What we collect
- Account: the GitHub OAuth identity or email magic-link you sign in with. We keep your name, handle, avatar, and (optionally) bio.
- Content: the projects, updates, comments, media, and reactions you post. Stored in our database, served from our storage.
- Activity: clicks on project / update links, page views on projects (deduped per viewer), and notifications you generate or receive.
- GitHub App (optional): when you connect repos, we store the installation id, the repo’s public metadata (name, stars, language, default branch, last push, README excerpt), and your installation token in memory only — never on disk.
Who sees what
- Profile, projects, updates, comments, reactions: visible to anyone you share at least one active group with. Period.
- Click and view counts: public to your group-mates. Who clicked / viewed: only the project owner sees the names.
- Notifications: only the recipient sees them.
- Nobody outside your groups can see your stuff. No public web pages. No search engine indexing of app content.
What we don't do
- No third-party analytics, advertising, or behavioural trackers.
- No selling, renting, or monetising your data.
- No emails beyond magic-link sign-in and transactional account messages.
- No background scraping of your repos beyond the GitHub App scopes you grant (Contents + Metadata, read-only).
Deletion + export
Delete a project from its edit page; updates, comments, reactions, media, and click rows cascade with it. Leave a group from its settings; your visibility into that group goes with you. To delete your whole account, email the admin — full export tooling is on the backlog.
Contact
Questions, requests, takedowns: email the admin who invited you. This isn’t a company; it’s a small hub run by a person.