Privacy Policy

1. Information We Collect

Account & identity data — When you sign in with GitHub we receive your GitHub username, display name, email address, and profile avatar. We store this to create and maintain your account.

GitHub organisation data — To power the dashboard we read the GitHub organisations and repositories you grant access to via the Better Workflows GitHub App installation. We store organisation names, avatars, and GitHub App installation identifiers.

Workflow activity data — We log workflow runs you trigger or schedule through our platform, including run status, timestamps, inputs, and conclusions. This data is used to display your history and support troubleshooting.

Session & technical data — When you log in we create a session record that includes your IP address, browser user agent, and a session token. This is used solely for authentication and security purposes.

Billing data — Payments are processed by Stripe. We never see or store your full card details. We do store your Stripe Customer ID and Subscription ID so we can manage your plan.

Waitlist signups — If you join our waitlist we collect your name, email address, and the referral source you came from.

Usage & analytics data — We use Google Analytics 4 and Vercel Analytics on our marketing site and dashboard to understand how visitors interact with our product. These tools may use cookies and collect anonymised data such as pages visited, session duration, and referring URLs.

2. How We Use Your Information

• Authenticate you and maintain secure sessions.
• Fetch your GitHub organisations and workflow data on your behalf.
• Execute, schedule, and log the workflow runs you request.
• Process subscription payments and manage your billing plan.
• Send transactional emails such as welcome messages and waitlist confirmations.
• Understand how the product is used so we can improve it.
• Investigate and resolve security incidents or abuse.
• Comply with applicable laws and regulations.

We do not sell your personal data to third parties. We do not use your data to train AI or machine learning models.

3. Third-Party Services

We integrate with the following third-party services. Each has its own privacy policy that governs how they handle data.

• GitHub — OAuth authentication and GitHub API access. Your GitHub access token is stored securely and used only to interact with GitHub on your behalf. GitHub Privacy Statement
• Stripe — Payment processing for Pro and Team subscriptions. Stripe Privacy Policy
• Resend — Transactional email delivery (welcome emails, waitlist confirmations). Resend Privacy Policy
• Google Analytics 4 — Website and dashboard usage analytics. Google Privacy Policy
• Vercel — Hosting and edge analytics for the dashboard and landing page. Vercel Privacy Policy
• UserJot — Product feedback and roadmap. Only accessed when you voluntarily click feedback or roadmap links. UserJot Privacy Policy

4. Cookies

We use cookies and similar technologies for the following purposes:

• Authentication session cookies set by Better Auth (HttpOnly, Secure).
• Analytics cookies set by Google Analytics 4 to measure site usage.
• Vercel Analytics uses edge-level data — no client-side cookie is set.

You can disable cookies in your browser settings or opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. Note that disabling session cookies will prevent you from logging in.

5. Data Retention

We retain your account data for as long as your account is active. If you request account deletion we will remove your personal data within 30 days, except where retention is required by law or legitimate business purposes (e.g. billing records).

Session records expire after 7 days of inactivity. Audit log entries and workflow run history are retained for up to 12 months.

6. Data Security

We implement appropriate technical and organisational measures to protect your data:

• All data is transmitted over HTTPS/TLS.
• Session tokens are stored as HttpOnly, Secure cookies.
• GitHub access tokens are stored encrypted in the database.
• Database access is restricted to application services only.
• Payment card data is never stored — Stripe handles all card processing.

No system is completely secure. If you discover a security vulnerability please contact us at hi@betterworkflows.io.

7. Your Rights

Depending on where you are located you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Correction — ask us to correct inaccurate or incomplete data.
• Deletion — request that we delete your account and associated data.
• Portability — request your data in a structured, machine-readable format.
• Objection — object to certain processing activities.
• Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email us at hi@betterworkflows.io. We will respond within 30 days.

8. Children's Privacy

Better Workflows is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of Better Workflows after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please reach out: