Legal

Privacy Policy

This policy explains how S2P handles personal data when you visit the website, create an account, connect repositories, generate drafts, publish posts, use APIs, or contact us.

Last updated:

1. Who we are

S2P - Ship 2 Post operates S2P, a GitHub-native release marketing copilot. The business contact is info@s2p.dev.

Controller contact: Nico Jaroszewski, Schlosstalstrasse 202, 8408 Winterthur, Switzerland (CH).

2. Information we collect

Account data. We process authentication identifiers, email address, name, profile image, workspace membership, role, and session-related data from the authentication provider.

Workspace and repository data. We process workspace settings, connected repositories, GitHub installation metadata, release signals, trigger rules, brand profiles, channel templates, drafts, approvals, scheduled posts, published post records, metrics, and audit logs.

Connected platform data. When you connect a social or webhook destination, we store destination metadata and the credentials required to publish on your behalf. OAuth tokens, refresh tokens, app passwords, and manual tokens are encrypted at rest.

Usage, security, and support data. We process product events, job runs, logs, device/browser metadata, cookie preferences, support messages, and security signals needed to operate, diagnose, and protect the service.

3. How we use information

We use data to provide the service, authenticate users, maintain workspaces, receive GitHub signals, generate and store drafts, publish approved content, measure post performance, support customers, secure the application, enforce terms, improve product quality, and comply with legal obligations.

4. Legal bases

Where GDPR or similar laws apply, we rely on the following legal bases: performance of a contract to provide the service, legitimate interests to secure and improve S2P, consent for optional analytics or similar non-essential storage, and legal obligations where we must retain or disclose information.

5. AI processing

S2P may send release context, repository metadata, brand profile instructions, channel templates, and draft prompts to AI model providers or gateways to generate post drafts. We do not send social platform access tokens or OAuth refresh tokens to model providers.

You are responsible for deciding which repositories, release notes, and workspace content are appropriate to process through AI-assisted drafting.

6. Sharing and subprocessors

We do not sell personal data. We share data with service providers only as needed to operate S2P, including authentication, database and hosting infrastructure, background job execution, AI model access, error monitoring, payment processing when enabled, and connected social platform APIs.

Connected social platforms receive the content and metadata needed to publish posts that you authorize. Custom webhook destinations receive the delivery data configured for that connector.

7. Cookies and local storage

S2P uses essential cookies and local storage for authentication, session continuity, security, theme settings, and cookie preferences. Optional analytics or similar storage is used only when you consent through the cookie banner. You can update your choices through Cookie settings in the footer.

8. Retention

We retain account and workspace data while your account or workspace is active. If you delete an account or request deletion, we delete or de-identify data within a reasonable period unless retention is needed for security, audit integrity, fraud prevention, dispute handling, legal compliance, or backup restoration.

9. International transfers

S2P is operated from Switzerland and may use providers that process data in Switzerland, the European Economic Area, the United States, or other countries where the providers operate. Where required, transfers rely on adequacy decisions, Standard Contractual Clauses, or other appropriate safeguards.

10. Security

We use technical and organizational safeguards including encrypted credential storage, TLS transport expectations, signed GitHub webhook verification, role-based access controls, scoped API keys, audit logs, and least-privilege handling of provider credentials.

11. Your privacy rights

Depending on where you live and which law applies, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data, and to withdraw consent where processing is based on consent.

Submit requests at Privacy requests or email info@s2p.dev. We may need to verify your identity and workspace authority before acting on a request.

12. Children

S2P is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child provided personal data, contact us and we will take appropriate action.

13. Changes

We may update this policy as S2P changes. Material updates will be communicated through the product, website, or email where appropriate. The latest version is always posted on this page.

14. Contact

For privacy questions, requests, or complaints, contact info@s2p.dev.

Schlosstalstrasse 202, 8408 Winterthur, Switzerland (CH)

Stop writing release posts.

Your engineers already commit. Now those commits become content - in your voice, on every channel.

Get started free