Privacy Policy
Last updated: April 12, 2026
GitMon is an AI companion for developers. Your GitHub activity feeds a persistent virtual creature that lives in your browser, on the web, and (soon) in your terminal. This policy explains exactly what we collect, why, where it lives, how it is used, and how you control it.
We aim for plain language. If any section is unclear, email us at the address at the bottom and we will clarify.
Summary
- We collect what we need to power the features you use — GitHub activity, your gitmon's state, and (optionally) activity on developer sites you allow.
- We never read page content, form values, search queries, or credentials. See “What we never collect”.
- We never sell raw, identifiable behavior data.
- We may use aggregated, anonymized patterns to improve the product and share insights with partners.
- In the event of a merger or acquisition, your data may transfer to the acquiring entity under the same terms. See “Business transfers”.
- You can export or delete your data at any time from settings.
What we collect (web app)
- GitHub OAuth profile: your GitHub username, avatar URL, email (if public), and an access token scoped to
read:user,repo. We use the token to read your public and private repository activity (commits, PRs, issues, stars). We never read, store, index, or modify your source code. See “Why we request the repo scope” below. - Activity events: timestamps and types of GitHub events (commits, PRs, issues, stars) that affect your gitmon's vitals. Stored with row-level security so only you can read your own events.
- GitMon state: your gitmon's species, level, vitals, position in the shared world, chat messages, interaction history with other gitmons, and relationships. All linked to your account.
- LLM API key (optional): if you provide an Anthropic or OpenAI key for chat features, we store it in plaintext on your gitmon row (gated by row-level security so only you can read it) and use it only to power your gitmon's conversations. The key is sent directly from your browser or extension to the LLM provider — we never proxy your chat content. You can remove it at any time from settings, and rotating it on the provider side immediately invalidates the stored copy.
- Product analytics: anonymous page views, feature usage, and performance metrics (no third-party trackers, no ad networks). Used to understand what works and what to improve.
Why we request the repo scope
GitHub's OAuth model does not offer a read-only scope for private repositories. To count commits, PRs, and issues across all of your repositories (not just public ones), we must request the repo scope — the narrowest available option that includes private activity metadata.
What we actually access
- Event metadata: timestamps, event types (commit, PR, issue, star), and counts.
- Repository names: cached for your analytics dashboard (language breakdown, contribution heatmap).
- Profile info: username, avatar, public email.
What we never access
- Source code, file contents, or diffs
- Repository settings, secrets, or webhooks
- Collaborator lists or organization data
- Write operations of any kind — we never push, merge, or modify anything
Other tools that request the same scope
The repo scope is standard across developer tools that need private repository activity. Well-known services that request it include:
- Travis CI — CI/CD that clones private repos for builds
- Codecov — code coverage reports on private repos
- WakaTime — coding time stats from commit history
- Code Climate — static analysis on private codebases
- Gitpod — cloud dev environments that clone private repos
- GitHub Readme Stats — profile cards using private contribution counts
Note: several of these tools have migrated to GitHub Apps for finer-grained permissions. We plan to do the same when Supabase Auth supports GitHub App OAuth (tracked internally).
Data minimization and compliance alignment
Although GitMon is an independent project (not yet formally certified), our data handling practices are aligned with the following industry standards:
- GDPR Article 5(1)(c) — Data Minimization: we request only the GitHub scopes necessary to deliver the service and do not store, index, or process your source code.
- LGPD Article 6 — Necessity: data collection is limited to what is strictly necessary for the stated purpose (powering your GitMon).
- RFC 6749 §3.3 — OAuth Scope Least Privilege: we use
read:userandrepoonly because GitHub provides no read-only private repository scope. - ISO 27001 principles: access control, data classification, and incident response practices aligned with the standard. We are not yet certified.
- OWASP ASVS Level 2: authentication, session management, and API security follow the OWASP Application Security Verification Standard guidelines.
What the browser extension collects
The extension uses a four-level privacy ladder. Level 1 is the default — higher levels require explicit opt-in via the extension settings page. You can downgrade at any time, and higher-level data is purged within 7 days.
Level 1 — Minimal (default)
- Auth token (stored in extension local storage, never synced)
- Your extension settings (toggle, preferences)
- The current tab's URL only when you explicitly click the toolbar icon
Nothing else leaves your browser at Level 1.
Level 2 — Activity (opt-in)
- Time spent on a curated allowlist of developer sites (github.com, stackoverflow.com, dev.to, and similar). Aggregated to daily totals.
- Idle and unfocused time is not counted. Sites outside the allowlist are not tracked.
Used to drive your gitmon's mood and power your personal analytics dashboard. Aggregated, anonymized patterns from this data may inform product development. The full allowlist is visible in your extension settings.
Level 3 — Trends (opt-in)
- URL paths (not query strings) on github.com — which repos and which orgs you visit.
- Anonymized: stripped of your user identifier, bucketed into 1-hour windows, and only included in reports that aggregate at least 5 distinct users (k-anonymity, k=5).
Used to power ecosystem trend reports and insights for developer tool partners. Individual browsing patterns cannot be reverse-engineered from published aggregates.
Level 4 — Pro analytics (paid, opt-in)
- Browser idle and active state
- Focus session length
- Attention split (time on code vs. off-topic)
- Per-day productivity patterns
Available to GitMon Plus subscribers. Primarily powers your personal Pro analytics dashboard. Aggregated, anonymized patterns from this data may also inform product development. You control collection via granular toggles in settings. Cancel your subscription and Level 4 data is purged within 7 days.
What we never collect
These are hard lines. No level, no opt-in, no exception.
- Page content or DOM
- Form input values (no keystroke logging, ever)
- Search engine queries
- Cookies, localStorage, or sessionStorage of other sites
- Passwords or any credential
- Webcam, microphone, geolocation, contacts
- Tabs outside your active window
- Anything from incognito / private mode
How we use your data
- Operate the product: power your gitmon, the shared world, chat, and analytics dashboards you opt into.
- Improve the product: understand what features developers use, spot bugs, and prioritize the roadmap.
- Aggregated insights: we may publish or share aggregated, anonymized patterns with partners (for example, ecosystem trend reports). Individual users cannot be identified from these aggregates.
- Communications: send account-related emails (security, billing, streak reminders if you enable them). We do not send marketing emails without explicit opt-in.
What we do not do
- We do not sell raw, identifiable behavior data to third parties.
- We do not share your data with advertising networks or data brokers.
- We do not use your private repository content to train AI models.
- We do not share data with recruiters, HR tech, or hiring platforms.
Where data lives
- Database: Supabase (PostgreSQL). Row-level security on every table — only you can read your own data.
- Cache: Upstash Redis for short-lived state (session caches, rate limits). No personal data persisted beyond 60 minutes.
- Hosting: Vercel (web + API).
- LLM providers (when you enable chat): Anthropic or OpenAI, using the API key you provide. Your chat content is sent directly to the provider you chose.
- Extension local storage: your browser's
chrome.storage.localfor the auth token, andchrome.storage.syncfor user-facing settings.
Your rights
Under GDPR (EU), LGPD (Brazil), and CCPA (California), you have the following rights. We honor them regardless of where you live.
- Access: see all data we have about you in your dashboard.
- Export: download your data as JSON from settings.
- Delete: delete your account from settings — all linked data including extension sessions is purged immediately.
- Rectify: correct or update profile information.
- Downgrade: lower your extension privacy level at any time. Higher-level data is purged within 7 days.
- Revoke device access: disconnect specific extension sessions without affecting your web login.
- Object: opt out of aggregated analytics at any time from settings.
Business transfers
If GitMon is acquired by, merged with, or transfers assets to another entity, your data may be part of that transfer. The acquiring entity will be bound by the same privacy commitments described in this policy, or it will notify you and obtain fresh consent before using your data under different terms. You will have the right to export or delete your data before any such transfer takes effect.
Cookies
The web app uses essential cookies for authentication only (Supabase session). No tracking cookies, no third-party advertising cookies. The extension does not use cookies on any site you visit.
Children
GitMon is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has created an account, email us and we will delete it.
Changes to this policy
We will update this page when the practices change. Material changes will be announced via email and a banner in the web app at least 14 days before they take effect. The “Last updated” date at the top always reflects the current version.
Contact
Questions, complaints, or data requests: bruno@b2tech.io
GitMon is operated by an independent developer based in Brazil. This policy is governed by the laws of Brazil (LGPD) and complies with GDPR (EU) and CCPA (California) requirements. See also our Terms of Service and Security page.