Privacy policy

Effective date: December 7, 2018

Thanks for entrusting Transposit with your source code, your projects, your API credentials, and your personal information. Holding onto your private information is a serious responsibility, and we want you to know how we're handling it.

The short version

We only collect the information you choose to give us, and we process it with your consent, or on another legal basis; we only require the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties; and we only use it as this Privacy Statement describes. No matter where you are, where you live, or what your citizenship is, we provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or location.


Transposit Privacy Statement

What information Transposit collects and why

Information from website browsers

If you're just browsing the website, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs. This is stuff we collect from everybody, whether they have an account or not.

The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.

Why we collect this information

We collect this information to better understand how our website visitors use Transposit, and to monitor and protect the security of the website.

Information from users with accounts

If you create an account, we require some basic information at the time of account creation. You will authenticate with an external provider such as Google and create your own username. You also have the option to give us more information if you want to, and this may include "User Personal Information."

"User Personal Information" is any information about one of our users which could, alone or together with other information, personally identify that user. Information such as a user name, an email address, a real name, and a photograph are examples of “User Personal Information.” User Personal Information includes Personal Data as defined in the General Data Protection Regulation.

User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, improve, and optimize our website and service.

Why we collect this information
Our legal basis for processing information

Under certain international laws (including GDPR), Transposit is required to notify you about the legal basis on which we process User Personal Information. Transposit processes User Personal Information on the following legal bases:

External API authentication

Transposit allows developers within the Transposit application authoring environment and users of Transposit-hosted applications to authenticate with external APIs by providing their private credenials, via OAuth 2.0, username/password, authentication tokens, or other means. We use those credentials only to execute API invocations on behalf of the requesting user, or with the express consent of the owner of those credentials. Developers of applications and users of applications are responsible for ensuring the extent of authorization granted. Transposit executes API calls permitted by users in accordance with the code written by application developers. We make no warantee of the use or intent of applications created by third parties within Transposit.

Results of API calls

Data retrieved as the result of an API call will not be stored persistently in any Transposit facilities. However, Transposit does cache results for a short time (currently one week), which enables debugging facilities and other developer features. Besides this automatic caching, developers have the ability to configure caching for a fixed duration in their applications. In all cases, data security is of utmost importance; we have designed our systems and infrastructure to prevent unauthorized access.

What information Transposit does not collect

We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although Transposit does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in Transposit, such as in application code or as the cached result of a API call. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.

If you're a child under the age of 13, you may not have an account on Transposit. Transposit does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account. Other countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not use Transposit without obtaining your parents' or legal guardians' consent.

We do not intentionally collect User Personal Information that is stored in your repositories or other free-form content inputs. Any personal information within a user's repository is the responsibility of the repository owner.

Application repository contents

Transposit employees do not have access to private applications or their repositories unless required to for security reasons, to assist the repository owner with a support matter, or to maintain the integrity of the service.

If your application is public, anyone (including Transposit and unaffiliated third parties) may view its contents. If you have included private or sensitive information in your public repository, such as email addresses or passwords, that information may be indexed by search engines or used by third parties. In addition, while we do not generally search for content in your repositories, we may scan our servers for certain tokens or security signatures, or for known active malware.

Our use of cookies and tracking


Transposit uses cookies to make interactions with our service easy and meaningful. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of Transposit. We also use cookies to identify a device, for security reasons. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you will not be able to log in or use Transposit.

Tracking and analytics

We use a number of third party analytics and service providers to help us evaluate use of Transposit, compile statistical reports on activity, and improve our content and website performance. We only use these third party analytics providers on certain areas of our website. In addition, we use our own internal analytics software to provide features and improve our content and performance.

We do not currently respond to your browser's Do Not Track signal, and we do not permit third parties other than our analytics and service providers to track user activity over time on Transposit. We do not track your online browsing activity on other online services over time.

How Transposit secures your information

Transposit takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.

Transposit enforces a written information security program. Our program:

In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.

Transmission of data on Transposit is encrypted using SSH, HTTPS, and SSL/TLS. Sensitive data is encrypted at rest.

No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

How we, and others, communicate with you

We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. For example, if you contact our Support team with a request, we will respond to you via email.

Depending on your email settings, Transposit may occasionally send notification emails about changes in a repository you’re watching, new features, requests for feedback, important policy changes, or offer customer support. We also send marketing emails, but only with your consent, if you opt in to our list. There's an unsubscribe link located at the bottom of each of the marketing emails we send you. Please note that you can not opt out of receiving important communications from us, such as mails from our Support team or system emails, but you can configure your notification settings in your profile.

Our emails might contain a mechanism for tracking whether or not you have opened an email and what your IP address is. We may use this mechanism to make our email more effective for you and to make sure we’re not sending you unwanted email.

Changes to our Privacy Statement

Although most changes are likely to be minor, Transposit may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your Transposit account.


This Privacy Statement is licensed under this Creative Commons Zero license. It is forked from GitHub's site-policy repository.

Contacting Transposit

Questions regarding Transposit's Privacy Statement or information practices should be directed to