specgit
Privacy Policy
Last updated: July 10, 2026
Fn First Holdings LLC ("Fn First," "we," "our," or "us") respects your privacy. This policy explains how specgit handles information when you use specgit.com and related services.
1. The Short Version
specgit is designed so your documents and comments stay in your GitHub repositories. We do not run a product database that stores copies of your work. We use your GitHub connection to read, edit, comment on, and review files you choose to open in specgit.
2. Information We Handle
- GitHub account information: your GitHub username, display name, avatar, and repository access needed to sign you in and show repositories you can access.
- Repository content you choose to open: document content, images, and comments are read from GitHub so specgit can display and save your work. They remain in your GitHub repository.
- Temporary realtime editing state: when live collaboration is enabled, in-progress editing state may be held temporarily on our server so multiple editors can work together.
- Session information: we keep the minimum information needed to keep you signed in, such as a session ID and non-sensitive account display details.
- Account preferences: settings you choose — theme, editor layout, and AI auto-approve toggles — plus the terms-of-use version you accepted, stored with your GitHub identity so they follow you across devices. Settings only, never document content; AI chat history stays on your device.
- Support communications: if you contact us, we receive the information you choose to send.
- Operational logs: our servers may record technical metadata such as request timing, errors, IP address, and browser details to keep the service secure and reliable.
3. What We Do Not Do
- We do not sell your personal information.
- We do not use ad tracking or third-party analytics on specgit.
- We do not ask for or store your GitHub password.
- We do not keep a separate long-term copy of your documents or comments.
4. AI Features
The AI features (the in-editor AI assistant for co-editing, document review, comment triage, and voice) are optional and only run when you invoke them. Plans differ in how much AI usage they include, not in how your content is handled. When you invoke an AI action:
- What is sent: the text of the document being worked on (and its review comments, for review and triage) is sent to our AI model provider, xAI, to generate the response. For voice sessions, conversation audio is streamed to the provider for the duration of the session.
- What the provider does with it:per xAI's API terms, API inputs and outputs are not used to train xAI's models, and API request/response data is retained by xAI for up to 30 days for abuse monitoring, then automatically deleted.
- When: only when you explicitly invoke an AI action. Documents are never sent for AI processing in the background, and if you never use the AI features, no content is ever sent.
- What specgit keeps: nothing of the content. specgit stores only usage metadata — token counts, the model used, the computed cost, and timestamps — to meter usage, enforce your spending limits, and power your usage dashboard. Never prompts, document text, or audio.
- What the AI does: it can only propose changes. Every document edit, comment, reply, or resolution the AI suggests requires your explicit approval in the editor before anything is applied or posted, and anything posted to GitHub is attributed under your account with an AI marker.
- Quality signals: to measure AI quality, specgit records whether AI proposals were approved, dismissed, or failed to apply — as anonymous daily totals only, with no account, document, or content attached.
- Feedback you choose to share:rating an AI response records only the rating. If you explicitly tick "share this conversation" when giving feedback, that chat transcript (which includes the document text within it) is sent to us and stored so we can diagnose and fix the failure. This is the only case where specgit keeps content, it happens only with your consent, it is retained for up to 90 days and then deleted, and it is used solely to improve the AI features — never to train models.
- Training: specgit does not use your content to train AI models.
5. How We Use Information
We use information only to:
- sign you in through GitHub;
- show repositories and files you are allowed to access;
- save edits, create review branches, open pull requests, and post comments;
- support live collaboration;
- respond to support requests;
- protect the service from misuse and troubleshoot errors; and
- comply with legal obligations.
6. Sharing
We share information only when needed to provide specgit, when you direct us to do so, or when legally required. GitHub receives the actions you take through specgit, such as commits, pull requests, and comments. Our production service runs on Microsoft Azure. We may disclose limited information if required by law, to protect rights and safety, or as part of a business transfer, subject to appropriate protections.
7. Retention
- Documents and comments: retained in your GitHub repository according to your own GitHub and repository settings.
- Realtime editing state: deleted after a document is published or directly committed, and automatically deleted after a short inactivity window of up to 7 days.
- GitHub access tokens: stored server-side for your active session, encrypted at rest (AES-256-GCM), and deleted when you sign out. Sessions expire automatically after 30 days of inactivity.
- Account preferences and terms acceptance: retained while you use specgit; deleted on request (see Your Choices and Rights).
- Operational logs: retained for up to 30 days.
- AI usage and quality counters: daily totals only (usage counts per seat; anonymous approved/dismissed proposal counts with no account, document, or content attached), retained as statistics.
- AI feedback: ratings, optional notes, and conversation transcripts you explicitly chose to share are retained for up to 90 days, then deleted.
- Support messages: retained as long as reasonably needed to respond and maintain support history.
8. Security
We use reasonable administrative, technical, and physical safeguards to protect information, including HTTPS for data in transit, limited internal access, and operational controls for our production environment. No internet service can be guaranteed 100% secure, but we design specgit to minimize what we hold in the first place.
9. Your Choices and Rights
You can sign out of specgit at any time. You can revoke specgit's GitHub access from your GitHub account settings. Depending on where you live, you may have rights to access, correct, delete, restrict, or object to the processing of personal information. To make a privacy request, use our support form and select Privacy Inquiry, or email privacy@fnfirst.com.
10. Children's Privacy
specgit is not intended for children under 16. We do not knowingly collect personal information from children under 16.
11. Changes
We may update this policy from time to time. When we do, we will update the date above. Material changes may be announced on the site or through another appropriate channel.
12. Contact
Fn First Holdings LLCAttn: Privacy Officer
30 N Gould St STE 11959
Sheridan, WY 82801 USA
privacy@fnfirst.com
Contact support