Privacy Policy - GitHub Org Health Dashboard

Google User Data Accessed

This add-on requests the following Google OAuth scopes. Each scope is used strictly for the purpose described below.

https://www.googleapis.com/auth/spreadsheets.currentonly

Read and write to the active Google Sheet only. Used to display the GitHub organization health dashboard (repository metrics, pull request data, security findings) in the spreadsheet you explicitly open the add-on in. This scope cannot access any other spreadsheets in your Google Drive.

https://www.googleapis.com/auth/script.external_request

Make HTTPS requests to external services. Used exclusively to call the GitHub API (api.github.com) to fetch repository, pull request, and security data. No other external services are contacted.

https://www.googleapis.com/auth/script.container.ui

Display the add-on sidebar within Google Sheets. Used to show the sync progress sidebar and configuration interface. No data is collected through this interface beyond what you explicitly enter (GitHub token and organization name).

https://www.googleapis.com/auth/script.scriptapp

Create and manage time-based triggers. Used to schedule background sync operations so the dashboard stays current without requiring manual action.

What we do NOT access: This add-on does NOT access your Gmail, Google Drive files, Google Calendar, Google Contacts, Google Photos, or any other Google service beyond the active spreadsheet.

Google User Data Storage

This add-on does not operate any server or external database. There is no backend infrastructure owned or controlled by the developer.
All dashboard output is written directly to the Google Sheet you are working in. The data stays in your Google Drive, under your control.
Your GitHub personal access token is stored in Google Apps Script's PropertiesService (ScriptProperties), which is encrypted storage managed entirely by Google on Google's infrastructure.
Sync state metadata (progress counters, organization name) is stored temporarily in ScriptProperties during sync operations and cleared after completion.
No Google user data is ever transmitted to or stored on any third-party server.

Google User Data Usage

Google user data (specifically, write access to the active spreadsheet) is used solely to deliver the core functionality: generating the GitHub organization health dashboard.
Data is NOT used for advertising, analytics, profiling, market research, or any purpose unrelated to the add-on's core function.
The add-on does not track user behavior, build user profiles, or collect usage analytics.

Data We Collect

This add-on collects and processes the following information:

GitHub Personal Access Token: Provided by you to authenticate with the GitHub API. Stored in Google Apps Script's ScriptProperties (encrypted, managed by Google).
GitHub Organization/User Name: The target organization or username you choose to scan.
GitHub Repository Data: Public and private repository metadata, pull request information, branch data, Dependabot alerts, and license information fetched from the GitHub API.

We do not collect personal information, email addresses, browsing history, or any data beyond what is needed to generate the health dashboard.

How We Store Data

All configuration (GitHub token, organization name, account type) is stored in Google Apps Script's PropertiesService, which is encrypted storage on Google's infrastructure.
Dashboard output (repository metrics, scores, statuses) is written to the active Google Sheet in your Google Drive.
Temporary sync state (progress, cached repository lists) is held in ScriptProperties during sync and cleared upon completion.
No data is stored on any server, database, or infrastructure outside of Google's platform.

How We Use Data

All data is used exclusively to provide the add-on's core functionality:

Your GitHub token is used to authenticate API requests to GitHub.
Repository and organization data is fetched, analyzed, and written to your Google Sheet as a health dashboard.
No data is used for advertising, analytics, tracking, profiling, or any secondary purpose.

Third-Party Services

This add-on interacts with the following third-party service:

GitHub API (api.github.com): Used to fetch repository, pull request, security, and license data. Your interaction with the GitHub API is governed by GitHub's Privacy Statement.

No other third-party services, analytics platforms, or advertising networks are used.

Data Retention

Your GitHub token remains in ScriptProperties until you explicitly disconnect or remove the add-on.
Dashboard data in the spreadsheet persists until you delete or modify it.
Temporary sync data (cached repo lists, progress counters) is automatically cleared after each sync completes.
Uninstalling the add-on removes all ScriptProperties data associated with it.

Security

All communication with the GitHub API is over HTTPS (TLS encrypted).
Your GitHub token is stored in Google's encrypted ScriptProperties, not in the spreadsheet or any user-visible location.
The add-on uses the principle of least privilege: spreadsheets.currentonly limits access to only the active spreadsheet.
No data is logged, exported, or transmitted to any developer-controlled server.

Your Rights

Access: All data is visible in your Google Sheet and ScriptProperties.
Deletion: You can clear your GitHub token by clicking "Disconnect" in the add-on sidebar. Uninstalling the add-on removes all stored configuration.
Portability: Dashboard data lives in your Google Sheet, which you can export at any time.
Revoke access: You can revoke the add-on's permissions at any time via your Google Account permissions page.

Contact

If you have questions about this privacy policy or the add-on's data practices, please contact:

Email: ajaypadwal73@gmail.com

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected with an updated "Last updated" date at the top of this page. Continued use of the add-on after changes constitutes acceptance of the revised policy.