Extension Privacy

Main privacy policy/GitHub

GitHub Privacy Policy

Last updated March 10, 2026. The GitHub extension connects a GitHub App installation to sync repository metadata, recent commit activity, and contribution data into a TrustPortfolio profile.

Provider

GitHub

Auth Type

GitHub App

Sections

5 policy areas

1

Data collected

  • An encrypted GitHub App installation ID used to request installation access tokens during sync.
  • Repository metadata from repositories the GitHub App can access, including names, full names, descriptions, URLs, languages, star counts, timestamps, and whether a repository is private.
  • Commit metadata from the synced repositories, including commit messages, short SHAs, repository names, and timestamps.
  • Derived portfolio records written to widget snapshots, synced projects, activity feed items, and saved repository visibility preferences such as hidden repositories.
2

How the data is used

  • Display GitHub-powered widgets, project lists, and activity on the portfolio.
  • Keep GitHub data current through manual syncs and scheduled background syncs.
  • Let the user control which synced repositories stay visible on the portfolio.
3

Storage and retention

  • The installation ID is stored in encrypted extension settings inside Convex.
  • Synced repository and commit data is stored in portfolio data tables until the user replaces it with a new sync, hides specific items, or removes the extension.
  • If the GitHub App has access to private repositories, private repository metadata may be stored and surfaced in the dashboard so the user can decide what to publish.
4

Sharing

  • TrustPortfolio calls the GitHub API only after the user installs the GitHub App for their account or organization.
  • GitHub-derived portfolio content may become public if the user enables related widgets or pages on their public portfolio.
  • GitHub data is also processed by TrustPortfolio infrastructure providers that host the app, database, and analytics stack.
5

User controls

  • Users can install, reconnect, disable, or stop syncing the GitHub extension from the dashboard.
  • Users can hide synced repositories from portfolio widgets without uninstalling the extension.
  • Users control which repositories the GitHub App can access by managing the installation in GitHub.

Related policies

The main TrustPortfolio privacy policy explains the core app, hosting, analytics, and extension framework.

Open main privacy policy
GitHub Privacy Policy | TrustPortfolio