Privacy policy

What StandupGen is

StandupGen helps you produce a readable Markdown daily standup from activity in systems you connect (for example GitHub, Azure DevOps, and optionally Google Calendar or GBrain). It is not a generic assistant: output is grounded in the sources you authorize for a chosen date.

What we collect and why

• Account and session: When you sign in (for example with GitHub, Microsoft, or Google), we receive identifiers and profile information allowed by that provider (such as email and name where applicable). We use this to identify your account, keep you signed in, and associate integrations with you.
• OAuth tokens (server-side): Where you use OAuth, refresh and access tokens for connected providers are stored on the server so we can read the activity you asked us to summarize. We do not display raw tokens in the UI.
• Activity data for standup generation: We fetch commits, pull requests, work items, and related metadata from connected sources for the date you select, and pass a structured summary to an LLM (if configured) to write the standup text. We use this only to produce your standup and related in-app diagnostics you trigger.
• Google Calendar: If you connect Google, we request read-only access to calendar data so we can include your meetings for the selected date in the standup context. We do not use Calendar data to serve ads, and we do not sell it. See “Google API Services User Data” below.
• Optional GBrain: If you enable GBrain, configuration you enter (for example a binary path or HTTP base URL) and responses from that system may be used only to enrich the standup context you requested.
• Billing (if enabled): If your operator uses Stripe, we may store customer and subscription identifiers and process payments according to Stripe’s terms. Credit balances and ledger entries may be stored to enforce usage limits.
• Advanced / PAT flows: If you choose to paste a personal access token instead of OAuth, that token is sent to this application’s server to call the relevant APIs. Prefer OAuth when your deployment supports it.

LLM providers

When an LLM API (for example OpenAI or Anthropic) is configured, standup-related text and structured summaries derived from your connected sources may be sent to that provider to generate the written standup. Provider keys are held by the operator of this deployment, not by end users in the default OAuth flows. Check your deployment’s documentation for which model and region apply.

Google API Services User Data

StandupGen’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular: we use Google user data only to provide or improve user-facing features that are prominent in the requesting application (standup generation); we do not sell Google user data; we do not use Google user data for advertising; and we do not allow humans to read Google user data except as needed for security, to comply with law, or with your aggregate consent (for example support at your request).

Retention and deletion

Data is retained while your account exists and integrations remain connected, and as needed for billing and legal obligations. You can disconnect integrations in the app where that action is offered; your operator may offer additional deletion or export options. Deleting your account (if the deployment supports it) should remove or anonymize associated records according to that deployment’s process.

Security

Connections should use HTTPS in production. Tokens and secrets belong in server-side configuration, not in public client bundles. No method of transmission or storage is perfectly secure; we design the app to minimize exposure of credentials in the browser.

Children

StandupGen is intended for professional use and is not directed at children.

Changes

The operator of this deployment may update this page. Material changes should be reflected here with an updated date.

Contact

For privacy questions about this deployment, contact the person or organization that hosts it (the same contact you use for support or your Google OAuth consent screen’s developer contact). If you are evaluating the open-source project, use the repository’s issue tracker or maintainer channels listed there.