Privacy Policy

1. Who We Are

Ulu and GitProduct are operated by Viva Global LLC. This policy describes how we collect, use, and protect your information when you use the Service at tryulu.com or gitproduct.com.

2. Information We Collect

When you sign in with GitHub: We receive your GitHub username, email address, display name, and avatar. We use this to create your profile and authenticate your session.

When you sign in with Google: We receive your name, email address, and profile picture. We use this solely to identify your account.

Builder profile information: Skills, experience summary, learning goals, availability, and other information you provide during onboarding or applications. This data pre-fills future applications and is displayed on your public profile.

Contributions and activity: We record contributions you submit, tasks you complete, bounties you claim and deliver, token awards, and application details. This data forms your public skill profile and BuildMap.

Reliability data: We track task completion rates, on-time delivery, reviews from founders, and repeat-founder relationships. This data is used to calculate your reliability score, which is displayed on your profile.

Token economy data: Token balances, token transactions (awards, purchases), contributor tier, and product token bank balances. This data is used for the platform's reputation system.

Ambassador data: If you participate in the Campus Ambassador Program, we collect your .edu email address to verify school enrollment, your school affiliation, referral activity, and earnings. This data is used to administer the Program, calculate compensation, and issue tax forms (1099-NEC) when required.

Payment information: Payment processing is handled by Stripe. We do not store credit card numbers or bank account details. We store Stripe account IDs and transaction references to track bounty and token purchase payments.

3. How We Use Your Information

• To create and maintain your builder profile
• To display your skill contributions on your public BuildMap
• To calculate and display your reliability score
• To manage the token economy (minting, awarding, tier calculation)
• To process bounty payments and token purchases via Stripe
• To match contributors with products that need their skills
• To send transactional emails (invite notifications, application status, welcome emails)
• To pre-fill applications from your builder profile
• To improve the platform

4. What We Do Not Do

• We do not sell your personal information
• We do not show advertising
• We do not track you across other websites
• We do not share your email with third parties without your consent
• We do not use your data to train AI models

5. Public Information

Your builder profile — including display name, avatar, skills, BuildMap (token-awarded work only), token balances, contributor tier, and reliability score — is public by default. This is core to how GitProduct works: verified work builds your reputation.

Bounty-only work is reflected in your reliability score and task completion count but does not appear on your BuildMap. If you do not want your work to be publicly visible, do not use the platform.

6. Emails

We send transactional emails for: invite notifications, application status updates (approved/rejected), welcome emails when joining a product, and task notifications. We use Resend for email delivery. We do not send marketing emails without your consent.

7. File Uploads

Screenshots, icons, and other files you upload are stored in Cloudflare R2. Files are associated with your user ID for access control. Uploaded files may be publicly accessible via their URL if used on a product page.

8. GitHub Integration

When you connect your GitHub account, we access your public profile information via GitHub OAuth. We may sync public commit and PR activity from linked repositories to your BuildMap. We do not access private repositories unless you explicitly link them.

9. Cookies

We use essential cookies only: an HTTP-only session cookie for authentication. We do not use advertising, analytics, or third-party tracking cookies.

10. Data Retention

Your account and contribution data are retained while your account is active. Contribution history, token awards, and reliability data are retained even after account deletion to maintain the integrity of project records. This is similar to how Git preserves commit history. You may request deletion of your personal information (name, email, avatar) at any time.

11. Do Not Sell My Personal Information

We do not sell personal information. Under the California Consumer Privacy Act (CCPA) and similar state laws, you have the right to opt out of the sale of personal information. Since we do not sell personal information, no action is required. Contact us at privacy@gitproduct.com with any questions.

12. Your Rights

You may request access to, correction of, or deletion of your personal data at any time. Contact us at privacy@gitproduct.com.

13. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting a notice on the platform.