Owner and Data Controller
Blacksmith Software Inc. 95 Third Street, 2nd Floor, San Francisco CA, 94103, United States Owner contact email: [email protected]Types of Data Collected
Blacksmith Software Inc. (“Blacksmith”) collects the following types of Personal Data when you sign in with your GitHub account and set up our GitHub integration in your organization: GitHub webhook metadata used for billing purposes and to provide analytics on your GitHub Actions performance and trends, as well as payment information, including credit card details securely processed through Stripe for monthly billing based on your usage. This data is collected automatically through your interactions with the service and is essential for Blacksmith to deliver and improve its offerings. Users are responsible for ensuring they have consent to provide any third-party Personal Data and understand that withholding mandatory data may affect the functionality of the Service.Mode and place of processing the Data
Methods of processing
Blacksmith Software Inc. (“Blacksmith”) implements robust industry-standard security measures to protect your data from unauthorized access, disclosure, modification, or destruction. Data processing is performed following strict organizational procedures aligned with the purposes outlined in this Privacy Policy. In addition to Blacksmith’s internal teams responsible for administration, sales, marketing, legal, and system administration, your data may be accessed by trusted third-party service providers, including payment processors like Stripe, hosting providers, and communication tools appointed as Data Processors. These external parties are bound by confidentiality agreements and are only granted access as necessary to provide the Service. An updated list of these Data Processors is available upon request from Blacksmith by contacting [email protected].Legal basis of processing
Blacksmith Software Inc. (“Blacksmith”) processes Personal Data of Users based on the following legal grounds: (1) Consent: Users have provided explicit consent for specific purposes, such as billing and analytics related to GitHub Actions performance; (2) Contractual Necessity: Processing is necessary to fulfill our service agreement with Users, including running GitHub Actions runners and managing billing through Stripe; (3) Legal Obligations: We process data to comply with applicable legal requirements and regulations; (4) Legitimate Interests: Processing is essential for our legitimate business interests, such as improving service performance and ensuring secure operations. Importantly, Blacksmith does not use Personal Data for any Artificial Intelligence (AI) or Machine Learning (ML) purposes. In jurisdictions where consent is not required for certain processing activities, Blacksmith relies on these alternative legal bases. Users may contact Blacksmith to clarify the specific legal basis applicable to their data processing, including whether providing Personal Data is a statutory or contractual requirement or necessary to enter into a contract.Place
Blacksmith Software Inc. (“Blacksmith”) processes Personal Data on our servers located in the United States and the European Union. Depending on your location, your data may be transferred between these regions. If you have concerns about where your data is processed, you may request to have your workload moved to a specific region by contacting us at [email protected]. While we will consider such requests, relocation of data processing is not guaranteed until an agreement is reached. For more information about data processing locations, data transfers, and the legal basis for transferring data, please contact us directly.Retention
Blacksmith Software Inc. (“Blacksmith”) retains Personal Data only for as long as necessary to fulfill the purposes for which it was collected. Personal Data related to the performance of a contract between Blacksmith and the User is retained until the contract is fully performed. Data processed under Blacksmith’s legitimate interests is kept as long as needed to achieve those purposes. Additionally, Personal Data may be retained longer if required by law or with the User’s explicit consent, which can be withdrawn at any time. While you are a customer, your data will not be deleted. Upon termination of the agreement or upon your request, Blacksmith will delete all relevant user data within 30 days using industry-standard methods, ensuring compliance with backup and security protocols. To request data deletion, please contact us at [email protected]. Once the retention period has expired, your rights to access, erase, rectify, and port data cannot be enforced.Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:Handling payments
Unless otherwise specified, this Application processes any payments by credit card, bank transfer or other means via external payment service providers. In general and unless where otherwise stated, Users are requested to provide their payment details and personal information directly to such payment service providers. This Application isn’t involved in the collection and processing of such information: instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.Stripe (Stripe Inc.)
Stripe is a payment service provided Stripe Inc. Personal Data processed: email address; payment info; purchase history; Tracker; Usage Data. Place of processing: United States – Privacy Policy.Registration and authentication
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services. Depending on what is described below, third parties may provide registration and authentication services. In this case, this Application will be able to access some Data, stored by these third-party services, for registration or identification purposes. Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service.GitHub OAuth (GitHub Inc.)
GitHub OAuth is a registration and authentication service provided by GitHub Inc. and is connected to the GitHub network. Personal Data processed: various types of Data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy.Traffic optimization and distribution
This type of service allows this Application to distribute their content using servers located across different countries and to optimize their performance. Which Personal Data are processed depends on the characteristics and the way these services are implemented. Their function is to filter communications between this Application and the User’s browser. Considering the widespread distribution of this system, it is difficult to determine the locations to which the contents that may contain Personal Information of the User are transferred.Cloudflare (Cloudflare Inc.)
Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc. The way Cloudflare is integrated means that it filters all the traffic through this Application, i.e., communication between this Application and the User’s browser, while also allowing analytical data from this Application to be collected. Personal Data processed: various types of Data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy.User database management
This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Application, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks’ profiles) and used to build private profiles that the Owner can display and use for improving this Application. Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Application.Supabase
Supabase is an open-source backend-as-a-service platform built on PostgreSQL. It provides a full Postgres database for every project, along with features like real-time functionality, authentication, and auto-generated APIs, making it easy to build and manage web and mobile applications. Personal Data processed: email address, usage data, and various types of data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy.Information on opting out of interest-based advertising
In addition to any opt-out feature provided by any of the services listed in this document, Users may follow the instructions provided by YourOnlineChoices (EU), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar initiatives. Such initiatives allow Users to select their tracking preferences for most of the advertising tools. The Owner thus recommends that Users make use of these resources in addition to the information provided in this document. The Digital Advertising Alliance offers an application called AppChoices that helps Users to control interest-based advertising on mobile apps. Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.Further information about the processing of Personal Data
The rights of Users
Blacksmith Software Inc. (“Blacksmith”) empowers Users with the following rights regarding their Personal Data:- Withdraw Consent: Users can withdraw their consent to data processing at any time.
- Object to Processing: Users may object to data processing based on legitimate interests or other legal grounds beyond consent.
- Access Data: Users can request information on whether their data is being processed and obtain a copy of their Personal Data.
- Rectify Data: Users have the right to correct inaccurate or incomplete Personal Data.
- Restrict Processing: Users can limit the processing of their data, allowing Blacksmith to store it without further use.
- Erase Data: Users may request the deletion of their Personal Data under specific circumstances.
- Data Portability: Users can receive their data in a structured, commonly used, machine-readable format and transfer it to another controller.
- Lodge a Complaint: Users have the right to file a complaint with their competent data protection authority.
- Restrict Data Flow from GitHub: Users can restrict data flow by uninstalling or suspending the Blacksmith GitHub integration. Please note that doing so may affect the functionality and performance of the Service.