Build Quota is an AI-powered CI/CD usage monitoring tool that tracks GitHub Actions, Bitrise, CircleCI, and GitLab CI from one dashboard. It provides smart predictions with confidence intervals to help you never run out of CI minutes.

How does the AI prediction work?

Build Quota uses machine learning to analyze your usage patterns including weekday vs weekend trends, variance, and historical data. It provides predictions with confidence intervals (e.g., "Jan 28 ±3 days, 78% confidence") so you know exactly when you might run out of CI minutes.

Which CI providers does Build Quota support?

Build Quota supports GitHub Actions (minutes tracking), Bitrise (credits tracking), CircleCI (credits tracking), and GitLab CI (minutes tracking including self-hosted instances). You can connect multiple providers and switch between them from a unified dashboard.

Build Quota is free during beta while we gather feedback and improve the product. It includes AI-powered insights, smart predictions with sprint cycle detection, real-time alerts via email/Slack/Discord, team dashboards, and all features. Donations are welcome to support development.

How do the AI insights help reduce CI costs?

Build Quota's AI analyzes your workflow patterns across all connected CI providers and provides personalized recommendations. For GitHub Actions, it might suggest switching macOS builds to Linux. For Bitrise, it identifies which apps consume the most credits. For CircleCI and GitLab, it highlights project-level usage patterns. All providers get AI-powered insights tailored to their specific terminology and metrics.

What is sprint cycle detection?

Sprint cycle detection is a feature that uses autocorrelation analysis to identify recurring patterns in your CI usage. It detects weekly, bi-weekly, tri-weekly, or monthly cycles (like agile sprints), predicts when your next usage peak will occur, and adjusts quota exhaustion predictions accordingly. This helps teams that follow sprint cadences get more accurate forecasts.

Can I share Build Quota with my team?

Yes! Build Quota supports team dashboards where you can share CI connections with team members. The team owner connects CI providers once, and all members can view the shared usage data. Team members can be invited via email or shareable invite links, with role-based access (owner or member).

Privacy Policy | Build Quota

1. Data Controller

Build Quota ("we", "us", "our") is the data controller responsible for processing your personal data. For any privacy-related questions, you can contact us at privacy@buildquota.com.

2. Information We Collect

We collect and process the following categories of personal data:

Email address: Used for authentication (magic link login), sending usage alerts, weekly digest emails, and team invitations.
CI provider tokens and connection details: OAuth or personal access tokens for GitHub Actions, Bitrise, CircleCI, and GitLab CI. These are encrypted at rest using AES-256-GCM and used solely to fetch your CI/CD usage data. For self-hosted instances (GitHub Enterprise Server, GitLab), we also store the instance URL you provide.
CI usage data: Minutes, credits, workflow/project names, and usage breakdowns from your connected CI accounts.
IP addresses and user agents: Collected during authentication and recorded in session logs and audit trails for security purposes.
Session data: Database-backed session tokens for maintaining authentication state.
Website analytics: Page views and feature interactions via Google Analytics (only with your explicit consent) and Vercel Analytics (privacy-respecting, no cookies, always active).

3. Legal Bases for Processing (Art. 6 GDPR)

We process your personal data on the following legal bases:

Performance of contract (Art. 6(1)(b)): Processing necessary to provide the Build Quota service, including fetching CI usage data, sending configured alerts, managing team memberships, and generating usage reports.
Legitimate interest (Art. 6(1)(f)): Security logging (IP addresses, user agents, audit trails), rate limiting, session management, and fraud prevention. Our legitimate interest is to protect the service and its users.
Consent (Art. 6(1)(a)): Google Analytics tracking (requires explicit opt-in via cookie consent banner) and AI-powered usage analysis (can be disabled in Alert Settings).

4. AI-Powered Analysis

When AI insights are enabled (opt-in by default, opt-out available), we send the following data to AI providers for analysis:

Aggregated usage statistics (percentage used, daily averages, trends)
Workflow/project names and their relative usage amounts
Usage predictions and detected patterns (sprint cycles, trends)

We do not send your email address, authentication tokens, or any personally identifiable information to AI providers. You can opt out of AI processing entirely in your Alert Settings. When disabled, no data is sent to external AI services and no AI-generated insights are produced.

5. CI Provider Integrations

Build Quota connects to the following CI providers to fetch your usage data:

GitHub Actions: We access the GitHub Billing API and Actions API to retrieve minute usage, workflow details, and plan information. GitHub Enterprise Server (GHES) is also supported — when you connect a GHES instance, API calls are made to your specified enterprise server URL instead of github.com. GHES URLs are validated against SSRF protections before use.
Bitrise: We access the Bitrise API to retrieve credit usage, app information, and build statistics.
CircleCI: We access the CircleCI API to retrieve credit usage, project information, and pipeline data.
GitLab CI: We access the GitLab API to retrieve compute minute usage, namespace information, and project data. Self-hosted GitLab instances are supported with SSRF protections.

All CI tokens are encrypted using AES-256-GCM before storage. Tokens are only decrypted server-side when making API calls to the respective CI provider.

6. Third-Party Processors

We use the following third-party services to operate Build Quota:

Vercel (San Francisco, US) — Hosting, serverless functions, PostgreSQL database, and privacy-respecting analytics. Privacy Policy
Resend (US) — Transactional email delivery for alerts, magic links, and weekly digests. Privacy Policy
Google Gemini (US) — Primary AI provider for generating usage insights and recommendations. Only receives aggregated usage data, not personal information. Terms
OpenAI (US) — Fallback AI provider when Gemini is unavailable. Same data restrictions as Gemini. Privacy Policy
Upstash (US) — Redis-based rate limiting to protect the service from abuse. Only processes request metadata (no personal content). Privacy Policy
Google Analytics (US) — Website analytics for understanding feature usage (requires explicit consent via cookie banner). Privacy Policy

7. Cookies & Tracking

Essential cookies: A session cookie (session) is required for authentication. This is a functional cookie exempt from consent requirements.
Analytics cookies (consent required): Google Analytics cookies are only set after you accept cookies via the consent banner. You can withdraw consent at any time by clearing your cookie-consent preference in your browser.
Vercel Analytics: Privacy-respecting analytics that do not use cookies or track personal information. Active by default under legitimate interest.
Consent preference: Your cookie consent choice is stored in localStorage (not a cookie) and persists across sessions.

8. Data Retention

We retain different categories of data for different periods:

Usage snapshots: Up to 365 days, automatically cleaned up by periodic maintenance.
AI insights: 6 hours cache, auto-expire and are cleaned up periodically.
Audit logs: 90 days, then automatically deleted.
Sessions: 30 days expiry, revoked sessions cleaned up periodically.
Magic links: 15 minutes expiry, single-use, cleaned up after expiry.
Team invitations: 7 days (email) or 30 days (link), cleaned up after expiry.
Account data: Retained until you delete your account. All data is permanently removed upon account deletion via cascading deletes.

9. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

Right of access (Art. 15): You can export all your data via the "Export All Data" button in Alert Settings. This provides a comprehensive JSON file containing all personal data we hold about you.
Right to erasure (Art. 17): You can permanently delete your account and all associated data via the "Delete Account" option in Alert Settings. Deletion cascades to all related tables.
Right to data portability (Art. 20): The data export provides your data in a structured, machine-readable JSON format. You can also export usage history as CSV from the dashboard.
Right to rectification (Art. 16): Contact us at privacy@buildquota.com to correct any inaccurate personal data.
Right to restriction (Art. 18): You can disable alerts, AI insights, and weekly digests individually in Alert Settings.
Right to object (Art. 21): You can opt out of AI-powered analysis in your settings. You can decline analytics cookies via the consent banner.
Right to withdraw consent: You can withdraw consent for analytics cookies and AI processing at any time through your settings. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

To exercise any right not available through self-service, contact us at privacy@buildquota.com. We will respond within 30 days.

10. International Data Transfers

Your personal data is processed by service providers located in the United States. These transfers are protected by:

The EU-U.S. Data Privacy Framework, where applicable
Standard Contractual Clauses (SCCs) approved by the European Commission
The processor's own data protection certifications and commitments

11. Security Measures

We implement the following technical measures to protect your data:

AES-256-GCM encryption for all CI tokens and webhook URLs at rest
HTTPS/TLS for all data in transit
Database-backed sessions with cryptographic tokens and revocation support
Triple-layer rate limiting (Redis, PostgreSQL, in-memory) to prevent abuse
SSRF protection on self-hosted GitLab URLs
CSV injection prevention in data exports
Timing-safe comparisons for all secret validation
Audit logging of security-relevant actions

12. Children's Privacy

Build Quota is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users. Continued use of the service after changes constitutes acceptance of the updated policy.

14. Contact

For privacy-related questions, to exercise your GDPR rights, or to file a complaint, contact us at:

privacy@buildquota.com

You also have the right to lodge a complaint with your local data protection authority.