Privacy Policy

Last updated: February 22, 2026

1. What We Collect

• GitHub OAuth Data: When you sign in with GitHub, we access your basic profile info (name, email, username). We never post to your account.
• Extension Usage: Which repositories you view scores for.
• Payment Data: Processed by Stripe — we don't see your card details.

2. How We Use Data

We use data to: provide the service, process payments, improve the product, and communicate with you. We don't sell your data.

3. Data Storage

GitHub OAuth tokens are encrypted and stored securely. You can request deletion of your data at any time.

4. Your Rights (GDPR/UK DPA)

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion ("right to be forgotten")
• Portability: Get your data in machine-readable format

5. Cookies

We use minimal cookies — primarily for authentication. The extension doesn't use cookies.

6. Third Parties

• GitHub: OAuth authentication
• Stripe: Payment processing
• Plausible: Privacy-friendly analytics (no cookies, no personal data)

7. Data Retention

We keep data as long as your account is active. You can request deletion anytime — we'll delete within 30 days.

8. Security

We use encryption (AES-256) for sensitive data. However, no system is 100% secure — use the service at your own risk.

9. Children's Privacy

RepoScore is not for anyone under 13. We don't knowingly collect data from children.

10. Changes

We may update this policy. We'll notify you via email of material changes.

11. Contact

Questions? Email hello@reposcore.dev