This privacy and cookies statement ("Statement") is applicable to all products, services and activities from Bosun B.V., located in Utrecht, the Netherlands, registered in the chamber of commerce under number 96839651. Bosun B.V. is responsible for the processing of your personal data. In this statement is described how your personal data is processed, and to which ends this data is processed.
By using Bosun, you agree with the following conditions. If you do not agree with this statement, you are requested not to use Bosun.
Below you can find an overview of how Bosun processes personal data, for what purposes, on what legal basis, and for how long.
Bosun allows you to connect your GitHub and/or GitLab account so we can provide our service (automating software maintenance based on the code in your repositories). We use your account information to authenticate you, display your profile, link the correct organizations, and provide access to the Bosun application. This processing is necessary for the performance of the agreement with you (the provision of Bosun).
Legal basis: performance of a contract (Article 6(1)(b) GDPR).
Retention period: your account data and related organizational/repository data are retained for as long as your account is active. Upon account deletion, your account data is deleted within 30 days. Repository content processed for automation purposes is not persistently stored; it is only held temporarily as required to complete each automation task.
We process personal data when you contact us for support or when we send service-related communications (e.g., important product updates, transactional emails).
Legal basis: performance of a contract (Article 6(1)(b) GDPR) and/or legitimate interests (Article 6(1)(f) GDPR) (efficient customer support and service improvement).
Retention period: deleted upon request where applicable (and in any event aligned with the deletion timelines above where the data is part of your account).
We process certain technical data to secure Bosun, prevent abuse and fraud, and maintain stable operations (e.g., debugging and incident handling). We do not store IP addresses in our logs.
Legal basis: legitimate interests (Article 6(1)(f) GDPR) (security, fraud prevention, and service reliability).
Retention period: logs are retained for a maximum of 30 days, after which they are automatically deleted.
We use third-party service providers to deliver and operate Bosun. These providers act as processors and process data only on Bosun's behalf and under Bosun's instruction.
Purpose: supporting automation features that use language models.
Data categories: repository data and related inputs needed to perform the requested automation (as applicable).
Purpose: OAuth authentication and authorized access to your repositories/organizations.
Data categories: account/profile data, organization data, authentication-related data as part of the OAuth flow.
Purpose: sending service emails (e.g., verification, notifications, support).
Data categories: e-mail address and email content metadata.
Purpose: monitoring application errors and performance for reliability and security.
Data categories: technical logs and error data (configured to avoid unnecessary personal data).
Purpose: handling support communications and internal collaboration.
Data categories: contact information and support correspondence.
As a data subject, you have the following rights under the GDPR:
Requests to exercise the rights above can be made to Bosun B.V. via contact@bosun.ai.
If you have given consent for the processing of your personal data, you may withdraw this consent at any time. To do so, please send a request to Bosun B.V. The processing of your personal data in the period before the withdrawal of consent remains lawful.
Bosun B.V. will not retain your (personal) data for longer than is necessary for the performance of its services, unless it is obliged to retain the data for a longer period pursuant to applicable legislation or a court order. In such a case, Bosun B.V. will retain the data for no longer than the period obligated.
Bosun takes the security of personal data seriously. We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction. If, despite our security measures, a security incident occurs that is likely to have adverse consequences for your privacy, we will inform you as soon as possible about the incident.
Bosun B.V. may share your personal data with third parties in the following circumstances:
Bosun B.V. does not sell your personal data to third parties.
Bosun uses cookies and similar technologies. Below is an overview.
Purpose: login/session management, security (e.g., keeping you logged in, preventing misuse, ensuring the application works correctly).
Retention period: typically for the duration of your session and/or a limited period as required for secure operation. Logging out will end the session.
Purpose: to understand aggregated website traffic and improve our marketing website.
Data minimization: Plausible is designed to provide privacy-friendly, aggregated statistics and is typically configured to avoid tracking individuals across sites.
Retention period: retained according to our Plausible configuration, and only as long as needed for the above purpose.
Third-party cookies (or similar technologies) may be placed via Bosun, depending on the third-party services used (for example, analytics providers). The privacy and cookie policy of the company in question applies to the use of third-party cookies.
If you have a complaint about how Bosun B.V. processes your personal data, we ask you to contact us directly. If we are unable to resolve your complaint, you have the right to submit a complaint to the competent supervisory authority. In the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) is responsible for supervising compliance with privacy legislation.
For questions or requests regarding this Statement, you can contact Bosun B.V. via: