How does AutoChangelog work?

AutoChangelog integrates with your GitHub repository and automatically generates changelog entries from your pull requests. When you merge a PR, our AI analyzes the changes and creates a clear, user-friendly changelog entry. You can review and publish entries from your dashboard.

Do I need to write changelogs manually?

No! That's the whole point. AutoChangelog reads your pull requests and generates changelog entries automatically using AI. You can review and edit them before publishing, but you never have to start from scratch.

What information does AutoChangelog use to generate entries?

AutoChangelog analyzes your PR title, description, code changes, and any related commits. Our AI then transforms this technical information into clear, user-friendly language that explains what changed and why it matters.

Can I edit the generated changelogs?

Yes! Every generated entry can be reviewed and edited before publishing. You have complete control over what gets published to your changelog.

What's the difference between draft and auto-publish?

In draft mode, generated entries are saved as drafts for you to review before publishing. With auto-publish enabled, entries are published immediately when generated. You can choose either mode per repository in your settings.

Which GitHub plan do I need?

AutoChangelog works with any GitHub plan, including free accounts. As long as you can create pull requests in your repository, AutoChangelog can generate changelogs for them.

Can I use AutoChangelog with private repositories?

Yes! AutoChangelog works with both public and private GitHub repositories. We securely access your repository through GitHub OAuth with the permissions you grant.

How many repositories can I connect?

The Free plan supports 1 repository. The Pro plan supports 1 repository with unlimited PR processing. The Team plan supports unlimited repositories with unlimited PR processing.

What happens if I exceed my plan's PR limit?

On the Free plan, you get 10 AI-generated changelogs per month. Once you reach this limit, new PRs won't generate changelog entries until your limit resets (monthly) or you upgrade to a paid plan.

Can I export my changelogs?

Your changelog entries are available via a public changelog page at autochangelog.com/c/[your-repo]. Each entry is written in Markdown and can be easily copied or accessed via our API.

How do I share my changelog with users?

Every repository gets a public changelog page at autochangelog.com/c/[your-repo]. You can link to this from your website, documentation, or GitHub repository. Pro and Team plans will support custom domains soon.

What happens to my changelogs if I cancel?

All your published changelogs remain accessible even after cancellation. You'll have a 7-day grace period where everything continues working. After that, repositories exceeding the free tier limit will be disabled, but your changelog data is never deleted.

Can I customize the changelog format?

Currently, AutoChangelog uses a clean, consistent format optimized for readability. Custom templates and formatting options are planned for future releases. You can always edit individual entries to match your style.

Security & Privacy | Documentation

Our Commitment to Security

At AutoChangelog, we take the security and privacy of your data seriously. We understand that you're trusting us with access to your repositories, and we've built our platform with security as a foundational principle. This document outlines the measures we take to protect your data and maintain your privacy.

Data We Collect

We collect only the minimum data necessary to provide our service. This includes your GitHub username and email address for account management, repository names and IDs to display in your dashboard, and the SHA of your last documented commit to track changelog generation progress. We also store the changelog entries you create and any customizations you make to your changelog templates.

We do not store your source code, full commit history, pull request content, or file contents. When generating a changelog, we fetch data from GitHub's API in real-time, process it through our AI, and then discard the raw data immediately after generating your entry.

Data Encryption

All data transmitted between your browser and AutoChangelog is encrypted using TLS 1.2 or higher. We enforce HTTPS on all connections and use HTTP Strict Transport Security (HSTS) to prevent downgrade attacks. Your GitHub OAuth tokens are encrypted at rest in our database using industry-standard encryption algorithms.

Infrastructure Security

AutoChangelog runs on secure cloud servers with regular security patches applied. We use firewalls to restrict network access and automated backups to ensure data recovery in case of incidents.

Application Security

We follow secure development practices to protect against common vulnerabilities. Our application implements protection against cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection, and other OWASP Top 10 vulnerabilities. We use parameterized queries for all database operations and sanitize all user inputs before processing.

GitHub webhook payloads are verified using HMAC-SHA256 signatures with per-project secrets to ensure authenticity. Rate limiting is implemented across all endpoints to prevent abuse and denial of service attacks.

Regular Security Audits

We conduct regular security assessments of our codebase and infrastructure. This includes automated vulnerability scanning, dependency audits to identify and patch vulnerable libraries, and periodic manual security reviews. We keep all dependencies up to date and monitor security advisories for any components we use.

Access Controls

Access to production systems is limited to those who need it. We use multi-factor authentication for all administrative access and maintain audit logs of system access.

Third-Party Services

We carefully vet all third-party services we use. Our key integrations include GitHub for repository access and authentication, OpenAI for AI-powered changelog generation, and Stripe for payment processing. Each of these services maintains their own rigorous security standards and compliance certifications. We only share the minimum data necessary with each service to perform their function.

Data Retention

We retain your account data and changelog entries for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Changelog entries and associated data are deleted when you remove a repository from AutoChangelog or delete your account. Backups containing deleted data are purged according to our backup retention schedule.

Your Privacy Rights

You have the right to access, correct, or delete your personal data at any time. You can export your changelog data from the dashboard. To request account deletion or a copy of your data, contact us at hello@autochangelog.com. We respond to all data requests within 30 days.

Incident Response

In the unlikely event of a security incident, we have procedures in place to respond quickly and effectively. This includes identifying and containing the incident, assessing the impact, notifying affected users promptly, and implementing measures to prevent recurrence. We are committed to transparency and will communicate openly about any incidents that affect your data.

Compliance

AutoChangelog is designed with privacy regulations in mind. We process data in accordance with applicable privacy laws and give you control over your information. We do not sell your personal data to third parties and only use it to provide and improve our service.

Reporting Security Issues

If you discover a security vulnerability in AutoChangelog, please report it to us at hello@autochangelog.com. We appreciate responsible disclosure and will work with you to understand and address the issue promptly. Please do not publicly disclose security issues until we've had a chance to investigate and release a fix.

Questions

If you have any questions about our security practices or privacy policies, please don't hesitate to reach out at hello@autochangelog.com. We're happy to provide additional details about how we protect your data.