Privacy Policy

1. Controller Information

Git Moving is operated by DevCake AB ("we", "our", "us"), the data controller for personal data processed through the service.

• Controller: DevCake AB
• Address: DevCake AB, Nordenskiöldsgatan 15, 413 09 Gothenburg, Sweden
• Contact: hello@devcake.se

2. Data We Process

Account and Profile Data

Email address, account identifier, and optional profile fields (such as name/avatar) used for authentication and account management.

Subscription and Billing Data

Stripe customer/subscription identifiers, price plan, billing period status, and payment outcome events needed to provision paid features. Card details are processed by Stripe and are not stored by us.

Activity Sync Data

If you use account sync from the desktop app, we process daily aggregates you send: date, exercises completed, and commit count.

Support and Operational Data

Support emails and technical logs required for security, fraud prevention, webhook delivery, and troubleshooting.

Data Stored Locally on Device

The desktop app stores settings, exercise configuration, queue data, and secure auth state locally. Session tokens are protected with OS-backed secure storage when available (for example macOS Keychain).

3. Data We Do Not Collect

We do not collect your source code, commit messages, repository history, or project file structure.

4. Purposes and Legal Bases (GDPR)

We process personal data only where we have a valid legal basis:

• Performance of contract: account login, service delivery, subscription management, and customer support.
• Legitimate interests: security monitoring, abuse prevention, reliability diagnostics, and service improvements.
• Legal obligation: accounting, tax, and regulatory compliance.
• Consent (where applicable): optional communications you request.

5. Recipients and International Transfers

We use service providers that process data on our behalf, including Supabase (authentication/database), Stripe (payments/billing), GitHub (desktop app release hosting and update delivery), and Vercel (web hosting).

Where personal data is transferred outside the EU/EEA, we rely on recognized safeguards such as the European Commission's Standard Contractual Clauses and equivalent lawful transfer mechanisms.

6. Data Retention

• Account/profile data: while your account remains active.
• Subscription and transaction records: as required by accounting and tax law.
• Activity sync history: until account deletion or user-requested deletion.
• Security and webhook audit logs: retained for operational and fraud-prevention needs.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, object to processing, and receive data portability.

We aim to acknowledge privacy-rights requests within 7 days and respond within 30 days, subject to lawful extensions.

To exercise rights, contact hello@devcake.se.

You may also lodge a complaint with your local supervisory authority. If you are in Sweden, you can contact Integritetsskyddsmyndigheten (IMY): www.imy.se.

8. Cookies and Similar Technologies

We use essential cookies to maintain your session and preferences. We do not use cross-site advertising trackers.

9. Security Measures

We use technical and organizational measures appropriate to the risk, including encrypted transport, access controls, and secure token storage in the desktop app where available.

10. Children's Privacy

The service is not intended for children under 13, and we do not knowingly collect personal data from children under 13.

11. Changes to This Policy

We may update this Privacy Policy. Material updates will be posted on this page with an updated effective date.