Last updated: 2 May 2026 ยท This is a best-effort private-beta policy. Subject to change before GA.
What fuggit stores
From your Google sign-in: display name and avatar URL only. We do not persist your email, phone, real name, or address.
Repository data you push: git objects (commits, trees, blobs) and ref tips. These live in our Google Cloud Storage bucket and Firestore in us-central1.
SSH public keys you enrol, hashed personal access tokens (PATs), audit-log entries for actions you take, and CI run metadata.
Waitlist email if you submit it on the homepage. This goes by email to the operator and is not persisted in fuggit.
What fuggit does not store
Your email address. The Google ID token we verify carries it; we do not write it to disk.
Phone number, address, real name (beyond display name).
Cookies for tracking, advertising, or analytics. Session state lives in your browser's localStorage only.
Anything received via fuggit-marketplace apps. Apps speak to fuggit's API; their own data lives on their own infrastructure.
Where it lives
Single Google Cloud project fuggit-dev in us-central1. Operators are matt@jupitersoft.net. There is no other backup destination today.
Deletion + export
Self-service deletion: signed in, navigate to Settings › Account and choose "delete account". The DELETE is irreversible and executes synchronously at the moment you confirm the dialog — the cascade through every repo, branch, CI run, SSH key, PAT, and audit row you own completes before the request returns. There is currently no grace window for recovery (a future asynchronous-cascade grace mechanism is on the roadmap). For account export prior to deletion, email matt@jupitersoft.net from your enrolled Google address.
Subprocessors
Google Cloud Platform (compute, storage, identity, secret manager).
Resend (transactional email โ only fires for waitlist signup notifications today).