This page explains what data NixCI collects, why, and what you can do about it.
This policy is intended to comply with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).
This page explains what data NixCI collects, why, and what you can do about it.
This policy is intended to comply with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).
The data controller for the hosted NixCI service is CS Kerckhove, Zürich, Switzerland . You can contact us at support@nix-ci.com.
When you sign in via GitHub, GitLab, or Codeberg, we store your platform user ID, username, and email address from those platforms. We also store OAuth tokens and GitHub App installation tokens so that we can interact with your repositories on your behalf (for example, to report build statuses).
If you create API tokens for programmatic access, we store a hash of each token. We never store API tokens in plain text.
When NixCI runs CI for your repository, we temporarily download the repository source code to perform the build. We store metadata about each build: the repository name, branch, commit hash, commit message, commit author and committer names and emails, the username of the person who pushed the commit, build configuration, and build status.
Build logs are kept for 60 days and then automatically deleted. Build metadata (status, commit info, configuration) is kept for 90 days and then automatically deleted.
Build artefacts may be cached in our binary cache to speed up future builds. Cached artefacts are only available to users who have access to the repository. Cached artefacts are automatically deleted after 90 days. Old and unused artefacts may also be garbage-collected earlier to manage cache size.
You can store secrets for your repositories (for example, deployment keys). These are stored in our database and made available to builds. Only users with access to the repository can add or overwrite secrets. Only workers working on jobs that require secrets can read them. Users cannot. Secrets are automatically scrubbed from build output.
Builds run on worker machines. During a build, repository source code, secrets, and access tokens are transmitted to the worker over a TLS-encrypted connection. Each job runs in an isolated temporary directory that is deleted after completion.
Build artefacts (the packages produced by a job) remain in the worker VM's local store after the job, so that later jobs on the same VM can reuse them; they are discarded when the VM is rebooted. The worker VMs are wiped before running a job for a different owner.
If you subscribe to a paid plan, we store your billing account name, subscription status, which repositories and organizations are covered, and usage data (developer count and worker time).
Payment processing is handled by Stripe. We store your Stripe customer and subscription identifiers but do not store credit card numbers or other payment details directly.
Billing accounts that are never activated are automatically deleted after 1 day(s). Canceled billing accounts are deleted after 90 days. Billing period usage data is deleted after 90 days.
We use an encrypted session cookie to keep you logged in. This cookie is set when you sign in and is required for authentication. We do not use cookies for tracking or advertising.
Our servers log requests for operational purposes. These logs include IP addresses, browser user-agent strings, and which pages were accessed. Sensitive headers (like cookies and authorization tokens) are redacted from logs. Server logs are retained for 15 days.
We temporarily store webhook payloads received from GitHub, GitLab, Codeberg, and Stripe for debugging purposes. GitHub, GitLab, and Codeberg webhook data is automatically deleted after 7 days. Stripe webhook data is automatically deleted after 49 days.
For non-authenticated visitors, we track aggregated daily page visit counts on a few key pages, along with which internal NixCI page led to the visit. This data does not identify individual users and is not shared with third parties.
We do not use any third-party analytics or tracking services.
NixCI communicates with the following external services as part of normal operation:
Each of these services has its own privacy policy.
All communication with external services uses TLS encryption.
NixCI servers are hosted in the European Union.
Depending on which integrations you use, some of your data is processed by third-party services located outside the European Economic Area:
Where applicable, these transfers rely on the EU–US and Swiss–US Data Privacy Frameworks and Standard Contractual Clauses as the legal mechanism for transfer.
We process your personal data under the following legal bases:
Under the GDPR and Swiss FADP, you have the right to:
You can also:
Deleting your account removes your linked platform credentials (including OAuth tokens), API tokens, and billing information.
Repositories linked via GitHub, GitLab, or Codeberg are shared resources and are not deleted when your account is removed. Build data and secrets for those repositories are retained and eventually removed by our standard retention policies.
Deleting your NixCI account does not delete your accounts on GitHub, GitLab, or Codeberg.
NixCI can be self-hosted. If you use a self-hosted instance, the operator of that instance controls data storage, retention, and security. This policy describes the practices of the hosted NixCI service.
If you have questions about this privacy policy or how your data is handled, contact us at support@nix-ci.com.