invertase/globeLight logoGlobe

Effective date: 09/12/2024
Last updated: 09/12/2024

1. Introduction

This Privacy Policy relates to the business operated in the United Kingdom by Invertase Limited (“Invertase” or “Company” or “we,” “our” or “us” or “Data Processor”), a company registered in England with company number 10839473 and whose registered office is at Banks Sheridan, Datum House, Electra Way, Crewe, Cheshire, England, CW1 6ZF.

At Invertase, we understand that your privacy is of paramount importance, and we are committed to protecting your personal data. Our Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website, invertase.io, and our services, including but not limited to Globe.dev. This policy should be read alongside our Terms of Service, which govern your use of our services.

By using our services, you agree to the collection and use of information as described in this policy.

2. Definitions

For the purposes of this Policy, the following definitions apply:

  • Services: Refers to any products or services made available by Invertase Limited, including those available at invertase.io and Globe.dev and any future services.
  • Personal Data: Any information that relates to an identifiable living individual, either directly (e.g., name, email address) or indirectly (e.g., data that can be combined with other information to identify a person).
  • Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (e.g., the duration of a page visit).

3. Information Collection and Use

We collect and use various types of data to provide, maintain, and improve our services. This includes data provided by you, data collected through third-party services, and data collected automatically during your use of the Service.

Personal Data

We collect personally identifiable information that can be used to contact or identify you, facilitate login, and manage your Globe account. This includes:

  • First and last name
  • Email address (required for login and communication)
  • Username (created during sign-up)
  • Profile photo from Google Login (if applicable)
Authentication Data

  • GitHub Integration: If you sign up using GitHub, we may collect data from your GitHub account, including:

    • Username
    • Public profile information (e.g., avatar, bio)
    • Organisation memberships (if public)
    • Public email address (if available)
    • Public and private repositories

    We use this data to manage your account, facilitate login, and provide services that require access to your repositories.

  • MagicLink Authentication: We use MagicLink for account creation and login, securely authenticating your identity via your email address. No passwords are stored, and login links are time-limited for enhanced security.

Repository and Commit Data

We collect data from public and private repositories and commits when you authorise access through GitHub. This includes:

  • Repository names
  • Commit history
  • Branches
  • Files
  • Commit messages

This data allows us to provide essential services such as repository access, project management, automation, and advanced features like commit analysis.

Usage Data

We collect usage data, which includes data on how you interact with Services such as:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent on the site
Analytics and Tracking

We use third-party services to track how users interact with Globe and to make technical improvements. These services include:

  • Plausible Analytics: A privacy-conscious service that does not use cookies and does not track users individually. See their Privacy Policy here.
  • PostHog: We use PostHog to collect product usage data to help us understand how users interact with our features and improve our product. PostHog may collect data such as:
    • Events: User actions like page views, button clicks, and feature usage.
    • Event Properties: Details about specific events, such as the URL visited or form data entered.
    • User Properties: Information such as your username, email address, and inferred attributes like signup date or frequently used features.
    • Device Information: Details about your device, including browser type, version, and operating system.
    • Session Information: Session data, including duration and the number of events.
    • See PostHog's Privacy Policy here for more details.
Data Related to Service Usage

We also collect data related to your usage of our services, including:

  • Service requests
  • Bandwidth usage (retained for three months)
  • Other usage metrics
Automatically Collected Information

When you access our Services, we may collect certain information automatically, such as:

  • IP address
  • Browser and device characteristics
  • Log and usage data
How We Use Your Information

We use the information we collect for the following purposes:

  • To facilitate account creation, login, and authentication.
  • To provide and maintain our services.
  • To process deployments based on commits to connected repositories.
  • To enhance and improve our services, including developing new features.
  • For communication, including administrative notifications and marketing.
  • For security and fraud prevention, including storing environment variables in encrypted form, decrypted only during deployments.

4. Data Retention

We collect and retain your personal data only for as long as necessary to fulfil the purposes outlined in this Policy, or as otherwise permitted or required by law.

Data Retention Periods
  • Account Data: While your account is active, we retain your personal data necessary to provide you with our services. This may include your email address, usage data, and project information.
  • Banned Users: If your account is banned due to violations of our Terms of Service, we may indefinitely retain your email address and other relevant information to enforce the ban and prevent future abuse.
  • Usage Data: We retain data related to the usage of our services, such as API requests, bandwidth consumption, and error logs, for a period of three months. This data is used for monitoring service performance, troubleshooting, and improving our offerings.
  • Project Data: Upon the deletion of a project using the "Project Delete" feature, all data associated with that project is deleted from our systems.
  • Account Deletion: When you delete your account, we will initiate the "Project Delete" process for all associated projects. Subsequently, your account and any remaining personal data will be deleted.
Legal and Security Exceptions

We may retain certain personal data for an extended period where permitted by law or as necessary to:

  • Comply with legal obligations: This includes fulfilling financial reporting requirements, responding to legal requests, and complying with court orders.
  • Resolve disputes: We may retain data to resolve disputes, enforce our agreements, and protect our legal rights.
  • Ensure security and prevent fraud: This encompasses detecting and preventing security incidents, fraud, and other malicious activity.
Data Anonymisation and Deletion

We will anonymise or delete your personal data when it is no longer needed for the purposes outlined in this Policy.

5. Transfer of Data

Your data may be processed on servers located anywhere in the world. We take steps to ensure any data transfer complies with applicable data protection laws. By using our services, you consent to this transfer. We implement appropriate safeguards, including encryption and security assessments, to protect your data regardless of location.

6. Disclosure of Data

We may disclose your personal data:

  • If required by law or legal process (e.g., court orders, government investigations).
  • In connection with a merger, acquisition, or sale of assets.
  • To our subsidiaries or affiliates only when necessary to provide our services.
  • With your consent.

7. Security of Data

We take the security of your data seriously and use strong protective measures, including encrypting environment variables, which are only decrypted when needed by an active deployment.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

8. Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the United Kingdom, you have certain data protection rights under the UK General Data Protection Regulation (UK GDPR). These rights include:

  • The right to access, correct, delete, or restrict your personal data.
  • The right to object to the processing of your data.
  • The right to data portability.
  • The right to withdraw consent.

If you are located in the European Union (EU) or the European Economic Area (EEA), similar data protection rights may apply under the EU GDPR. Please contact us for more details if this applies to you.

You have the right to access your personal data, request correction, and ask for the deletion of your account at any time. To exercise these rights, contact us at contact@globe.dev.

9. Service Providers

We may use third-party service providers to help us provide and improve our services. These providers have access to your personal data only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics:
  • Plausible Analytics: Used for privacy-friendly, cookie-free analytics. See their Privacy Policy here.
  • PostHog: Used for product analytics and user behaviour tracking. See PostHog's Privacy Policy here.
Other:
  • GitHub: We use GitHub’s API to enable integration with your repositories and GitHub account. See GitHub’s Privacy Policy here.
  • Paddle: Used for payment processing on certain products. Paddle may collect and process personal information to facilitate payment transactions and comply with legal obligations. See Paddle’s Privacy Policy here.
  • Canny.io: Used for collecting user feedback and suggestions to improve our products and services. This includes user-submitted feature requests, bug reports, and general comments. See Canny.io’s Privacy Policy here.

This list may be updated as we add or change service providers.

10. Links to Other Websites

Our Services may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We are not responsible for the content or privacy practices of external websites and any information you provide to those sites is governed by their respective privacy policies.

11. Children's Privacy

Our Services are not intended for use by children under the age of 16 ("Child" or "Children").

We do not knowingly collect personally identifiable information from Children under 16. If you become aware that a Child has provided us with personal data, please contact us at contact@globe.dev. If we become aware that we have collected personal data from Children without verification of parental consent, we will take steps to remove that information.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Any changes will be posted on this page, and we will notify you via email or a notice on our website. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us by email at contact@globe.dev.

Edit this page on GitHub
Terms of Service