Legal

Privacy Policy

This Privacy Policy explains how action pin collects, uses, and protects information when you use the website, sign in, connect GitHub, submit contact requests, or use billing and security workflow features.

Last updated

May 11, 2026

We collect account data from GitHub, Google, and one-time email sign-in flows.
We process repository metadata and GitHub Actions workflow data to run scans, findings, and remediation flows.
Stripe handles payment details; action pin stores subscription and billing-status metadata.
AI features for private repositories are optional and only apply if your organization enables them.

1. Scope

This Privacy Policy applies to the action pin website at actionpin.dev, the hosted application, related APIs, and customer support interactions.

By using action pin, you acknowledge that we need to process certain information to authenticate users, connect GitHub organizations and repositories, scan GitHub Actions workflows, manage subscriptions, and operate the service securely.

2. Information We Collect

We collect information you provide directly, information we receive from connected services, and information generated while operating the product.

  • Account and profile data, such as your name, email address, avatar, authentication provider identifiers, and session records.
  • Contact and support data, such as the full name, work email, team size, and message you submit through contact forms or support emails.
  • GitHub connection data, such as GitHub account and organization metadata, installation identifiers, repository metadata, workflow file paths, workflow contents required for scanning, pull request and checks context, findings, remediation run records, and related activity logs.
  • Billing and subscription data, such as customer and subscription identifiers, selected plan, billing status, billing-period information, and related event records from Stripe.
  • Operational and security data, such as timestamps, authentication events, request context, and similar diagnostic information needed to run, protect, and improve the service.

3. How We Use Information

We use collected information to operate action pin, deliver requested features, communicate with you, keep the service secure, and meet contractual and legal obligations.

  • Authenticate users and maintain sign-in sessions.
  • Install and manage GitHub App connections for the accounts and repositories you choose.
  • Scan GitHub Actions workflows, generate findings, show repository and policy posture, and create remediation records or reviewable pull requests.
  • Process subscription checkout, billing portal access, subscription reconciliation, and account status updates.
  • Send one-time login codes, product or billing notices, and responses to support or sales inquiries.
  • Monitor service reliability, investigate abuse or security incidents, and improve product quality.

4. AI Features

action pin may generate policy recommendations or related security guidance using AI-backed workflows.

If AI features are used for private repositories, that processing depends on your organization enabling the relevant option. If you do not enable that option, do not use private-repository AI features.

5. How We Share Information

We do not sell personal information. We share information only as needed to run the service, complete transactions, or comply with legal obligations.

  • With infrastructure, hosting, database, queueing, and security providers that support the operation of action pin.
  • With GitHub and other identity providers when you choose to authenticate or connect those services.
  • With Stripe for payments, billing events, and customer portal functionality.
  • With email-delivery providers for sign-in codes, billing notices, and support workflows.
  • With AI or automation providers only to the extent needed for enabled recommendation or remediation features.
  • If required by law, regulation, legal process, or a valid governmental request, or to protect the rights, safety, and security of action pin, our users, or others.

6. Data Retention

We retain information for as long as needed to provide the service, maintain security and business records, enforce agreements, and satisfy legal or operational requirements.

Retention periods may vary by data type. For example, account, subscription, repository, workflow, findings, and activity records may be retained while your workspace remains active and for a reasonable period afterward for security, audit, and support purposes.

7. Security

We use technical and organizational measures intended to protect information against unauthorized access, loss, misuse, and disclosure. No system is perfectly secure, and we cannot guarantee absolute security.

You are responsible for protecting your own account credentials and for reviewing the scopes and repository selections you approve when installing or configuring the GitHub App.

8. Your Choices

You can choose whether to connect GitHub, whether to purchase a paid plan, and whether to enable optional AI features for private repositories.

If you want to access, correct, delete, or export account information, or if you want us to review a privacy request, contact support@actionpin.dev. We will handle requests in line with applicable law and our operational obligations.

9. Children and Policy Changes

action pin is intended for business and professional use and is not directed to children.

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and update the Last Updated date above.

10. Contact

For privacy questions or requests, contact support@actionpin.dev.