Privacy Policy
Last updated: February 18, 2026
This Privacy Policy explains how AccelMars Co., Ltd. (“AccelMars,” “we,” “us,” or “our”) collects, uses, stores, and protects your information when you use AccelMars Ops (“the Service”) at ops.accelmars.com.
By using the Service, you acknowledge the practices described in this policy.
1. Information We Collect
1.1 Account Information
- Email address — used for authentication (OTP login) and account communications
- Display name — shown within the Service (optional, may be populated from GitHub)
- Avatar URL — your profile image (optional, may be populated from GitHub)
1.2 GitHub Information
When you connect your GitHub account via OAuth, we receive and store:
- GitHub username — used to identify your account
- GitHub user ID — internal identifier for linking accounts
- OAuth access token and refresh token — stored securely, used to access GitHub's API on your behalf
- OAuth scopes — the permissions you granted (
repoandread:org). We only perform read operations.
1.3 Organizational Data
- Organization details — name, URL slug, timezone, GitHub organization name
- Role definitions — the executive roles you configure
- Script configurations — active scripts, descriptions, and scheduling
- Script run outputs — summaries, structured output data, report content, and alerts
- Reports — titled, dated reports with markdown content and tags
- Schedule configurations — cron expressions for automated scripts
1.4 Git Activity Data
- Repository metadata — names, owner, active status
- Daily activity snapshots — commit counts, author names, latest commit SHA, message, timestamp
Important: We do not access, read, store, or analyze your source code.
1.5 Usage and Preference Data
- Dashboard settings — pinned roles, default date range, theme preference
- Phase tracking data — project lifecycle and sprint phases, transition timestamps, notes
- Membership information — organizations, role, inviter
1.6 Technical Data
- IP address — from standard web server logs
- Browser and device information — user agent string
- Performance data — page load times, error logs
- Authentication logs — login method, timestamps
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide the Service | Account info, organizational data, GitHub data, preferences |
| Generate operational insights | Script outputs, git activity, reports |
| Automate scheduled scripts | Schedule configurations, organizational data |
| Authenticate you | Email (OTP), GitHub OAuth token |
| Enforce multi-tenant isolation | Membership data, organization IDs |
| Improve reliability | Technical data, error logs |
| Communicate with you | Email address |
| Prevent abuse | Usage patterns, authentication logs, IP addresses |
We do not use your data to train AI models, sell to third parties, display advertising, build profiles for targeted marketing, or access your source code.
3. How We Store and Protect Your Information
3.1 Database
Your data is stored in a PostgreSQL database managed by Supabase with strict access controls.
3.2 Multi-Tenant Isolation
Every data query is filtered by your organization membership using row-level security (RLS) policies at the database level — preventing any query from returning data belonging to an organization you are not a member of.
3.3 Encryption
- In transit: All data transmitted over HTTPS/TLS
- At rest: Database encryption provided by Supabase's managed infrastructure
- OAuth tokens: Stored with user-scoped access controls, encrypted at rest
4. Third-Party Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication | All stored data (encrypted at rest) |
| Vercel | App hosting, serverless functions | Request data, IP addresses |
| GitHub | Source code hosting API (read-only) | OAuth token |
| Payment processor | Payment processing | Email, payment method, billing address |
We do not sell, rent, or share your personal information with any third party for their own marketing or commercial purposes.
5. Data Retention
5.1 Active Accounts
We retain your data for as long as your account is active. Script run outputs, reports, and git activity snapshots are retained indefinitely on paid tiers.
5.2 Account Deletion
When you delete your account, your profile is removed, all organizations you own are deleted, and all associated data is permanently deleted via cascading database deletion. This process is irreversible.
5.3 Free Tier Inactive Accounts
We may delete Free tier accounts inactive for 12 consecutive months after providing 30 days' notice.
6. Your Rights
- Access — view all your data through the dashboard and settings
- Correction — update your profile, organization details, and preferences
- Deletion — delete your account and all data through settings, or contact hello@accelmars.com
- Data portability — export your data through the settings page
- Revoke GitHub access — disconnect GitHub through settings or revoke from GitHub directly
- Withdraw consent — delete your account at any time
7. For Users in the European Economic Area (EEA)
7.1 Legal Basis for Processing
| Processing Activity | Legal Basis |
|---|---|
| Providing the Service | Performance of contract |
| Authentication and security | Legitimate interest |
| Payment processing | Performance of contract |
| Error monitoring | Legitimate interest |
| Responding to requests | Legitimate interest / consent |
7.2 Additional Rights
EEA users may also object to processing, restrict processing, and lodge complaints with their local data protection authority.
7.3 Data Transfers
Your data is processed on servers in the United States. We rely on standard contractual clauses for international data transfers.
7.4 GDPR Contact
For GDPR-related requests, contact hello@accelmars.com. We will respond within 30 days.
8. For Users in California
8.1 Categories of Information Collected
- Identifiers — email, GitHub username, IP address
- Internet activity — dashboard usage, script execution history
- Professional information — organization name, role configurations
8.2 Your California Rights
- Right to know what personal information we collect and how we use it
- Right to delete your personal information
- Right to opt-out of the sale of personal information — we do not sell your data
- Right to non-discrimination for exercising your privacy rights
9. Cookies and Local Storage
| Type | Purpose | Duration |
|---|---|---|
| Session cookie | Authentication session | Until logout or expiry |
| Local storage | Dashboard preferences | Persistent until cleared |
We do not use third-party advertising cookies, cross-site tracking cookies, or third-party analytics cookies.
10. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. Contact hello@accelmars.com if you believe a child has provided us with personal information.
11. Security Incidents
In the event of a data breach, we will notify affected users by email within 72 hours, notify relevant authorities as required by law, and provide details about the nature of the breach and steps being taken.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified at least 30 days in advance. Your continued use constitutes acceptance.
13. Contact
If you have questions about this Privacy Policy, contact us at:
AccelMars Co., Ltd.
Email: hello@accelmars.com
Website: accelmars.com