Legal

Privacy Policy

This policy explains what personal data Coregit collects, why it is used, and how it is protected.

Last updated: March 31, 2026

1. Who We Are

Coregit is a product operated by Strayl ("we", "our", or "us"). Coregit provides serverless Git repository infrastructure for AI-native products via API.

2. Data We Collect

  • Account data: name, email, profile image, and authentication/session data.
  • Organization data: organization name, slug, membership, and roles.
  • Repository data: git objects (commits, trees, blobs), branches, tags, and metadata.
  • API key data: key name, prefix, usage counts, and rate limit metadata. Full keys are hashed and never stored in plain text.
  • Usage data: API call counts, storage usage, git transfer volumes, and billing-related metrics.
  • Technical data: IP address, user agent, request logs, and timestamps.

3. How We Use Data

  • Operate, maintain, and secure the Coregit service.
  • Provide repository hosting, Git protocol access, and API functionality.
  • Track usage for billing and enforce rate limits.
  • Respond to support requests and product feedback.
  • Improve quality, reliability, and performance.

4. Security

We apply reasonable technical and organizational safeguards, including encrypted storage, access controls, and hashed API keys.

Repository data is stored in Cloudflare R2 with server-side encryption. Database connections use TLS.

5. Third-Party Processors

We use third-party infrastructure for authentication, cloud hosting, database services, and payment processing. Data is processed by these providers only as needed to operate Coregit.

  • Cloudflare: compute (Workers) and object storage (R2).
  • Neon: serverless PostgreSQL database.
  • Better Auth: authentication framework (self-hosted, data stays in our database).
  • Payment processor: billing metadata only; we do not store card numbers.

6. Retention

We keep data for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. When you delete a repository or organization, associated data is permanently removed from our systems.

7. Your Rights

  • Request access to personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your repositories via standard Git clone at any time.
  • Contact us with privacy-related questions.

8. Contact

Questions about privacy: alemzhan@strayl.dev