Privacy Policy

Last updated: March 28, 2026

1. What We Collect

Account information

Name, email address, and hashed password. Collected at signup.

Integration data

When you connect a third-party service, we access the data described in the consent screen shown before each connection. Specifically:

  • GitHub — Source code files (read), issues (read & create), commits, CI workflows (read), release tags
  • Slack — Channel message history, channel list. We can also post messages and reactions on your behalf.
  • Linear — Teams, projects, issues. We can create new issues from your roadmap.
  • Intercom — Customer conversation threads (closed and snoozed conversations)
  • PostHog — Active user counts (DAU/WAU/MAU), event counts, retention metrics

Usage data

We use PostHog to collect anonymous product analytics about how you use Startis itself (page views, feature usage). This helps us improve the product.

2. How We Use Your Data

  • AI analysis (via Anthropic Claude) to extract feedback themes, pain points, feature requests, and sentiment
  • Generating product analysis, opportunity scoring, and roadmap recommendations
  • Creating analytics snapshots from your PostHog data
  • Posting messages or creating issues on your behalf when you explicitly request it

3. How We Store Your Data

  • Database: Supabase (PostgreSQL) hosted on AWS
  • Credentials: All OAuth tokens and API keys are encrypted at rest using AES-256-CBC
  • Application: Hosted on Vercel
  • Passwords: Hashed by Supabase Auth (bcrypt), never stored in plaintext

4. Third-Party Processors

  • Anthropic — Processes your integration data for AI analysis. Subject to Anthropic's data usage policies.
  • Supabase — Database and authentication hosting
  • Vercel — Application hosting and serverless functions
  • PostHog — Product analytics for Startis usage (not your data)

5. Your Rights

  • Disconnect: Remove any integration at any time from the Integrations page. This revokes our access to that service.
  • Delete: Delete your entire account and all associated data from the Settings page. This is permanent and immediate.
  • Export: Contact us to request an export of your data.

6. Data Retention

Your data is retained for as long as your account is active. When you disconnect an integration, the stored credentials for that integration are deleted. Extracted insights from that integration remain unless you delete your account.

After account deletion, all data is purged within 30 days.

7. Cookies

Startis uses essential cookies for authentication (Supabase session) and theme preference. PostHog may set analytics cookies. We do not use advertising cookies or trackers.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or through the service.

9. Contact

Questions about your privacy? Use the feedback button in the app to reach us.

    Privacy Policy - Startis