Privacy Policy

Overview

Honest Cheetah is a GitHub project metrics and analytics tool. This privacy policy explains how we collect, use, and protect your information when you use our service.

Information We Collect

GitHub Account Information

When you sign in with GitHub, we receive and store:

• Username - Your GitHub login name
• Email address - Your primary GitHub email
• User ID - Your unique GitHub identifier
• Organization memberships - Which GitHub organizations you belong to
• OAuth access token - Used to access GitHub on your behalf (encrypted)

GitHub Project Data

For organizations with the Honest Cheetah GitHub App installed, we receive:

• Project metadata (titles, descriptions)
• Issue information (titles, statuses, timestamps)
• Project item events via webhooks

We do not access your source code, pull requests, or repository contents.

Cookies and Session Management

Honest Cheetah uses cookies for authentication and session management:

Session Refresh

Your authentication cookie is periodically refreshed (every 15 minutes by default) to ensure your organization memberships and permissions stay up to date. This happens automatically in the background and does not require any action from you.

How We Use Your Information

We use your information to:

• Authenticate you and maintain your session
• Display your GitHub projects and metrics
• Determine which organizations you have access to
• Process webhook events for your organizations
• Calculate and display project analytics (cycle time, throughput, etc.)

Data Storage and Security

• Location: Data is stored in Microsoft Azure Cosmos DB (US data centers)
• Encryption in transit: All connections use TLS/HTTPS
• Encryption at rest: Azure Cosmos DB automatically encrypts all stored data using Microsoft-managed keys
• Session security: Your authentication cookie (containing your GitHub access token) is encrypted using ASP.NET Core Data Protection
• Data isolation: Organization data is partitioned - you can only access data for organizations where you are a member and Honest Cheetah is installed

Third-Party Services

Honest Cheetah integrates with:

• GitHub - For authentication and project data (GitHub Privacy Statement)
• Microsoft Azure - For hosting and data storage (Microsoft Privacy Statement)
• Application Insights - For error tracking and performance monitoring (no personal data is sent)

Your Rights

You have the right to:

• Access: View your stored data via the Account page
• Correction: Update your information by re-linking your GitHub account
• Deletion: Request deletion of your data by contacting us
• Revoke access: Remove Honest Cheetah's access via GitHub Settings > Applications

For EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights including the right to data portability and the right to lodge a complaint with a supervisory authority. The cookies we use are strictly necessary for the service to function and fall under the "legitimate interests" basis under GDPR.

Data Retention

• User accounts: Retained while your account is active
• Project data: Retained while the GitHub App is installed on the organization
• Webhook logs: Automatically deleted after 30 days
• Session cookies: Deleted when you log out or close your browser

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting a notice on the website. Your continued use of the service after such modifications constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or want to exercise your data rights, please contact us at:

• GitHub Issues: benday-inc/honest-cheetah
• Email: privacy@benday.com