Legal
Privacy Policy
Last updated: March 5, 2025
🔒 We never store your source code. Your GitHub token is stored exclusively within your own Google account using Google's encrypted storage — not on any external server.
GitHub Org Health ("the Add-on") is a Google Sheets Editor Add-on that connects to GitHub's API to display repository health metrics. This policy explains how we handle your data.
1. Data We Collect
- GitHub Personal Access Token (PAT) — used to authenticate API calls to your GitHub account
- GitHub Organization / Username — used to identify which repositories to scan
- Account Type — whether you're using an organization or personal account
We do not collect, read, clone, or store any source code from your repositories.
2. How We Store Data
- Your GitHub PAT and organization name are stored using Google Apps Script's ScriptProperties, which is encrypted, per-project storage managed by Google
- Data is stored within your Google account and is only accessible to you
- We do not operate any external servers or databases
- No data is stored outside of your Google account
3. How We Use Data
Your credentials are used solely to:
- Fetch repository metadata (names, visibility, issue counts) from the GitHub REST API
- Fetch open pull request data from the GitHub GraphQL API
- Fetch branch information to identify stale branches
- Fetch Dependabot alert counts
- Fetch dependency license information via the SBOM API
- Display this information in your Google Sheet
4. Data Sharing
We do not share your data with any third parties. All API calls go directly from Google's servers to GitHub's API. There are no intermediary servers, analytics services, or tracking tools.
5. Third-Party Services
The Add-on communicates only with:
- GitHub API (api.github.com) — to fetch repository data using your PAT
- Google Sheets API — to write dashboard data to your spreadsheet
No other third-party services are used.
6. Data Retention
- Your GitHub PAT is stored until you click "Disconnect" in the Add-on panel
- Dashboard data in the spreadsheet persists until you delete it or clear the sheet
- Disconnecting removes all stored credentials immediately
7. Security
- All API calls use HTTPS encryption
- Your PAT is stored in Google's encrypted ScriptProperties storage
- The Add-on runs entirely within Google's infrastructure
- We recommend using a GitHub PAT with minimum required scopes (
repo, read:org)
8. Your Rights
You can at any time:
- Disconnect — removes all stored credentials from your Google account
- Revoke your GitHub PAT — instantly disables all API access
- Uninstall the Add-on — removes the Add-on and all associated stored data
9. Google API Services User Data Policy
This Add-on's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
10. Contact
For questions about this privacy policy, contact us at: ajaypadwal73@gmail.com
11. Changes
We may update this policy occasionally. Changes will be posted on this page with an updated date. Continued use of the Add-on after changes constitutes acceptance of the updated policy.