wikipls.
Get started
Privacy

Privacy Policy

Last updated · 2026-05-16

This Privacy Policy describes how The Tiny Rock LLC (“Wikipls”, “we”, “us”) collects, uses, and protects information when you use our documentation maintenance service at wikipls.com.

1. What we collect

When you sign in with GitHub we receive your GitHub user ID, display name, email address, and avatar image. We store these in our database to identify your account.

When you install our GitHub App on a repository, we receive an installation token that lets us read pull request diffs, commits, and file contents in that repository, and open pull requests against it. We never read code from repositories you have not authorized.

If you connect Jira, we store your Jira host, email, and an API token you generate. The API token is encrypted at rest with AES-256-GCM before being written to the database. Only the Wikipls runtime can decrypt it.

We store a snapshot of every documentation event Wikipls processes for you: the source pull request URL, the affected sections, the AI-generated update reasons, and token usage. We keep these so you can audit and replay generation from the dashboard.

2. What we send to third parties

  • Anthropic— Pull request diffs, manifest section text, and any linked Jira context are sent to Anthropic’s Claude API to generate documentation updates. Anthropic does not train on data submitted via its API.
  • GitHub— All repository reads and pull request creation happen via the GitHub API using your installation’s scoped token.
  • Atlassian (Jira) — If you have connected Jira, we call your Jira host to fetch ticket details.
  • Lemon Squeezy — Our payment processor and Merchant of Record. They receive your name, email, and payment details directly through their hosted checkout. We never see your card number.
  • Resend — Transactional emails (welcome, doc-PR opened, billing notices). They process your email address and the message body.
  • Vercel and Crunchy Bridge — Our hosting and database providers. Both are SOC 2 compliant.

3. How we use your data

We use the data above to operate the service, generate the documentation updates you have asked for, send you transactional email about your account, and bill you. We do not sell your data. We do not run marketing analytics against the contents of your repositories.

4. Cookies

We use a single session cookie set by our authentication system. It is HTTP-only, secure, and same-site. We do not use third-party advertising or analytics cookies.

5. Data retention

Doc event records and section updates are retained for the life of your account. Application logs are retained for 90 days. When you delete your account, all account data, projects, doc events, and Jira credentials are permanently deleted within 30 days. Anonymous aggregate counters used for billing reconciliation may persist indefinitely.

6. Your rights

You can delete your account at any time from Dashboard → Billing. You can export your data via the “Export my data” button on the same page. If you are in the EU, UK, or California you have additional rights under GDPR and CCPA — including access, rectification, deletion, and portability. Email privacy@wikipls.com and we will respond within 30 days.

7. Security

All traffic to wikipls.com is encrypted in transit (TLS 1.2+). Sensitive secrets (Jira API tokens) are encrypted at rest with AES-256-GCM. Database backups are encrypted. We do not allow employee access to production data except for emergency recovery, and such access is logged.

If you believe you have found a security issue, please email security@wikipls.com. We respond within two business days.

8. Children

Wikipls is not directed at children under 16. We do not knowingly collect personal information from anyone under 16.

9. Changes

We may revise this policy. Material changes will be announced by email and on this page at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

10. Contact

The Tiny Rock LLC
Email: privacy@wikipls.com