Privacy Policy

Last updated: 2026-07-04

Effective date: 2026-07-04

This Privacy Policy explains how PreciseActions ("we", "us") collects, uses, stores, and protects your information when you use our external GitHub Actions scheduler. PreciseActions is operated by [Company Legal Entity], organized under the laws of [Jurisdiction].

What we collect

We collect only the information needed to run the scheduling service and communicate with you.

DataWhy we collect itSource
GitHub OAuth profileTo identify you and authenticate your accountGitHub OAuth login
GitHub user ID and usernameTo link your account to schedules and installationsGitHub OAuth login
Email addressTo send notifications and billing-related messagesGitHub OAuth profile (if public)
GitHub App installation tokensTo dispatch workflows on repositories you authorizedGitHub App installation flow
Repository and workflow identifiersTo know which workflows to trigger at scheduled timesYou, through the dashboard or CLI
Cron expressions, timezones, and schedule settingsTo evaluate when to fire workflow dispatchesYou, through the dashboard or CLI
Execution logs and statusTo show run history, retry counts, latency, and failure detailsGenerated when the scheduler runs
Notification preferences and endpointsTo deliver alerts via email, Slack, Discord, or webhookYou, through the dashboard or CLI
Subscription and billing metadataTo enforce plan limits and track paymentsDodo Payments webhooks

We do not collect or store payment card details. Dodo Payments handles payment processing.

How we use your data

  • Authenticate you through GitHub OAuth and keep your session secure.
  • Evaluate cron schedules and call GitHub's workflow_dispatch API on your behalf.
  • Store encrypted GitHub App installation tokens so the scheduler can dispatch workflows without asking you to log in repeatedly.
  • Show execution history, success or failure status, and latency metrics in the dashboard and CLI.
  • Send notifications you configure, such as failure alerts.
  • Enforce plan limits (Free: 5 schedules, Hobby: 50 schedules, Pro: unlimited, Enterprise: custom).
  • Process billing and subscription events through Dodo Payments.
  • Maintain service security, investigate abuse, and respond to support requests.

How we share your data

We share data only with the service providers necessary to operate PreciseActions:

  • GitHub: We call GitHub's API using your installation token to trigger workflows. GitHub receives workflow names, repository identifiers, and dispatch payloads.
  • Dodo Payments: We receive subscription and billing event webhooks from Dodo. Dodo processes your payment information directly.
  • SendGrid: If you enable email notifications, we send messages through SendGrid using the address you provide.
  • DigitalOcean: Our VPS and database are hosted on DigitalOcean infrastructure.

We do not sell your personal data or share it with advertisers.

Where we store your data

Data is stored in a PostgreSQL database running on a single DigitalOcean VPS. Backups, if enabled, remain on infrastructure under our control. The database stores user profiles, schedules, execution history, encrypted tokens, and billing event records.

Security measures

  • GitHub App installation tokens are encrypted at rest using AES-256-GCM.
  • Authentication uses JSON Web Tokens (JWT) with signed cookies.
  • Internal scheduler-to-API calls use a shared secret.
  • GitHub and Dodo webhook signatures are verified before processing.
  • The production API, scheduler, and database are not exposed directly to the internet. Caddy acts as a reverse proxy with automatic HTTPS via Let's Encrypt.

No system is perfectly secure. You are responsible for keeping your GitHub account safe and revoking our access if you suspect misuse.

Data retention

  • Schedules and execution logs are retained while your account exists.
  • Billing event records are retained as needed for financial record-keeping and tax compliance.
  • If you delete your account, we remove or anonymize your schedules, execution logs, and encrypted tokens, except where we are legally required to keep records.

Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated data.
  • Export your schedule and execution data.
  • Object to or restrict certain processing.

To exercise these rights, contact us at [contact email]. We will respond within a reasonable timeframe.

Cookies and similar technologies

We use cookies to maintain your authenticated session between the web dashboard and the API. These are functional cookies required for login. We do not use cookies for advertising or cross-site tracking.

Children's privacy

PreciseActions is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Changes to this policy

We may update this Privacy Policy as the service evolves. When we make material changes, we will update the "Last updated" date at the top. Continued use of the service after changes means you accept the revised policy.

Contact

For privacy questions or data requests, contact us at [contact email].