GitVoyager ("we", "us", "our") is committed to protecting your privacy and being transparent about how we handle your data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data.

1. Information We Collect

We collect only the minimum data necessary to provide our service:

1.1 Account Information

• GitHub Username: Your public GitHub username for identification
• Email Address: Provided via GitHub OAuth for account recovery and essential notifications
• Profile Picture: Your GitHub avatar URL
• Display Name: Your public GitHub display name

1.2 GitHub Contribution Data

• Public contribution counts (total commits, pull requests, issues, reviews)
• Contribution calendar data (daily counts only, not content)
• Public repository count
• Account creation date and tenure

1.3 Usage Data

• Pages visited and features used within GitVoyager
• Login timestamps and session duration
• Device type and browser information
• IP address (for security and fraud prevention)

1.4 Payment Information (Teams Plan)

If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store your credit card numbers or banking details. We only receive confirmation of payment status, subscription tier, and billing cycle dates from Stripe.

2. Information We Do NOT Collect

We want to be crystal clear about what we never access:

• Source Code: We never access, read, or store any code from your repositories
• Private Repositories: We have no access to private repos or their metadata
• Commit Messages: We don't read or store the content of your commits
• Code Diffs: We never see what changes you made in any commit
• Private Organizations: We have no access to private org data
• GitHub Tokens with Write Access: We only request read-only public data scopes
• Sensitive Personal Data: We don't collect health, biometric, or financial data (beyond payment processing)

3. How We Use Your Information

We use your data for the following purposes:

3.1 Service Delivery

• Calculate your voyage distance based on contribution counts
• Generate your personalized space journey visualization
• Display your position on public leaderboards (username and avatar only)
• Enable friend connections and team features

3.2 Communication

• Send essential account notifications (password resets, security alerts)
• Notify you of significant changes to our service or terms
• Send product updates and feature announcements (opt-out available)

3.3 Service Improvement

• Analyze aggregate usage patterns to improve features
• Debug issues and fix bugs
• Prevent fraud and abuse

3.4 Legal Basis for Processing (GDPR)

We process your data based on:

• Contract: Processing necessary to provide the service you signed up for
• Legitimate Interest: Improving our service, preventing fraud, and ensuring security
• Consent: Marketing communications (you can withdraw consent anytime)
• Legal Obligation: Compliance with applicable laws

4. Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Contribution Data: Refreshed periodically from GitHub; historical voyage data retained for your progress tracking.
• Usage Logs: Retained for 90 days for debugging and security purposes, then anonymized or deleted.
• Payment Records: Retained for 7 years as required by UK tax law.
• Marketing Preferences: Retained until you change them or delete your account.

5. Third-Party Services

We use trusted third-party services to operate GitVoyager. Each has their own privacy policy:

• GitHub (github.com) — Authentication via OAuth and public contribution data.Privacy Policy
• Supabase (supabase.com) — Database hosting and authentication infrastructure, hosted in the EU.Privacy Policy
• Vercel (vercel.com) — Website hosting and edge delivery.Privacy Policy
• Stripe (stripe.com) — Payment processing for team subscriptions.Privacy Policy

We do not sell, rent, or trade your personal data to any third parties. Ever.

6. Cookies and Tracking

We use cookies and similar technologies to provide and improve our service. For detailed information, please see our Cookie Policy.

In summary, we use:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: To understand usage patterns (only with your consent)

You can manage your cookie preferences at any time through the cookie banner or browser settings.

7. Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, contact us through the appropriate channels in the application. We will respond within 30 days.

8. Your Rights Under CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights:

• Right to Know: Request disclosure of what personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do NOT sell or share your personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Data: We do not collect sensitive personal information as defined by CCPA
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Categories of Personal Information Collected

In the past 12 months, we have collected:

• Identifiers (username, email, IP address)
• Internet activity information (usage logs, pages visited)
• Commercial information (subscription status for paid users)

To exercise your CCPA rights, contact us through the appropriate channels with the subject "CCPA Request".

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Contractual obligations with our service providers

10. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication via GitHub OAuth
• Regular security audits and monitoring
• Access controls and least-privilege principles
• Secure data centers via our infrastructure providers

While we strive to protect your data, no method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it through responsible disclosure channels.

11. Children's Privacy

GitVoyager is not intended for children under 13 years of age (or 16 in certain EU countries). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately through appropriate channels and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting a notice on our website
• Sending an email to registered users
• Updating the "Last updated" date at the top of this page

We encourage you to review this policy periodically. Continued use of GitVoyager after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We aim to respond to all inquiries within 30 days.