Replace ChatGPT Pro, Mermaid.live, and Lucid Chart with Mermaid Chart

AI

Privacy Policy

Introduction

Welcome to the Mermaid Diagram Sync Assistant. This Privacy Policy explains how we collect, use, and protect information when you use our GitHub application that automatically updates Mermaid diagrams in your pull requests.

By installing and using the Mermaid Diagram Sync Assistant, you agree to the collection and use of information in accordance with this policy.

Information We Collect

GitHub Repository Data

When you install the bot on your GitHub repository, we collect and process the following information:

  • Repository Information: Repository name, owner, branch names, and commit SHAs
  • Pull Request Data: PR numbers, actions (opened, synchronize, reopened), PR metadata, and branch information
  • File Contents: Mermaid diagram files (.mmd) and source code files referenced by diagrams that are changed in Pull Requests
  • Installation Information: GitHub App installation ID required for authentication
  • User Information: GitHub user ID and login name of users who trigger PR events (for bot detection and analytics purposes)

Webhook Data

We receive webhook payloads from GitHub containing:

  • Event type and delivery ID
  • Pull request information
  • File change information
  • Sender information

Analytics Data

We collect minimal analytics data for service monitoring and improvement:

  • Repository name
  • GitHub username (login)
  • Event timestamps
  • Event types (e.g., diagram regeneration events)

How We Use Your Information

We use the collected information solely for the following purposes:

  1. Service Operation: To process Pull Request webhooks and automatically update Mermaid diagrams when source files change
  2. Authentication: To authenticate with GitHub API using installation tokens
  3. Diagram Regeneration: To analyze code changes and regenerate diagrams using AI services
  4. Bot Detection: To prevent infinite loops by detecting when changes originate from the bot itself
  5. Service Monitoring: To monitor service health, detect errors, and improve reliability
  6. Analytics: To understand usage patterns and improve the service

Third-Party Services

OpenAI

To regenerate your Mermaid diagrams, we send diagram content and source code changes to OpenAI’s API. OpenAI processes this data to generate updated diagram content. We do not store OpenAI responses beyond what is necessary to commit updates to your repository.

Your use of this service is subject to OpenAI’s Privacy Policy.

Monitoring and Error Tracking

We use third-party monitoring services to track errors and improve service reliability. These services may collect error messages, repository information, and timestamps for debugging purposes only.

Data Storage and Retention

  • Temporary Processing: File contents and webhook data are processed in memory and are not permanently stored
  • GitHub Storage: Updated diagrams are committed directly to your GitHub repository and stored according to GitHub’s data retention policies
  • Analytics Data: Minimal analytics data (repository name, username, timestamps) may be retained for service monitoring purposes
  • Error Logs: Error logs and monitoring data may be retained for debugging purposes

Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Webhook signature verification to ensure requests originate from GitHub
  • Secure authentication using GitHub App private keys
  • Encrypted communication with GitHub and OpenAI APIs
  • No long-term storage of sensitive repository data

Your Rights and Choices

Uninstall the Bot

You can uninstall the Mermaid Diagram Sync Assistant at any time through your GitHub repository settings. Upon uninstallation:

  • We will no longer receive webhook events from your repository
  • We will no longer process your repository data
  • Any data already committed to your repository will remain (as it is stored in your GitHub repository)

Configuration Options

You can control the bot’s behavior using:

  • .mermaidignore files: Exclude specific files or diagrams from processing
  • .smart-mermaid-updates.yml: Configure branch filtering to exclude specific branches from processing

Children’s Privacy

Our Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us through:

Compliance

This Privacy Policy is designed to comply with:

  • General Data Protection Regulation (GDPR)
  • Other applicable data protection laws

Data Processing Legal Basis

For users in the European Economic Area (EEA), we process your data based on:

  • Legitimate Interest: To provide the automated diagram update service you have requested
  • Contract Performance: To fulfill our obligations under the GitHub App installation agreement
  • Consent: By installing the Bot, you consent to the processing described in this Privacy Policy
© Mermaid Chart 2026