Greenlight

Privacy Policy

Last updated 18 June 2026

The short version. Greenlight is a GitLab client for iPhone. Your GitLab access token is stored only on your device, in the iOS Keychain. The app talks directly to GitLab on your behalf. There are no analytics, no advertising, and no trackers, and your data is never sold or shared. Besides your direct requests to GitLab, the only data that leaves your device is what is strictly needed to deliver the push notifications you choose to turn on.

Who we are

Greenlight ("the app") is developed by PhiSeC ("we", "us"). You can reach us at [email protected] or via the in-app Contact Us form. Greenlight is an unofficial, independent client for GitLab and is not affiliated with or endorsed by GitLab Inc.

Information stored on your device

GitLab access token. When you sign in (with a personal access token or via GitLab OAuth), the token is stored in the iOS Keychain on your device. It never leaves your device except to authenticate your own requests to GitLab (and, if you enable push, a one-time identity check, described below). Signing out deletes it from the Keychain.
Preferences. Display and notification settings are stored locally on your device.

Information sent to GitLab

The app communicates directly with the GitLab REST and GraphQL APIs at gitlab.com using your token, to show and act on your merge requests, pipelines, to-dos and related data. These requests go from your device to GitLab; we do not proxy or see them. GitLab's own privacy policy governs that data.

Push notifications and the notification relay

Push notifications are optional and off until you enable them. If you do enable them, the app uses a small backend service we operate ("the relay", hosted on Amazon Web Services) to deliver CI/CD and merge-request alerts via Apple Push Notification service (APNs). When you enable push:

Your GitLab token is sent once to the relay over an encrypted connection solely to verify your GitLab identity. The relay does not store your GitLab token.
The relay stores only: your Apple push device token, your GitLab user ID and username, and your notification preferences: the minimum needed to decide which events are yours and to deliver them to your device.
GitLab sends repository/CI events to the relay via a webhook configured by your organisation; the relay matches them to subscribed devices and forwards the relevant ones as push notifications.

Disabling notifications or signing out stops delivery; contact us to have your relay record removed.

Contact form

If you use the in-app Contact Us form, your message, along with any email address and diagnostics (app version and OS) you choose to include, is delivered to us through Web3Forms, a form-to-email service. It is used only to read and reply to your message.

What we don't do

No analytics or usage tracking.
No advertising and no advertising identifiers.
No third-party tracking SDKs.
We never sell, rent, or share your personal data.

Data retention and deletion

On-device data is removed when you sign out or delete the app. Relay records (device token, GitLab user ID/username, preferences) are kept while push is active and are removed when you disable notifications or request deletion at [email protected].

Children

Greenlight is a developer tool and is not directed to children under 13.

Changes

We may update this policy as the app evolves. Material changes will be reflected here with a new "last updated" date.

Contact

[email protected]