Privacy Policy

Effective Date: 2025/03/10

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect personal data when users sign up through our GitHub OAuth app. We are committed to complying with the General Data Protection Regulation (GDPR) and ensuring the security and privacy of user data.

2. Data We Collect

When users authenticate via GitHub OAuth, we collect and store the following data:

  • Basic Identifiers:

  • Email address

  • GitHub username

  • GitHub ID

  • Authentication Data:

  • GitHub OAuth token (stored until expired and replaced with a new token)

  • GitHub-Related Data (Identifiers Only, No Content):

  • List of GitHub organizations the user belongs to

  • List of the user’s personal GitHub repositories

  • List of repositories within the user’s GitHub organizations

3. How We Collect Data

We collect this data via the GitHub API using the GitHub OAuth token provided by the user during authentication.

4. Purpose of Data Collection

We collect and process user data for the following purposes:

  • Authentication & Account Management: To enable users to log in securely via GitHub OAuth.
  • Access Control & Authorization: To determine user permissions based on their GitHub repositories and organizations.
  • User Experience & Feature Enablement: To personalize and optimize services based on GitHub-related data.

5. Data Retention

We store data as follows:

  • Email & GitHub Username: Stored indefinitely unless a deletion request is made.
  • GitHub OAuth Token: Stored until it expires and is replaced with a new token via the GitHub OAuth flow.
  • GitHub Repository & Organization Identifiers: Stored in cache, with a lifespan ranging from 30 minutes to indefinite, depending on system caching behavior.
  • User Data Deletion: Users may request data deletion at any time (see Section 8 – User Rights).

6. Data Storage & Security

  • All data is securely stored using Neon, a serverless database provider.
  • We implement industry-standard security measures, including encryption, access controls, and database security, to prevent unauthorized access, alteration, disclosure, or destruction of user data.

7. Sharing of Data with Third Parties

We do not share or sell user data to third parties. Data is used solely for authentication, access control, and application functionality.

8. User Rights under GDPR

Under GDPR, users have the following rights regarding their personal data:

  • Right to Access – Users can request a copy of the personal data we store.
  • Right to Rectification – Users can request corrections to their stored data.
  • Right to Erasure ("Right to Be Forgotten") – Users can request deletion of their personal data.
  • Right to Restriction of Processing – Users can request that their data processing be limited under certain conditions.
  • Right to Data Portability – Users can request their data in a structured, commonly used format.
  • Right to Object – Users can object to certain types of data processing.

How to Exercise Your Rights

Users can request to view, update, or delete their personal data by contacting our support team at: 📧 [email protected]

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be communicated to users through our website or email notifications.

10. Contact Information

For any questions regarding this Privacy Policy or data-related inquiries, users can contact: 📧 [email protected]