$ cat /etc/privacy

Privacy Policy

Effective date: March 4, 2026
Last updated: March 4, 2026

1. Who We Are

Git Leaderboard is the data controller for personal data processed through this service.

2. Scope

This Privacy Policy explains what personal data we process, why we process it, how we protect it, and what rights you have under GDPR when you use Git Leaderboard.

3. Data We Process

When you sign in with GitHub, we process profile and contribution data needed to provide the service.

GitHub profile fields:

login, name, avatarUrl, bio, company, location, URL, websiteUrl, social accounts
followers, following, gists, issues, account creation date
email only if currently returned by GitHub API; if present, it may appear on the public profile

Aggregated contribution and performance metrics:

totalContributions
totalCommitContributions
totalIssueContributions
totalPullRequestContributions
totalPullRequestReviewContributions
totalRepositoryContributions
totalRepositoriesWithContributedCommits
totalRepositoriesWithContributedIssues
totalRepositoriesWithContributedPullRequestReviews
totalRepositoriesWithContributedPullRequests
mergedPullRequests
impactScore (commits*1 + issues*2 + PR reviews*3 + merged PRs*5)
daily totals by date, plus monthly/yearly summaries
weekly streak/league aggregates (impact, active days)

Authentication and security data:

session and account records required for login security
technical anti-abuse and rate-limit data

PRO billing data:

stripeCustomerId, stripeSubscriptionId, stripePriceId
subscription status and current period end

4. What We Do Not Process

we do not clone repositories
we do not read repository code
we do not inspect file contents or commit diffs
we only process aggregated numeric contribution information

5. Private Contributions

If you enable the GitHub setting, "Turning on private contributions will show anonymized private activity on your profile." you acknowledge that anonymized private activity totals may be included in your aggregated metrics on Git Leaderboard.

6. GitHub Token and Rate Limit Usage

By signing in, you agree that:

we use your GitHub API token to fetch your profile and contribution metrics
your token is stored encrypted (AES-256-GCM) and decrypted only on the server for GitHub API calls
we use your GitHub GraphQL API rate limit for sync operations
typical consumption is approximately 10-30 rate-limit points per day per user (depending on usage and plan), from a standard 5,000-point hourly limit reset by GitHub

7. Legal Basis (GDPR)

We process personal data under Article 6(1) GDPR on the following bases:

Article 6(1)(b): performance of a contract
Article 6(1)(f): legitimate interests (security, abuse prevention, reliability)
Article 6(1)(a): consent, where applicable (including contribution visibility choices made in your GitHub account)

Official GDPR text (EUR-Lex): https://eur-lex.europa.eu/eli/reg/2016/679/oj

8. Data Sharing and Processors

We share data only where needed to provide the service, with:

GitHub (OAuth and API data source)
Convex (application data backend)
Stripe (subscription billing for PRO)
hosting/infrastructure providers

9. Retention

profile and metrics are kept while your account remains active
deleting your account removes profile, contribution, streak, league, and auth records tied to your account
during a non-finalized weekly league cycle, an anonymized placeholder may be temporarily kept to preserve fair slot counts

10. Your Rights (EU/EEA)

You may request access, correction, deletion, restriction, portability, and objection rights under GDPR, and may withdraw consent where consent is the legal basis.

Contact us at gitleaderboard@gmail.com. You also have the right to lodge a complaint with your local supervisory authority.

11. Cookies and Local Storage

We use essential session cookies for authentication and a local profile cache in your browser (email excluded from local cache) to improve loading speed.

12. Policy Updates

We may update this Privacy Policy from time to time. Updates are posted on this page with a revised date.