Privacy Policy
Last updated: 2026-04-24
ReleaseJet is based in Greece. For any question about this policy or your data, email hello@releasejet.dev.
In short
We keep this simple. The only personal information the website collects is your email — and only if you voluntarily put it into the Pro waitlist form. There are no tracking cookies, no ad networks, and no consent banner because there's nothing to consent to. We use Vercel's cookie-less analytics to count page views, and we self-host our fonts so no data leaks to Google or any third-party CDN.
The ReleaseJet CLI runs on your machine. It uses the GitHub or GitLab tokens you give it, talks to the APIs you'd expect it to, and doesn't phone home. There's no telemetry, no auto-update pings, no crash reports. The only time the tool contacts our servers is if you hold a Pro license — to verify it — and that's it.
We don't sell your data. We share it only with the service providers we need to keep the site online. If you'd like a copy of what we hold, or you want it deleted, email hello@releasejet.dev and we'll sort it out. Full details below.
§1Who we are
ReleaseJet is operated by Mavroudis Papas as an individual, based in Thessaloniki, Greece. We are the “controller” of the personal data described in this policy in the sense of Article 4(7) GDPR.
- Privacy contact: hello@releasejet.dev
- Postal address: available on request via the email above.
ReleaseJet Pro is in development and not yet sold — see §3.5 for what data we expect to collect when Pro launches.
§2What this policy covers
This policy covers:
- The ReleaseJet website at
releasejet.dev, including the documentation and pricing pages, and the private npm registry subdomainnpm.releasejet.dev. - The ReleaseJet CLI (the
@makispps/releasejetpackage on npm) and the forthcoming@releasejet/propackage.
This policy does not cover:
- GitHub, GitLab, Slack, Discord, or Microsoft Teams. The CLI uses your own credentials to call these services on your behalf; the data you move through them is governed by each vendor's own privacy policy.
- Your organisation's internal systems. Tokens, config files, and issue data that live only on your machine remain under your control.
§3Information we collect via the website
§3.1Waitlist email (Formspree)
If you submit your email address to the ReleaseJet Pro waitlist form, we collect that email address and, where provided by the form, a source tag (e.g. "pricing") indicating which page you submitted from. Submissions are handled by Formspree Inc. (USA) on our behalf.
- Legal basis: your consent (Article 6(1)(a) GDPR).
- Retention: until ReleaseJet Pro launches, or until you ask us to delete your email — whichever comes first. We will not use your address for any marketing other than notifying you that Pro is available.
- How to withdraw consent: email hello@releasejet.dev and ask to be removed.
§3.2Website analytics (Vercel Analytics)
We use Vercel Web Analytics to count page views and basic performance metrics. The data is aggregated, does not use cookies, does not identify individual visitors, and does not follow you across sites.
- Legal basis: legitimate interest (Article 6(1)(f)) in understanding which pages people read, so we can improve the site.
- Retention:governed by Vercel's default analytics retention (currently 90 days rolling).
- No consent banner:because no information is stored on your device, the EU “cookie law” (ePrivacy Directive, Article 5(3)) does not require one.
§3.3Server access logs (Vercel infrastructure)
Our hosting provider, Vercel Inc. (USA), automatically records standard HTTP access logs for requests made to the site — IP address, user-agent, request path, timestamp, and response status. These logs are kept by Vercel under their retention policy (currently around 30 days) and are used for security, abuse prevention, and debugging.
Legal basis: legitimate interest in operating a secure service.
§3.4License data
When ReleaseJet Pro is eventually sold, we will store license records in our Vercel Postgres database (Frankfurt, EU region) containing an organisation identifier, the billing email address, subscription plan, feature flags, status, and creation / revocation timestamps.
As of this policy's “Last updated” date, no Pro customers exist and this table is empty. See §3.5 below for what will change when Pro launches.
§3.5Pro subscriptions — not yet active
ReleaseJet Pro is in development. No payment processor is integrated yet and no Pro licenses are currently sold. When Pro launches we expect to collect and store the following, and we'll update this policy to remove the “not yet active” marker before the first Pro purchase:
- Billing information, handled by a third-party payment processor — most likely Stripe, to be confirmed before launch. We will never see or store your card details. What we receive from the processor is a customer identifier, the subscription status, and a receipt reference.
- License records, stored in our Vercel Postgres database (Frankfurt, EU region): your organisation identifier, billing email, subscription plan, feature flags, and activation / revocation timestamps. These records are retained for six years after revocation to meet Greek tax-record obligations.
- Activation telemetry, limited to the fact that a license was activated or refreshed (timestamp + license key). No code, repository contents, or release-note payloads ever leave your machine.
If you are reading this before Pro launches and have joined the waitlist, we'll email you once payment goes live — you'll be able to review this section in its updated form and decide whether to subscribe.
§4What the ReleaseJet CLI handles
Because releasejet.dev is also the home of the CLI, this section explains what the tool does with data — even though most of it never leaves your machine.
§4.1On your machine
The CLI stores the following locally, on the computer where you run it:
~/.releasejet/credentials.yml— your GitHub or GitLab API token, and (if you have one) your ReleaseJet Pro license key and its short-lived JWT.~/.npmrc— a one-line entry that authenticates your npm client to thenpm.releasejet.devprivate registry, using your Pro license key..releasejet.ymlin your project — configuration (label mappings, tag format, webhook URL environment-variable references). No secrets belong in this file; literal webhook URLs are rejected at load time.
We never transmit any of these files. They remain under your control and under the file permissions of your own operating system.
§4.2Third parties you already use
The CLI acts on your behalf when you run it:
- It calls the GitHub or GitLab API with the token you provide, to read tags, issues, pull requests, and milestones, and (if you ask it to) to publish a release.
- It can post formatted release notes to the Slack, Discord, or Microsoft Teams webhook URLs you configure. Those payloads include data already present in your repository, such as issue titles, labels, and the GitHub/GitLab usernames of authors, assignees, and closers.
Neither the CLI nor we as the operator are a party to these transmissions — they happen between your machine and the services you already use, with credentials you control.
§4.3Our servers
The CLI contacts our infrastructure in exactly two situations:
- Pro license activation and refresh — when you run
releasejet auth activateorauth refresh, the CLI sends your Pro license key toreleasejet.dev/api/license/activateor/refreshand receives a signed JWT. Nothing else — no project names, no repository data, no telemetry — is included. - Installing the
@releasejet/propackage — your npm client authenticates tonpm.releasejet.devusing your license key, then downloads the tarball.
Free users of the CLI do not contact our servers at all. There is no telemetry, no automatic update check, no crash reporting, no usage metric, and no “phone home” of any kind.
§5How we use the information
- Waitlist emails — to notify you when ReleaseJet Pro launches, and to respond if you write to us.
- Website analytics — to understand which pages people read and how the site performs, so we can improve it.
- Server access logs — to keep the site secure, diagnose errors, and prevent abuse.
- License data (future) — to verify that Pro users hold a valid license, and to meet tax-record obligations.
We do not use any of this data for advertising, profiling, or automated decision-making with legal effects.
§6Who we share it with
We share personal data only with the processors we need to operate the service. We never sell it.
| Processor | Role | Data shared | Location | Safeguard |
|---|---|---|---|---|
| Vercel Inc. | Hosting, serverless functions, web analytics, blob storage, managed Postgres database (Frankfurt, EU region) | Request metadata, pageview data, published package tarballs, license records when Pro launches (currently none) | USA (database at rest in Frankfurt, EU) | EU Standard Contractual Clauses + Vercel DPA |
| Formspree Inc. | Waitlist form processor | Email addresses submitted to the Pro waitlist | USA | EU Standard Contractual Clauses + Formspree DPA |
We will update this table whenever we add or change a processor. If a payment processor is added for Pro (most likely Stripe), we will update §3.5 and this table, and treat the change as a material change under §12.
§7How long we keep it
| Data | Retention |
|---|---|
| Waitlist emails | Until ReleaseJet Pro launches, or until you ask us to delete — whichever comes first. |
| License records (when Pro launches) | Six years after licence revocation, to meet Greek tax-record obligations. |
| Server access logs | Retained by Vercel under their policy (currently around 30 days). |
| Analytics data | Retained by Vercel under their policy (currently 90 days rolling). |
You can ask us to delete anything we hold about you at any time — see §8.
§8Your rights
In relation to personal data we hold about you, you have the right to:
- ask for a copy of what we hold (access);
- ask us to correct anything that's inaccurate (rectification);
- ask us to delete your data (erasure);
- ask us to pause processing (restriction);
- receive your data in a machine-readable format (portability);
- object to processing we base on legitimate interest;
- withdraw the consent you gave for the waitlist at any time;
- lodge a complaint with the Hellenic Data Protection Authority or the supervisory authority in your EU member state of residence.
To exercise any of these, email hello@releasejet.dev. We'll respond within 30 days; if we need longer, we'll tell you why.
Hellenic Data Protection Authority
1–3 Kifisias Ave, 11523 Athens, Greece · www.dpa.gr§9International transfers
Personal data we hold is processed by the service providers listed in §6. Both providers are headquartered in the United States; our managed Postgres database (provided by Vercel) is physically hosted in the Frankfurt, EU region (fra1), so license records, when they exist, sit at rest in the EU.
Transfers to these US-based processors rely on the European Commission's Standard Contractual Clauses (Decision 2021/914) as the safeguard required by Chapter V GDPR. Each processor publishes a Data Processing Addendum that incorporates those clauses; we are signed up to both.
§10Security
We take reasonable technical measures appropriate to the volume and sensitivity of the data:
- HTTPS is enforced on every endpoint of
releasejet.devandnpm.releasejet.dev. - License JWTs are signed with an RS256 private key that lives only in the server's environment; the public key is used for client-side verification and cannot be used to forge tokens.
- Admin endpoints are protected by a bearer token compared in constant time (
crypto.timingSafeEqual) to avoid timing-side-channel attacks. - We self-host our web fonts — no visitor IP addresses are sent to Google or other font CDNs.
- Database credentials are stored only in the hosting environment and are rotated in response to any suspected exposure.
If a personal-data breach occurs, we will notify the Hellenic Data Protection Authority within 72 hours as required by Article 33, and affected users without undue delay under Article 34.
§11Children's data
ReleaseJet is a developer tool and is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have, email hello@releasejet.dev and we will delete it.
§12Changes to this policy
Material changes — anything that widens what we collect, adds a new processor, changes a retention period, or changes your rights — will be announced with a 30-day notice at the top of this page before taking effect, and, once ReleaseJet Pro has paying subscribers, by email to those subscribers.
Minor changes— wording fixes, clarifications, link updates — take effect immediately and are reflected in the “Last updated” date at the top of this page. The Git history of this page serves as the canonical change log; if you want to see what changed between two dates, we can provide the diff on request.