/legal/privacy
Privacy policy
Effective date: 29 April 2026.
This policy describes what GitTok collects when you sign in and use the early-access product, and what we do with it. By clicking Continue with GitHub on the sign-in screen you agree to the practices described here.
What we collect
Your GitHub username, avatar, public repository metadata, and the demo video files you upload. We do not request scopes beyond what is needed to verify ownership and inject your README preview.
What we do not collect
We never read private repositories, email contents, or organization data outside the installations you authorize.
Storage and processing
Demo videos are encoded by Mux and stored on Cloudflare R2. Profile metadata lives in a Supabase Postgres database with row-level security enforced per user.
Subprocessors
We rely on a small set of vendors to operate GitTok: Supabase (auth + Postgres), Mux (video encoding + delivery), Cloudflare R2 (object storage), Inngest (job queue), and Vercel (hosting). Each handles only the data needed to provide its service.
Deletion
Removing a post deletes the upstream Mux asset, the R2 object, and the README injection on your next profile fetch. Account deletion is honored within 30 days and removes your profile, posts, and any active README injection.
Your rights
You can request access to or deletion of your data at any time via the contact below. EU/UK residents have the rights described under the GDPR; California residents have the rights described under the CCPA/CPRA. We respond within 30 days.
Changes to this policy
We will update the effective date at the top of this page when this policy changes. For material changes during early access we will surface a banner on next sign-in.
Contact
Privacy questions or data-subject requests: privacy@gittok.dev.