[ LEGAL::GITHUB_DATA ]

How We Use Your GitHub Data

Last updated: January 2026

We read your GitHub activity to display stats, achievements, and leaderboard position. We never modify your code or repositories.

1. Why We Request GitHub Access

Githero transforms your GitHub activity into an engaging profile with stats, achievements, and leaderboards. To do this, we need to read your contribution data from GitHub's API.

GitHub's OAuth system doesn't offer a "read-only" permission for private repositories. To include your private repo contributions in your stats, we must request the repo scope, which technically includes write access. However, we only use read operations.

2. What We Read

When you connect your GitHub account, we access:

  • Profile: Username, avatar, bio, and email to display your Githero profile
  • Repositories: Names, stars, forks, topics, and languages to calculate stats and detect skills
  • Commits: Counts, timestamps, and line changes to track contributions and streaks
  • Pull Requests: Counts, merge times, and status for PR stats and velocity metrics
  • Issues: Opened and closed counts for issue tracking achievements
  • Code Reviews: Counts and approval rates for review stats and mentor achievements

We read from both public and private repositories to give you complete stats. Private repo names are never displayed publicly — only aggregate numbers (e.g., "142 total commits").

3. What We Never Do

Despite having technical capability due to GitHub's scope limitations, Githero never performs write operations:

  • We never modify your code
  • We never create or delete branches
  • We never open issues or pull requests
  • We never change repository settings
  • We never add webhooks or deploy keys
  • We never star, fork, or follow on your behalf

4. How We Store Your Data

Your GitHub access token is stored encrypted in our database and retained until you revoke access. Profile information and contribution stats are stored while your account is active.

We don't store:

  • Your actual code or file contents
  • Commit messages or PR descriptions
  • Issue content or comments
  • Any data from repos you don't own

5. Revoking Access

You can remove Githero's access to your GitHub account at any time:

  1. Go to GitHub Settings → Applications
  2. Find "Githero" under Authorized OAuth Apps
  3. Click "Revoke"

After revoking, we can no longer read your GitHub data. Your existing stats remain until you delete your Githero account.

6. Technical Transparency

We publish the source code for our entire GitHub integration — the single file that handles all communication with GitHub's API. This file is automatically synced to our public repository whenever we make changes, so you can always verify exactly what code is running.

What you can verify in the source code

Our github.ts file contains every GitHub API call we make. By reading it, you can confirm:

  • All requests use read-only endpoints (GET requests and read-only GraphQL queries)
  • No POST, PUT, PATCH, or DELETE calls to repositories, issues, or PRs
  • No code that could modify your account in any way

View the source code →

7. Questions?

If you have questions about how we use your data, open an issue or read our Privacy Policy and Terms of Service.