Privacy Policy

Last updated: June 9, 2025

Overview

RepoGrade (“we”, “us”, “our”) is a free tool that grades public GitHub repositories. We designed it to work without accounts — you don't need to sign in, and we don't sell data. This policy explains what we do collect and why.

What we collect

  • Repository scan results. When you grade a repository, we store the URL, score, grade, and scan details in our database (Supabase/PostgreSQL). This powers the leaderboard and caching so repeat scans are faster. We do not store any private repository data — only public repos are supported.
  • Feedback submissions. If you submit feedback via the Roadmap page, we store the message, type, and optional email address you provide.
  • Anonymous analytics. We use Vercel Analytics for aggregate, anonymized page-view data, and PostHog for a small set of named product events (for example, submitting a repo or copying a badge) so we can understand how features are used. PostHog runs in an events-only mode: no session recording, heatmaps, autocapture, or tracking cookies, and it stores its identifier in localStorage rather than a cookie. Neither tool collects personally identifiable information.
  • Session IDs. A random session identifier is stored in your browser's localStorage solely to de-duplicate scan and share events in our analytics. It is not linked to any personal information.

What we don't collect

  • No account or login data — we have no authentication system.
  • No cookies beyond what Vercel Analytics sets (if any). PostHog uses localStorage, not cookies.
  • No IP addresses stored in our database.
  • No private repository data or GitHub credentials.

Third-party services

  • GitHub API. We fetch publicly available metadata and files from GitHub's REST API to run scans. We do not store GitHub credentials.
  • Supabase. Our database provider (hosted PostgreSQL). Scan data is stored in the EU region. See Supabase's privacy policy.
  • Vercel. Our hosting provider handles web traffic and page-view analytics. See Vercel's privacy policy.
  • PostHog. Product analytics for named funnel events, used in an events-only mode. See PostHog's privacy policy.

Data retention

Scan results are retained indefinitely to power the leaderboard and caching. Feedback submissions are retained until manually deleted. You may request deletion of any data associated with a specific repository or feedback submission by contacting us.

Your rights

If you are in the EU or California, you have the right to request access to, correction of, or deletion of data we hold. Because we collect no personal information beyond optional email addresses in feedback, most requests will be trivially fulfilled. Contact us at yellowhourihan12@gmail.com with any requests.

Changes to this policy

We may update this policy as the product evolves. Material changes will be reflected in the “Last updated” date above.

Contact

Questions? yellowhourihan12@gmail.com or use the feedback form.