy Policy explains how ShipCadence collects, uses, stores, discloses, and deletes personal data and workspace data when you use the ShipCadence website, application, onboarding flows, integrations, billing flows, AI features, analytics readouts, hosted builder features, and related support services.

ShipCadence is designed as a product and engineering system for solopreneurs and small teams. The service works from the context and sources each workspace chooses so ShipCadence can help turn customer signals into shipped improvements, measure what changed, and guide the next product cycle.

We collect account data such as name, email address, password authentication records, email verification state, session records, password reset records, account settings, support communications, and workspace membership or ownership information.

We collect workspace data such as workspace name, product name, company context, website URL, customer and competitor context, goals, positioning, selected signal sources, imported signal summaries, backlog items, build briefs, review state, agent run state, pull request links, measurement snapshots, usage counts, onboarding state, audit events, and product analytics events generated by ShipCadence.

We collect billing data such as selected plan, subscription status, billing identifiers, trial state, renewal status, cancellation state, usage limits, and Stripe customer or subscription identifiers. Full payment card details are handled by Stripe and are not stored by ShipCadence.

If you connect a third-party provider, ShipCadence may receive provider account metadata, OAuth tokens or installation credentials, selected resources, repository metadata, README or manifest excerpts, pull request data, issue data, Slack channel metadata and selected messages, Gmail label or thread metadata and selected message content, product analytics properties, analytics event summaries, and webhook events.

ShipCadence is intended to use narrow, selected sources rather than broad account access. You are responsible for confirming that you have permission to connect each provider account and process the data exposed by the selected sources.

ShipCadence may send selected workspace data, company context, source summaries, code context, approved signals, measurement history, and user prompts to AI model providers to generate company context drafts, research summaries, product recommendations, build scope, acceptance criteria, test notes, agent packets, hosted builder prompts, or reviewable implementation artifacts.

AI providers may process submitted data according to their own service terms and data processing commitments. ShipCadence configures AI use to support the requested workspace workflow and does not intentionally submit data that is not needed for the requested feature.

We use data to create and secure accounts, authenticate sessions, provide onboarding, connect approved sources, import and summarize product signals, create product cycles, prepare build-ready work, route work to BYO coding agents or hosted builder workflows, track pull requests, generate measurement readouts, enforce usage limits, process billing, provide support, and operate the service.

We also use operational metadata, logs, analytics, audit events, rate-limit records, and aggregated or de-identified information to monitor reliability, prevent abuse, improve product quality, understand feature usage, debug errors, and make ShipCadence more useful.

ShipCadence does not sell customer personal data. ShipCadence does not use connected provider data to advertise third-party products to customers.

ShipCadence does not read Slack direct messages, send or modify Gmail messages, crawl every connected source by default, automatically merge pull requests, automatically deploy customer code, or intentionally process highly sensitive regulated data unless a separate written agreement expressly allows that use.

ShipCadence uses cookies or similar local storage to keep users signed in, protect sessions, remember authenticated state, and operate the application. These are necessary for the service to function.

ShipCadence may use first-party analytics and Google Analytics 4 when configured to measure page views, signups, onboarding steps, integration events, product work events, billing events, and other product usage. Analytics are used to understand and improve the service and should not include customer content beyond operational event names and metadata.

We share data with service providers that help us run ShipCadence, including hosting providers, database providers, email providers, payment processors, analytics providers, AI model providers, error monitoring providers, and infrastructure or runner providers. These providers may process data only as needed to provide their services to ShipCadence.

We share data with connected third-party services at your direction, such as when ShipCadence uses an OAuth token to read a selected repository, import selected messages, pull analytics metrics, open a pull request, receive a webhook, or post an allowed review update.

We may disclose data if required by law, legal process, security investigation, fraud prevention, enforcement of our Terms, protection of rights and safety, or as part of a business transaction such as a merger, acquisition, financing, or sale of assets.

ShipCadence keeps account data, workspace data, integration records, usage records, audit events, billing metadata, and operational logs for as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, protect the service, and maintain business records.

Some temporary records, such as sessions, password reset tokens, webhook delivery records, and rate-limit buckets, may expire or be deleted automatically. Billing records, audit records, provider-side records, logs, and backups may persist for a limited period after account or workspace deletion where required for legal, security, fraud-prevention, tax, accounting, or operational reasons.

ShipCadence uses technical and organizational measures intended to protect customer data, including scoped provider access, encrypted integration credentials, session controls, signed webhook verification where supported, rate limiting, and review-gated code workflows.

No system can guarantee perfect security. Customers are responsible for keeping credentials secure, limiting provider scopes, reviewing generated output, testing code changes, rotating exposed secrets, and notifying ShipCadence promptly about suspected unauthorized access.

You can update company context, change selected sources, disconnect integrations, remove imported signals before they affect future work, manage plan state, export account data, revoke active sessions, change account credentials, and delete a workspace through available product controls.

You can also revoke ShipCadence access directly inside connected providers such as GitHub, Google, Slack, and analytics tools. Provider-side revocation may not delete records already created in the provider account, such as pull requests, branches, workflow files, messages, or provider audit logs.

ShipCadence is operated from the United States. If you access ShipCadence from another country, you understand that your data may be processed in the United States and other locations where ShipCadence or its service providers operate.

ShipCadence is not directed to children and is not intended for use by anyone under 16. If you believe a child has provided personal data to ShipCadence, contact us so we can review and delete the data where appropriate.

ShipCadence may update this Privacy Policy from time to time. If changes are material, ShipCadence will take reasonable steps to notify customers through the product, website, email, or another appropriate channel. Continued use of ShipCadence after an update becomes effective means the updated policy applies.

Questions, privacy requests, data access requests, correction requests, deletion requests, or security concerns can be sent to the support address listed on this page.