Privacy Policy
Last updated: 2026-07-04
Effective date: 2026-07-04
This Privacy Policy explains how PreciseActions ("we", "us") collects, uses, stores, and protects your information when you use our external GitHub Actions scheduler. PreciseActions is operated by [Company Legal Entity], organized under the laws of [Jurisdiction].
What we collect
We collect only the information needed to run the scheduling service and communicate with you.
| Data | Why we collect it | Source |
|---|---|---|
| GitHub OAuth profile | To identify you and authenticate your account | GitHub OAuth login |
| GitHub user ID and username | To link your account to schedules and installations | GitHub OAuth login |
| Email address | To send notifications and billing-related messages | GitHub OAuth profile (if public) |
| GitHub App installation tokens | To dispatch workflows on repositories you authorized | GitHub App installation flow |
| Repository and workflow identifiers | To know which workflows to trigger at scheduled times | You, through the dashboard or CLI |
| Cron expressions, timezones, and schedule settings | To evaluate when to fire workflow dispatches | You, through the dashboard or CLI |
| Execution logs and status | To show run history, retry counts, latency, and failure details | Generated when the scheduler runs |
| Notification preferences and endpoints | To deliver alerts via email, Slack, Discord, or webhook | You, through the dashboard or CLI |
| Subscription and billing metadata | To enforce plan limits and track payments | Dodo Payments webhooks |
We do not collect or store payment card details. Dodo Payments handles payment processing.
How we use your data
- Authenticate you through GitHub OAuth and keep your session secure.
- Evaluate cron schedules and call GitHub's
workflow_dispatchAPI on your behalf. - Store encrypted GitHub App installation tokens so the scheduler can dispatch workflows without asking you to log in repeatedly.
- Show execution history, success or failure status, and latency metrics in the dashboard and CLI.
- Send notifications you configure, such as failure alerts.
- Enforce plan limits (Free: 5 schedules, Hobby: 50 schedules, Pro: unlimited, Enterprise: custom).
- Process billing and subscription events through Dodo Payments.
- Maintain service security, investigate abuse, and respond to support requests.
How we share your data
We share data only with the service providers necessary to operate PreciseActions:
- GitHub: We call GitHub's API using your installation token to trigger workflows. GitHub receives workflow names, repository identifiers, and dispatch payloads.
- Dodo Payments: We receive subscription and billing event webhooks from Dodo. Dodo processes your payment information directly.
- SendGrid: If you enable email notifications, we send messages through SendGrid using the address you provide.
- DigitalOcean: Our VPS and database are hosted on DigitalOcean infrastructure.
We do not sell your personal data or share it with advertisers.
Where we store your data
Data is stored in a PostgreSQL database running on a single DigitalOcean VPS. Backups, if enabled, remain on infrastructure under our control. The database stores user profiles, schedules, execution history, encrypted tokens, and billing event records.
Security measures
- GitHub App installation tokens are encrypted at rest using AES-256-GCM.
- Authentication uses JSON Web Tokens (JWT) with signed cookies.
- Internal scheduler-to-API calls use a shared secret.
- GitHub and Dodo webhook signatures are verified before processing.
- The production API, scheduler, and database are not exposed directly to the internet. Caddy acts as a reverse proxy with automatic HTTPS via Let's Encrypt.
No system is perfectly secure. You are responsible for keeping your GitHub account safe and revoking our access if you suspect misuse.
Data retention
- Schedules and execution logs are retained while your account exists.
- Billing event records are retained as needed for financial record-keeping and tax compliance.
- If you delete your account, we remove or anonymize your schedules, execution logs, and encrypted tokens, except where we are legally required to keep records.
Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate information.
- Delete your account and associated data.
- Export your schedule and execution data.
- Object to or restrict certain processing.
To exercise these rights, contact us at [contact email]. We will respond within a reasonable timeframe.
Cookies and similar technologies
We use cookies to maintain your authenticated session between the web dashboard and the API. These are functional cookies required for login. We do not use cookies for advertising or cross-site tracking.
Children's privacy
PreciseActions is not intended for children under 13. We do not knowingly collect personal information from children under 13.
Changes to this policy
We may update this Privacy Policy as the service evolves. When we make material changes, we will update the "Last updated" date at the top. Continued use of the service after changes means you accept the revised policy.
Contact
For privacy questions or data requests, contact us at [contact email].