1. Data we collect
Shipam collects data needed to operate the product, including:
- account and contact details such as email address and basic profile information;
- changelog content and related assets you create, upload, publish, or send through the service;
- analytics events from hosted pages, such as page views, badge clicks, and performance telemetry when visitors consent to analytics cookies;
- subscriber and delivery data needed to send release emails and confirmation flows.
- integration metadata, access tokens, webhook configuration, and related identifiers for customer-enabled integrations;
- billing status, plan entitlement, support, security, and operational log data needed to run and protect the service.
2. How we use data
We use personal and product data to:
- authenticate users and secure accounts;
- host and render changelog sites, roadmap pages, and widgets;
- measure product usage and hosted-page performance;
- process billing and manage plan entitlements;
- send subscriber emails, login links, and service messages;
- import, transform, publish, and deliver updates through customer-enabled integrations;
- generate AI-assisted drafts only when an enabled AI feature is invoked.
3. Infrastructure and sub-processors
Shipam uses third-party infrastructure and service providers to operate the product. These providers process data on our behalf only to the extent needed for their role in delivering, securing, or supporting Shipam.
- Railway: application hosting and runtime services.
- Hetzner: hosting for self-managed database and shared data-plane services.
- Cloudflare: DNS, edge security, tunnels and access controls, object storage, and operational backups.
- Stripe: payments, billing, invoices, tax, and subscription management.
- Resend or Amazon SES: transactional email, subscriber email delivery, login links, and service messages, depending on the active production email configuration.
- Google: hosted-page font stylesheet delivery for selected non-system fonts, plus optional social sign-in and account profile authentication when Google sign-in is configured.
- Slack, GitHub, Linear, and Discord: optional customer-enabled integrations for importing release data, receiving events, and publishing or sending updates.
- OpenRouter and selected model providers: AI-assisted draft generation when customers use enabled AI features.
- Grafana Cloud, OpenTelemetry, and Sentry: observability, error reporting, logs, metrics, and traces when enabled for the relevant environment.
4. AI-assisted generation
Shipam uses OpenRouter for AI-assisted generation features. For AI-assisted changelog drafts, the current configured model chain uses Anthropic Claude Sonnet 4 via OpenRouter with Google Gemini 2.0 Flash as a fallback.
When an AI feature is enabled and invoked, Shipam may send the relevant prompt context to OpenRouter and the selected model provider. For changelog drafts, that context may include release-note text, GitHub release data, git ranges, git logs, commit messages, pull request titles, repository origin URLs, and related git context. For AI social-post generation, that context may include the entry title, entry markdown, tags, and the generated entry URL. Shipam does not use customer data to train Shipam-owned models.
Model providers process AI requests under their own service terms. Shipam does not claim fixed LLM regional residency, zero data retention, model-provider retention periods, or regulated compliance certifications unless those commitments are separately documented in a signed agreement.
5. Cookies and similar technologies
Shipam uses essential cookies for authenticated dashboard sessions. We also use hosted-page analytics cookies only after a visitor accepts the cookie banner shown on hosted changelog pages.
- Essential cookies keep authenticated dashboard sessions working.
- Analytics cookies support first-party hosted-page metrics collected through the site events pipeline and performance reporting.
- Visitors can reject analytics cookies and continue browsing hosted pages.
6. Data retention and control
We retain data for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. Customers control the content, assets, subscribers, and integrations they manage through Shipam and may update, delete, or disconnect them through the product where those controls are available.
Deletion requests can also be sent through Shipam's support channels. Deleted data may remain in backups, logs, billing records, security records, or other operational systems until those records age out under normal retention schedules or must be retained for legal, security, billing, or dispute-resolution reasons.
7. Contact
If you have privacy questions, sub-processor questions, or deletion requests about Shipam, use the primary contact channels listed on shipam.page.