Release Trace

BETA

Data Handling Contract

What Release Trace stores, what it does not store, and how input validation is enforced in beta.

DocsPrivacyAccount

Data we store

  • - Account identity: email, display name, Clerk user id.
  • - Workspace/product metadata needed for release workflow.
  • - GitHub installation metadata (installation id, account login/type).
  • - Release artifacts, bullet edits, source references, and release history.
  • - Waitlist lead fields: email and optional role/workflow/source.

Data we do not store

  • - GitHub passwords or personal access tokens.
  • - Clerk session tokens.
  • - Payment card data (processed by Paddle checkout).
  • - Raw IP/user-agent/referer in waitlist fallback logs.

Validation contract

Public and authenticated write endpoints use server-side schemas and explicit constraints for payload shape and field length. Invalid payloads are rejected with explicit errors.

Current beta gaps are tracked publicly as follow-up issues (webhook schema hardening), with owner and priority.

Open session security guide

We use essential cookies for auth, security, and language preferences. Optional analytics cookies help us improve Release Trace. See Cookie Policy and Privacy Policy.