Does commitplain access my source code?

Depends on your plan. The Indie plan only reads commit messages, author names, and timestamps. The Agency plan also reads the actual code diffs of selected commits to produce more accurate reports — diffs are processed in memory during generation and discarded when it finishes, never stored in our database. Neither plan accesses your .env files, secrets, branches, pull request content, or issues.

Can commitplain send a report without my approval?

Not unless you explicitly enable and configure automation per project. Without active automation, every send requires your manual approval in the dashboard.

← Back

How commitplain works

Q: Does my GitHub token pass through the browser?

No. The token is obtained via the server-side authentication API and used directly from there for GitHub API calls. The browser never sees it.

Architecture, data flow, and system controls — without revealing what doesn't need to be revealed.

What is commitplain?

A platform that converts GitHub commit activity into executive reports ready to review and send. This guide explains how the system interacts with your data, what access it requests, how generation works, and what controls exist at each step of the process.

GitHub connection

GitHub access is handled via standard OAuth. The access token is obtained and used exclusively on the server — it is never transmitted to the browser or stored on the client.

Only the repositories you explicitly link from the dashboard are read
The scope requested is 'repo' for private repositories
You can revoke access at any time from your GitHub account
The system cannot perform any action on your repository — read-only commit access

What data the system processes

commitplain reads your repository to generate the report — the Indie plan reads only commit metadata, the Agency plan also reads actual code diffs. In no case do we store your source code in our database: diffs are processed in memory during generation and discarded when it finishes.

Reads

Commit messages, author, and date (all plans)
Actual code diffs of selected commits (Agency plan) — processed in memory during generation and discarded when it finishes
Initial structural analysis of the repository: README, configuration files, and file tree — indexed once when you link the repository
Repository name and visibility

Does not access

.env files, secrets, or credentials
Your branches, pull request content, or issues
Repositories you have not explicitly linked
Your source code is never stored in our database

Generation and approval flow

01
You select period and filters
You define the date range and the commit types to include. The system reads those commits directly from GitHub.
02
The draft is generated
Commits are processed on the server. The draft is generated in the language and tone you have configured.
03
The draft is yours alone
No one else sees the draft. The client is not notified. The report waits in your dashboard until you act.
04
You approve and send
Only after your explicit approval does the system send the email to the recipient you have configured.

Approval is always explicit

No report is sent to the client without a direct action from you. Automation exists — but you configure and control it. Without active automation, every send requires your manual approval.

Security controls

GitHub token

Obtained on the server via the authentication API. Never exposed to the client or visible in public API responses.

Protected routes

Dashboard access is protected on the server before rendering anything, with an additional verification on the client.

Security headers

Content Security Policy with per-request nonce, X-Frame-Options, HSTS, Referrer-Policy, and other headers active on all responses.

Input validation

All data arriving at the server is validated and sanitized before processing. Usage limits and ownership checks are enforced in the backend, not the client.

Layer separation

Authentication, GitHub access, report generation, and email sending are independent layers with internal interfaces. The client has no direct access to any of them.

Rate limits and plan constraints

commitplain enforces usage limits at the plan level to ensure service quality for all users. These limits are checked server-side before generation begins.

Indie

Up to 3 active projects
Up to 50 commits processed per report
One report generation per project per week (minimum)
Daily report frequency not available

Agency

Unlimited active projects
Up to 200 commits processed per report
Daily, weekly, or monthly generation available
Multiple recipients per project

Project context and AI customization

Each project can have a text description — up to 50 KB — that provides context to the AI before it generates the report. This field accepts plain text or Markdown and can be pasted directly or imported from a .txt or .md file. The context is never sent to the client. It is used only during the generation step on the server to improve the relevance and accuracy of the executive summary. Typical content: the project's business objective, the client's technical level, the domain vocabulary, and any constraints the AI should be aware of.

Report automation

commitplain supports automated report generation and sending. Automation is disabled by default — you must enable it explicitly per project. When active, reports are generated on the configured schedule (daily, weekly, or monthly) and sent directly to the configured recipients without requiring manual approval. Enabling automation removes the human review gate for that project. You can disable automation at any time from the project settings. Daily automation requires the Agency plan.

Data retention and deletion

commitplain stores the following data per user account:

Repository links (name, visibility, GitHub ID)
Generated report drafts and their approval status
Project context text (if added)
Report settings per project (language, tone, recipient)
Send history (date, recipient, report content)

All user data is deleted within 30 days of account deletion. Data is stored in EU infrastructure (eu-west-1). See the Privacy Policy for full details on data handling, subprocessors, and retention schedules.

Frequently asked questions

Does my GitHub token pass through the browser?

No. It is obtained via the authentication API on the server and used directly from there for GitHub calls. The browser never sees it.

Can the system send something to the client without my approval?

No, unless you activate automation and configure it yourself. Without active automation, every send requires your explicit action in the dashboard.

What AI model generates the reports?

We don't reveal implementation details about generation. The model varies by plan and may be updated when more stable versions are available.

Where is data stored?

In infrastructure within the European Union (eu-west-1 region). See the Privacy Policy for details on retention and processing.

Can I see the history of sent reports?

Yes. The dashboard records all generated reports with their status, recipients, and send date.

How it works →Features →Pricing →