Privacy Policy
In short: TrimCI analyzes your CI/CD pipelines — never your source code. We store your account email, your organization's pipeline metadata, and short excerpts of failed-job logs (kept 30 days). Everything is stored and processed in the European Union. We use no advertising, no tracking cookies, and no external AI providers — log analysis runs on our own self-hosted model, and our web analytics is cookie-less and self-hosted too. Two things worth knowing up front: (1) failed-job log excerpts from your pipelines are analyzed by an AI model running on our own servers, and (2) we process the usernames of people who trigger pipelines in connected repositories, and those people may not be TrimCI users themselves — their employer or team (our customer) is the controller of that data.
1. Who we are
The TrimCI service (trimci.com) is operated by Bogusław Chojecki, an entrepreneur entered in the Polish Central Registration and Information on Business (CEIDG), address for service (adres do doręczeń): Miłochniewice 17, 96-130 Głuchów, Poland, tax identification number (NIP) 8351582374, REGON 368656712 ("TrimCI", "we"). For all privacy matters, contact us at office@trimci.com. We have not appointed a Data Protection Officer, because the scale and nature of our processing does not require one under Article 37 GDPR; the email above is our privacy contact point.
2. Our two roles: controller and processor
Under the GDPR we act in two different roles depending on the data:
| Data category | Our role | Who to contact about your rights |
|---|---|---|
| Account data (email, password), organization and membership data, invitations, security logs, support correspondence | Controller — we decide how and why this data is processed | TrimCI (office@trimci.com) |
| CI observability data pulled from connected providers: pipeline runs, jobs, timing, conclusions, pipeline-actor usernames, failed-job log excerpts | Processor — we process this data only on the documented instructions of the customer organization that connected the provider, under our Data Processing Agreement | The organization that connected the repository (your employer or team) — it is the controller of this data. We will assist it in answering your request. |
3. Data we process as controller
- Account data: your email address and a salted hash of your password (we never store the password itself).
- Organization data: organization name, your role in it (owner, admin, member), and invitations you send or receive.
- Security and access data: standard technical logs (timestamps, IP addresses in server logs), the session cookie, and the private-beta access cookie.
- Support correspondence: emails you send to us.
- Product analytics data: page-view records collected by our self-hosted, cookie-less analytics software (Umami) running on our own EU servers. Each record holds the page URL (query strings are stripped), referrer, time, browser/OS/device type, language, and the country derived from your IP address, linked by an irreversible visitor identifier whose salt rotates daily. The raw IP address is used only transiently to derive that identifier and the country — it is never stored in analytics — and no analytics data leaves our infrastructure. Pages whose URL contains a secret (invitation and verification links) are never tracked at all.
- Product-milestone events: records that your account or organization reached a service milestone (account created, email verified, organization created, CI provider connected, first sync completed, first report generated, pricing viewed from the app). When you delete your account, these records are detached from you and become anonymous statistics.
- In the future, when paid plans launch: subscription status received from our payment provider (Merchant of Record). We will update this policy before that happens.
4. Data we process as processor for your organization
When an organization connects GitHub Actions or GitLab CI, we retrieve and store, on that organization's behalf: pipeline run and job metadata (names, timing, durations, statuses, conclusions, branches, trigger events), the username of the person who triggered each run, and — for failed jobs only — the last 8,000 characters of the job log, which may incidentally contain personal data. The organization is the controller of this data; we process it under our Data Processing Agreement.
5. Where this data comes from — and what we never access
CI data is retrieved from the GitHub and GitLab APIs at the instruction of the organization that connected the provider. We request only read-only pipeline scopes, and a runtime allowlist in our HTTP client rejects any request outside pipeline, job, project-listing, and connection-setup (identity, version and token-status) endpoints before it leaves our servers. We never read your source code, workflow YAML files, commit diffs, or any repository file. Details are on our security page.
6. Purposes and legal bases
| Purpose | Data | Legal basis |
|---|---|---|
| Creating and operating your account and organizations; providing the service | Account and organization data | Art. 6(1)(b) GDPR — performance of a contract |
| Transactional email (account verification, password reset, invitations, connector/token warnings, service and plan lifecycle notices) | Email address, organization context | Art. 6(1)(b) GDPR — performance of a contract |
| Answering your support requests | Support correspondence | Art. 6(1)(b) GDPR — performance of a contract; Art. 6(1)(f) for questions from non-customers |
| Securing the service: authentication, tenant isolation, enforcing the zero-code-access boundary, preventing abuse of the private beta gate, rate limiting | Security and access data, technical logs | Art. 6(1)(f) GDPR — our legitimate interest in keeping the service and its data secure and preventing abuse |
| Measuring how the service is used and improving it (aggregate web analytics and product-milestone statistics) | Product analytics data, product-milestone events | Art. 6(1)(f) GDPR — our legitimate interest in understanding and improving our own service |
| Complying with legal obligations (e.g. tax and accounting, once paid plans exist) | Billing-related identifiers | Art. 6(1)(c) GDPR — legal obligation |
For CI observability data processed on behalf of customer organizations, the legal basis belongs to the organization as controller (typically its legitimate interest in analyzing and improving its own CI/CD operations); we act only as its processor.
7. AI analysis
Failed-job log excerpts and pipeline failure patterns are analyzed by a large language model that we host on our own infrastructure (a self-hosted Ollama model). This data is never sent to OpenAI, Anthropic, or any other external AI provider. Before any log excerpt reaches the model, known secret formats (API keys, tokens) are redacted. The model produces optimization recommendations about pipelines — it does not evaluate people, and no decision producing legal or similarly significant effects on any person is made by automated means (no automated decision-making within the meaning of Art. 22 GDPR).
8. Who we share data with
We do not sell personal data and we do not share it with advertisers. Data is disclosed only to the infrastructure sub-processors listed on our sub-processor page — currently Hetzner (hosting, European Union) and Brevo (transactional email, European Union) — and to public authorities where the law requires it. When paid plans launch, our payment provider (Merchant of Record) will process checkout and payment data as an independent controller; we will name it here and on the sub-processor page before that happens.
9. International transfers
All storage and processing performed by TrimCI happens in the European Union. We do not transfer personal data outside the European Economic Area. For transparency: to collect CI data, our servers make API requests to GitHub (operated from the United States) and to GitLab, on the instruction of the organization that connected the provider and within that organization's own relationship with those platforms; the requests carry only the credentials and repository/run identifiers needed to read pipeline data.
10. How long we keep data
| Data | Retention |
|---|---|
| Failed-job log excerpts | 30 days, then automatically and permanently deleted |
| Pipeline run/job metadata (incl. pipeline-actor usernames) | For as long as the customer organization's account exists; deleted when the organization is deleted. (On first connection we back-fill at most the last 60 days of history — a collection window, not a retention period.) |
| Account and organization data | Until you delete your account, plus any period required by law |
| Email verification links / invitations | Verification links expire after 72 hours; invitations after 7 days |
| Web analytics records | Kept as service statistics; they contain no raw IP address and the visitor identifier is irreversible (its salt rotates daily), so records cannot be traced back to a person |
| Product-milestone events | Kept as service statistics; the link to your account is removed when the account is deleted |
| Support correspondence | Kept while we handle your request and for up to 12 months after the exchange ends |
| Technical server logs (incl. IP addresses) | Rotated on a rolling basis; kept only as long as needed for security monitoring and incident response |
11. Your rights
For data we control, you have the right to access your data (Art. 15 GDPR), rectify it (Art. 16), erase it (Art. 17), restrict its processing (Art. 18), receive it in a portable format (Art. 20), and not to be subject to automated decision-making (Art. 22 — which we do not perform). Where we rectify, erase or restrict data, we notify the recipients it was disclosed to, as required by Art. 19 GDPR. To exercise any right, email office@trimci.com; we respond within one month (extendable by two further months for complex requests, in which case we will tell you), free of charge. We may ask you to confirm your identity. If your request concerns CI data of an organization (e.g. your username in pipeline data), please contact that organization first — it is the controller — and we will assist it in answering you.
Right to object. Where we process your data based on our legitimate interest (Art. 6(1)(f) — see the table above), you may object at any time on grounds relating to your particular situation (Art. 21 GDPR). We will then stop that processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms.
12. Complaints
You have the right to lodge a complaint with a supervisory authority. Our lead authority is the President of the Polish Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warszawa, Poland, uodo.gov.pl. If you live in another EU country, you may also complain to your local data protection authority.
13. Cookies
We use only cookies that are strictly necessary to operate the service — the category exempt from consent under EU ePrivacy rules and the Polish Electronic Communications Law — which is why you see no cookie consent banner. We use no analytics, advertising, or tracking cookies of any kind. Our web analytics (see section 3) is deliberately cookie-less: the self-hosted tracker stores nothing on your device, which is why it does not appear in the table below and requires no consent. Separately from cookies, the app keeps two small preferences in your browser's local storage — your light/dark theme choice and which dashboard notices you have dismissed; they never leave your device and are not used for tracking.
| Cookie | Purpose | Lifetime |
|---|---|---|
| sessionid | Keeps you signed in | Up to 2 weeks |
| csrftoken | Protects forms against cross-site request forgery | Up to 12 months |
| trimci_gate | Remembers that you unlocked the private beta | 7 days |
| messages | Carries a one-time status notification to the next page (e.g. 'Invitation sent') | Deleted right after the message is shown |
14. How we protect data
Data is encrypted in transit (TLS); CI provider credentials are additionally encrypted at rest; passwords are stored only as salted hashes; access is scoped per organization and role. A full description of our technical and organisational measures is on the security page and in the annex to the Data Processing Agreement.
15. Do you have to provide data?
Providing an email address and password is a contractual requirement — without them we cannot create or operate your account. All other data is provided as part of using the service (e.g. connecting a CI provider is always your organization's choice).
16. Changes to this policy
We will announce material changes to this policy by email and in the app before they take effect — never by silent re-publication. The version number and effective date at the top of this page always identify the current text; previous versions are available on request.
17. Contact
Privacy questions and rights requests: office@trimci.com. See also: Terms of Service, Data Processing Agreement, Sub-processors, Security.