RepoSignal.ai

Privacy Policy

Last updated: February 20, 2026

1. What We Collect

RepoSignal analyzes publicly available GitHub profile metadata to generate developer evaluation reports. The data we access includes:

  • Public profile information (name, bio, avatar, location, account age)
  • Public repository metadata (names, stars, forks, languages)
  • Public contribution statistics (commits, pull requests, issues, reviews)
  • Public follower and following counts

2. What We Do NOT Access

We do not have access to your source code or repository contents. RepoSignal only reads metadata and aggregate statistics provided by the GitHub API. We never clone, read, download, or store the contents of any repository.

  • No access to source code, files, or repository contents
  • No access to private messages, comments on private issues, or internal discussions
  • No access to repository secrets, environment variables, or CI/CD configurations

3. Optional Sign-In (GitHub OAuth)

If you choose to sign in with GitHub, we request the following OAuth scopes:

  • read:user — to read your profile information, including private contribution counts
  • read:org — to read your organization memberships

We do not request the repo scope. This means we cannot read, write, or modify the contents of any repository, even after sign-in.

4. Optional GitHub App Installation

You may optionally install the RepoSignal GitHub App on your account or specific repositories. This provides additional per-repository statistics (commit counts, PR counts, issue counts) via limited API access.

Access to organization repositories is the responsibility of the person who grants the installation. If an organization admin installs the GitHub App on organization repositories, they are responsible for ensuring they have the authority to do so and that such access complies with their organization's policies.

5. Data Storage

We store evaluation results, computed scores, and aggregated metadata in our database to provide cached reports and published profiles. OAuth tokens are stored securely and used solely to refresh your profile data.

You can request deletion of your data at any time by contacting us.

6. Third-Party Services

  • GitHub API — to fetch public profile and contribution metadata
  • OpenAI — to generate AI-powered profile analysis summaries (aggregated data only, no source code)
  • Neon (PostgreSQL) — for database hosting
  • Sentry — for error tracking and performance monitoring

7. Cookies

We use essential cookies for authentication sessions only. We do not use advertising or tracking cookies.

8. Contact

For questions about this privacy policy or to request data deletion, contact us at privacy@reposignal.com.