Privacy
Last updated: 2026-05-04
Your token
Your GitHub Personal Access Token is encrypted in your browser using AES-GCM (Web Crypto API) and stored in localStorage. The encryption key is held in IndexedDB. The token is never sent to our servers and never stored server-side, except briefly as part of opt-in AI requests where it is used in-memory and discarded. It auto-clears after 7 days of inactivity.
AI requests
When you click "Generate insights", we send only aggregated, anonymized statistics (total commits, language percentages, etc.) to Groq for processing. We do not send your token, individual commit messages, or repository contents.
Account features
If you create an optional account, we store your email, username, and any snapshots you save. Row-Level Security ensures only you can read your own data. You can delete your account at any time, which fully removes all associated data.
No tracking
We don't use third-party analytics, ad networks, or trackers. No cookies are set beyond what's strictly necessary for authentication.
Rate limiting
For AI features we hash your IP address (with a salt) to apply fair rate limits. The hash is stored only as long as needed for the rolling rate-limit window.