Skip to main content

Privacy Policy

Effective Date: September 2025

ReleaseTools is committed to protecting your privacy and being transparent about our data practices. This privacy policy explains how our tools handle data and what information, if any, is collected or processed.

Data Collection

No Data Collection by ReleaseTools

ReleaseTools does not collect, store, or transmit any personal data or usage information. Our tools are designed with privacy by default:

  • No telemetry or analytics are collected
  • No user tracking of any kind
  • No personal information is gathered or stored
  • No usage statistics are transmitted to our servers

User-Controlled Data

All data processed by ReleaseTools remains under your complete control:

Mutex GitHub Action

  • Database credentials: You provide your own PostgreSQL database credentials via environment variables
  • GitHub tokens: You provide your own GitHub tokens for API access
  • Slack tokens: You optionally provide your own Slack bot tokens for notifications
  • All data storage: Happens in your own database infrastructure

releasetools CLI and GitHub Action

  • Local execution: All commands run entirely on your local machine or CI/CD runners
  • No external communication: The tool does not communicate with external services
  • Local file system: Only accesses files in your local working directory

Third-Party Services

Our tools may interact with third-party services that you explicitly configure:

GitHub

  • Your GitHub repositories: When you use our GitHub Actions
  • Your workflow data: Processed within GitHub's infrastructure
  • GitHub's privacy policy: Applies to any data processed by GitHub Actions

Slack (Optional)

  • Your Slack workspace: Only if you configure Slack notifications for mutex
  • Your channel messages: Only messages you explicitly configure to be sent
  • Slack's privacy policy: Applies to any data sent to Slack

PostgreSQL Database (Mutex only)

  • Your database: You provide and control your own database
  • Your connection strings: Stored in your GitHub Secrets
  • Your database provider's privacy policy: Applies to data stored in your database

Security Measures

We implement several security measures to protect the integrity of our tools:

Dependency Security

  • GitHub CodeQL: Continuously scans our code for security vulnerabilities
  • Dependabot: Automatically detects and alerts on dependency vulnerabilities
  • Mend Renovate: Automatically creates pull requests to update vulnerable dependencies
  • Regular security audits: All dependencies are regularly reviewed and updated

Secret Protection

  • GitHub Secret Scanning: Enabled across all repositories to prevent accidental exposure of secrets
  • No hardcoded secrets: All sensitive data must be provided via environment variables or GitHub Secrets
  • Secure practices: Documentation emphasizes proper secret management

Open Source Transparency

  • Public repositories: All source code is available for inspection
  • Apache-2.0 license: Ensures transparency and allows security audits
  • Community review: Code changes are subject to public review

Data Processing Locations

Local Processing

  • releasetools CLI: Runs entirely on your local machine or on CI/CD runners
  • No data transmission: All processing happens locally

GitHub Actions Processing

  • mutex: Runs within GitHub's or your own infrastructure
  • GitHub's data centers: Processing occurs in GitHub's secure data centers
  • Your control: You control which repositories and workflows use our actions

Your Rights and Control

Complete Data Control

Since we don't collect data, you maintain complete control over all information:

  • Your repositories: You control access and permissions
  • Your database: You own and control your database infrastructure
  • Your secrets: You manage all credentials and API tokens
  • Your configurations: You control all tool configurations

Opting Out

  • Remove the tools: Uninstall or stop using our tools at any time
  • No data retention: No data to delete since none is collected
  • Immediate effect: Changes take effect immediately

Updates to This Policy

Notification of Changes

  • GitHub releases: Major policy changes will be announced in GitHub releases
  • Documentation updates: This policy will be updated in our documentation
  • Effective date: Updated policies include a new effective date

Scope of Changes

Given our no-data-collection approach, policy changes are likely to be:

  • Clarifications: Making our practices clearer
  • Security improvements: Adding new security measures
  • Tool additions: Covering new tools added to the suite

Contact Information

Questions and Concerns

If you have questions about this privacy policy or our data practices:

  • GitHub Issues: Open an issue in the relevant repository
  • Public discussion: All privacy-related discussions happen in public GitHub issues
  • Documentation: Refer to our comprehensive documentation

Compliance

GDPR Compliance

Since we don't collect personal data:

  • No personal data processing: GDPR requirements don't apply to our data practices
  • User control: All data remains under your control
  • No data transfers: We don't transfer personal data

Other Regulations

Our no-data-collection approach ensures compliance with various privacy regulations worldwide.

Third-Party Privacy Policies

When using ReleaseTools, you may also be subject to the privacy policies of:

Summary: ReleaseTools prioritizes your privacy by not collecting any data. All processing happens on your infrastructure, under your control. We implement strong security measures to protect our tools and provide complete transparency through open source code.

For any questions about this policy, please open an issue in the relevant GitHub repository.