Privacy Policy
Last updated · 2026-06-01
This Privacy Policy describes how The Tiny Rock LLC (“Wikipls”, “we”, “us”) collects, uses, and protects information when you use our hosted documentation-wiki service at wikipls.com.
1. What we collect
When you sign in with GitHub we receive your GitHub user ID, display name, email address, and avatar image. We store these in our database to identify your account.
When you install our GitHub App on a repository, we receive an installation token that lets us read file contents, repository structure, commits, and pull request diffs in that repository. We are read-only on your code — we never push commits. (You may optionally choose to export your wiki back to your repo, which opens a pull request for you to review; this never happens automatically.) We never read code from repositories you have not authorized.
We generate and host a documentation wiki derived from your code, and store its pages in our database. For public repositories the wiki is publicly viewable at a wikipls.com URL and may be indexed by search engines. For privaterepositories the wiki is restricted to people who are members of the GitHub App installation that owns the repo. We re-check a repository’s public/private status from GitHub so the visibility of your wiki tracks the repository.
If you connect Jira, we store your Jira host, email, and an API token you generate. The API token is encrypted at rest with AES-256-GCM before being written to the database. Only the Wikipls runtime can decrypt it.
We store a record of every generation and update event: the source (an initial scan or a merged pull request), the affected pages and sections, the AI-generated reasons, the commit each page reflects, and token usage. We keep these so you can audit your wiki’s history from the dashboard.
2. What we send to third parties
- Anthropic— Source code excerpts, file contents, repository structure, pull request diffs, any linked Jira context, and the questions you ask the wiki are sent to Anthropic’s Claude API to generate and update your wiki and to answer chat questions. Anthropic does not train on data submitted via its API.
- GitHub— All repository reads (and, only if you use the optional export, pull request creation) happen via the GitHub API using your installation’s scoped token.
- Atlassian (Jira) — If you have connected Jira, we call your Jira host to fetch ticket details.
- Lemon Squeezy — Our payment processor and Merchant of Record. They receive your name, email, and payment details directly through their hosted checkout. We never see your card number.
- Resend — Transactional emails (welcome, wiki published, wiki updated, billing notices). They process your email address and the message body.
- Vercel and Crunchy Bridge — Our hosting and database providers. Both are SOC 2 compliant.
3. How we use your data
We use the data above to operate the service, generate the documentation updates you have asked for, send you transactional email about your account, and bill you. We do not sell your data. We do not run marketing analytics against the contents of your repositories.
4. Cookies
We use a single session cookie set by our authentication system. It is HTTP-only, secure, and same-site. We do not use third-party advertising or analytics cookies.
5. Data retention
Wiki pages, generation/update records, and section history are retained for the life of your account. Application logs are retained for 90 days. When you delete your account — or when you remove a wiki — the associated wiki pages and records are permanently deleted within 30 days, and the wiki stops being served immediately. Anonymous aggregate counters used for billing reconciliation may persist indefinitely.
6. Your rights
You can delete your account at any time from Dashboard → Billing. You can export your data via the “Export my data” button on the same page. If you are in the EU, UK, or California you have additional rights under GDPR and CCPA — including access, rectification, deletion, and portability. Email privacy@wikipls.com and we will respond within 30 days.
7. Security
All traffic to wikipls.com is encrypted in transit (TLS 1.2+). Sensitive secrets (Jira API tokens) are encrypted at rest with AES-256-GCM. Database backups are encrypted. We do not allow employee access to production data except for emergency recovery, and such access is logged.
If you believe you have found a security issue, please email security@wikipls.com. We respond within two business days.
8. Children
Wikipls is not directed at children under 16. We do not knowingly collect personal information from anyone under 16.
9. Changes
We may revise this policy. Material changes will be announced by email and on this page at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.
10. Contact
The Tiny Rock LLC
Email: privacy@wikipls.com