Privacy Policy
Last updated: 10 February 2026
1. Who We Are
Changelog.fast is operated by Michael ("we", "us", "our"). This policy explains how we collect, use, and protect your personal data when you use our service at Changelog.fast.
2. Data We Collect
Account data: When you sign up, we collect your email address, name, and avatar (via GitHub or Google OAuth, or magic link). This is necessary to create and manage your account.
Project data: Changelog entries, project settings, and subscriber lists that you create on the platform. This is content you provide to operate the Service.
Subscriber data: Email addresses of people who subscribe to your changelog. You are the data controller for your subscribers; we process this data on your behalf.
Usage data: We use Google Analytics (ID: G-5PJ7KXSL9V) to collect anonymous usage data including page views, referral sources, device type, and approximate location. This data is aggregated and cannot identify you personally.
Payment data: Payments are processed by Stripe. We do not store your card details. Stripe may collect payment information in accordance with their privacy policy.
3. How We Use Your Data
- To provide and maintain the Service
- To authenticate your identity and manage your account
- To send email notifications on your behalf to your subscribers
- To process payments for paid plans
- To analyse usage patterns and improve the Service
- To communicate with you about your account or the Service
4. Legal Basis (GDPR)
We process your data based on:
- Contract: Processing necessary to provide the Service you signed up for
- Legitimate interest: Analytics and service improvement
- Consent: Where required, such as marketing communications
5. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Cloudflare | Hosting, CDN, DNS | Request data, IP addresses |
| DigitalOcean | Custom domain SSL termination (VPS) | Request data, IP addresses (custom domain traffic only) |
| Stripe | Payment processing | Email, payment details |
| Google Analytics | Usage analytics | Anonymous usage data |
| MailerSend | Email delivery | Subscriber email addresses |
| GitHub / GitLab | OAuth, repo integration | OAuth tokens, repo data |
| Google OAuth | Authentication | Email, name, avatar |
6. Data Retention
We retain your account data for as long as your account is active. When you delete your account, all associated data (projects, entries, subscribers, sessions) is permanently deleted within 30 days. Analytics data is retained in aggregated, anonymised form.
7. Your Rights
Under GDPR and applicable data protection laws, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Delete your account and data (available in the dashboard)
- Export your data
- Object to processing based on legitimate interest
- Withdraw consent at any time
8. Cookies
We use cookies and local storage for authentication and preferences. For full details, see our Cookie Policy.
9. Security
We use industry-standard measures to protect your data, including HTTPS encryption, hashed tokens, and secure session management via Cloudflare Workers KV. OAuth tokens are stored securely and never exposed to client-side code.
10. Children
The Service is not intended for children under 16. We do not knowingly collect data from anyone under 16.
11. Changes
We may update this policy from time to time. We will notify you of material changes via email or a notice on the Service.
12. Contact
For privacy-related questions or to exercise your rights, contact us at hello@bymichael.co.uk.