This privacy notice details how we look after your personal data when you visit our site or use Pull Checklist, as well as information about your privacy rights and how the law protects you.

Who We Are

Pull Checklist is responsible for this website. Pull Checklist is a trading name of Media Market Limited. Pull Checklist is a checklist builder and auditing tool for GitHub Pull Requests.

Purpose of this Privacy Notice

This privacy notice aims to give you information on how Pull Checklist collects and processes your personal data through your use of this website and our GitHub integration, including any data you may provide through our service.

Neither our website nor software is intended for children, and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

Data We Collect About You

For our Pull Checklist SaaS (Software as a Service) users, we collect, use, store, and transfer various types of personal data, categorized as follows:

Identity Data includes your email address and GitHub user handle.

Contact Data comprises your email address, essential for communication and service provision.

Profile Data includes your service plan, preferences, user-generated content such as checklists, feedback, and survey responses.

Usage Data captures how you engage with our website, software, and services.

Repository Data involves details related to your managed repositories, such as:

• Administration details like repository settings, teams, and collaborators
• Information on checks, commit statuses, issues, and pull requests

Organization Data details the structure and management of your organization within our service.

Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

GitHub Integration and Permissions

Pull Checklist integrates with GitHub to provide its core functionality. When you authorize our application, we request the following permissions:

• Repository access: To read pull request information and post checklist comments
• Organization access: To manage repository settings within your organization
• Webhook access: To receive notifications about pull request events

We only access the data necessary to provide our service. We do not access your source code content beyond what is required for pull request metadata.

How We Use Your Personal Data

We use your personal data to:

• Process your subscription and manage your account
• Provide customer support and service updates
• Enhance security, monitoring, and verify identity
• Improve our services and user experience

Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR:

• Contract: Processing necessary to perform our contract with you (providing the Pull Checklist service)
• Legitimate Interests: Processing necessary for our legitimate interests (improving our services, fraud prevention) where these are not overridden by your rights
• Consent: Where you have given clear consent for us to process your personal data for specific purposes (such as marketing communications)

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users. This helps us provide you with a good experience when you browse our website and allows us to improve our site.

Essential Cookies: Required for the website to function properly. These cannot be disabled.

Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Third-Party Services

We may share your personal data with the following categories of third parties:

• GitHub: As an essential integration partner for our service
• Cloud Infrastructure Providers: For hosting and data storage
• Payment Processors: To process subscription payments securely
• Analytics Providers: To help us understand how our service is used

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

Our servers and service providers may be located outside the United Kingdom. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as:

• Standard contractual clauses approved by the UK Information Commissioner's Office
• Transfers to countries deemed to provide adequate protection

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and monitoring
• Access controls limiting who can access personal data
• Incident response procedures for potential data breaches

We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

Data Retention

• Your data is retained for as long as you maintain an active account
• Upon account deletion, we will delete or anonymize your personal data within 30 days, except where we need to retain certain data for legal or regulatory purposes
• Upon request, we will delete your data by contacting hello@pullchecklist.com

Your Legal Rights

Under data protection laws, you have rights in relation to your personal data, including the right to:

• Request access to your personal data (commonly known as a "data subject access request")
• Request correction of incomplete or inaccurate personal data
• Request erasure of your personal data ("right to be forgotten")
• Object to processing of your personal data where we are relying on legitimate interests
• Request restriction of processing of your personal data
• Request transfer of your personal data to you or a third party (data portability)
• Withdraw consent at any time where we are relying on consent to process your personal data

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

To exercise any of these rights, please contact us at hello@pullchecklist.com.

Contact Information

Full Name of Legal Entity: Media Market Limited

Address: First Floor Healthaid House, Marlborough Hill, Harrow, Middlesex, HA1 1UD

Name of Data Protection Officer: Michael Colley

Email Address: michael@mediamarket.co.uk

Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.

Changes to This Privacy Notice

We may update this privacy notice from time to time. We will notify you of any significant changes by posting the new privacy notice on this page and updating the "Updated" date at the top.