Privacy Policy

Last updated: February 27, 2026

This Privacy Policy explains how AccelMars Co., Ltd. (“AccelMars,” “we,” “us,” or “our”) collects, uses, stores, and protects your information when you use our products and services (“the Services”), including AccelMars Ops (ops.accelmars.com), AccelMars Mind, Strata, and our website at accelmars.com.

By using any of the Services, you acknowledge the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication and account communications
  • Display name — shown within the Services (optional, may be populated from GitHub)
  • Avatar URL — your profile image (optional, may be populated from GitHub)

1.2 GitHub Information

When you connect your GitHub account via OAuth, we receive and store:

  • GitHub username and user ID — for account linking
  • OAuth access and refresh tokens — stored securely, used to access GitHub’s API on your behalf
  • OAuth scopes — the permissions you granted. We only perform read operations (listing repositories, reading commit history)

1.3 Organizational Data

When you create an organization and use the Services, we collect and store organizational details, role definitions, script configurations, script run outputs, reports, and schedule configurations.

1.4 Git Activity Data

When you connect tracked repositories, we collect repository metadata and daily activity snapshots (commit counts, authors, timestamps) from the GitHub API.

Important: We do not access, read, store, or analyze your source code. We only read repository-level metadata and commit information.

1.5 Usage and Preference Data

Dashboard settings, phase tracking data, and membership information.

1.6 Technical Data

Automatically collected: IP address, browser and device information (user agent), performance data, and authentication logs.

1.7 Website Analytics

Our website (accelmars.com) uses Plausible Analytics, a privacy-focused analytics tool. Plausible does not use cookies, does not collect personal data, and is fully GDPR compliant. All data is aggregated — no individual visitors are tracked.

1.8 Contact Form

If you submit our contact form, we collect your name, email address, subject, and message. Contact form submissions are processed through Formspree. See Formspree’s privacy policy for their data practices.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Services
  • Generate operational insights and reports
  • Authenticate you and enforce multi-tenant isolation
  • Improve reliability and performance
  • Communicate with you (account notices, security alerts, service updates)
  • Process payments
  • Prevent abuse

We do not use your data to:

  • Train AI or machine learning models
  • Sell to third parties
  • Display advertising
  • Build profiles for targeted marketing
  • Access or analyze your source code

3. How We Store and Protect Your Information

3.1 Database

Your data is stored in a PostgreSQL database managed by Supabase with strict access controls and row-level security policies.

3.2 Multi-Tenant Isolation

Every data query is filtered by your organization membership. We enforce tenant isolation at the database level — the database itself prevents any query from returning data belonging to an organization you are not a member of.

3.3 Encryption

  • In transit: All data is transmitted over HTTPS/TLS
  • At rest: Database encryption is provided by Supabase’s managed infrastructure
  • OAuth tokens: Stored with user-scoped access controls, encrypted at rest

4. Third-Party Service Providers

We use the following third-party providers to operate the Services:

  • Supabase — Database hosting, user authentication
  • Vercel — Application hosting, serverless functions
  • GitHub — Source code hosting API (read-only access)
  • Lemon Squeezy / Stripe — Payment processing
  • Plausible Analytics — Privacy-focused website analytics (no cookies, no personal data)
  • Formspree — Contact form processing

These providers act as data processors on our behalf. We do not sell, rent, or share your personal information with any third party for their own marketing or commercial purposes.

5. Data Retention

5.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Services. Authentication logs are retained for 12 months.

5.2 Account Deletion

When you delete your account, all associated data is permanently and irreversibly deleted via cascading database deletion.

5.3 Inactive Accounts

We may delete free tier accounts that have been inactive for 12 consecutive months after providing 30 days’ notice to your registered email address.

6. Your Rights

  • Access — View all your data through the Services at any time
  • Correction — Update your information through the Services
  • Deletion — Delete your account and all data at any time, or contact hello@accelmars.com
  • Data Portability — Access your data through the Services’ interface. API export planned for a future release
  • Revoke GitHub Access — Disconnect your GitHub account at any time
  • Withdraw Consent — Delete your account to withdraw consent to data processing

7. For Users in the European Economic Area (EEA)

If you are located in the EEA, the following additional provisions apply under the GDPR:

  • Providing the Services — Performance of contract
  • Authentication and security — Legitimate interest
  • Payment processing — Performance of contract
  • Error monitoring — Legitimate interest

7.2 Additional Rights

EEA users may also object to processing, restrict processing, and lodge complaints with their local data protection authority.

7.3 Data Transfers

Your data is processed on servers in the United States. We rely on standard contractual clauses and our providers’ compliance frameworks for international data transfers.

7.4 Contact for GDPR Requests

Contact hello@accelmars.com. We will respond within 30 days.

8. For Users in California

If you are a California resident, under the CCPA:

  • Right to know what personal information we collect and how we use it
  • Right to delete your personal information
  • Right to opt-out of sale — we do not sell your personal information
  • Right to non-discrimination for exercising your privacy rights

9. Cookies and Local Storage

9.1 What We Use

  • Session cookie — Authentication session (until logout or expiry)
  • Local storage — Dashboard preferences (persistent until cleared)

9.2 What We Don’t Use

No third-party advertising cookies. No cross-site tracking cookies. No analytics cookies (Plausible is cookieless).

10. Children’s Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at hello@accelmars.com.

11. Security Incidents

In the event of a data breach, we will notify affected users by email within 72 hours, notify relevant authorities as required by law, and provide details about the breach and our response.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated at least 30 days before taking effect.

13. Contact

If you have questions about this Privacy Policy, contact us at:

AccelMars Co., Ltd. Email: hello@accelmars.com Website: accelmars.com