forked from devhubapp/devhub
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update PRIVACY.md to mention Personal Access Token
- Loading branch information
1 parent
9f4a5d9
commit 62601eb
Showing
1 changed file
with
21 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,19 +2,24 @@ | |
|
|
||
| ## DevHub | ||
|
|
||
|
|
||
| ### Personal user information | ||
| This app requires GitHub authentication.<br/> | ||
| DevHub requests access to the user's profile data, e-mail and notifications. | ||
| DevHub requires a basic GitHub OAuth authentication.<br/> | ||
| DevHub requests access to the user's profile, e-mail and public notifications. | ||
|
|
||
| We might contact you via e-mail (rarely) to share things like big updates or important announcements, with the option to unsubscribe any time. | ||
|
|
||
| ### Repository and org access | ||
| You have the option to install DevHub's GitHub App in some specific orgs and repositories. | ||
| This is required to enable access to activities from private repositories. | ||
| ### Personal Access Token (PAT) | ||
| You have the option to add a PAT to have access to private repositories. | ||
| The token created will be stored locally and will never be sent to DevHub or any server other than GitHub. | ||
| DevHub servers will not have access to this token nor the resources it allows access to. | ||
|
|
||
| DevHub will have access to issues, pull requests, comments, labels, assignees, milestones, merges, collaborators and some other metadata (e.g. repository name). | ||
| ### GitHub App permissions | ||
| You have the option to install DevHub's GitHub App in some specific repositories. | ||
| This is one of the ways to enable access to private repositories. | ||
| The main difference from PAT is that PATs quietly give access to all repositories while GitHub Apps are opt-in per repository and may require admin approval. | ||
|
|
||
| DevHub does not have access to any code from any repository. | ||
| DevHub will have access to issues, pull requests, comments, labels, assignees, milestones, merges, collaborators and some other metadata (e.g. repository name). | ||
| The token may or may not include access to code to be able to return some types of activities, like commits. For that reason, we currently recommend using PAT instead, which is local-only (safer). | ||
|
|
||
|
|
||
| ### Diagnostics information | ||
|
|
@@ -24,17 +29,22 @@ No personal information is ever sent to third parties, only an anonymous id. Ser | |
|
|
||
| ### Security & Limited Liability | ||
|
|
||
| DevHub follows good practices of security, but 100% security can't be granted in software. DevHub is provided as is without any warranty. Use at your own risk. | ||
| DevHub follows good practices of security, but 100% security can't be granted in software. | ||
| DevHub is provided as is without any warranty. Use at your own risk. | ||
|
|
||
| Client-side communication is encrypted using HTTPS. Server-side tokens are encrypted or behind environment variables. | ||
|
|
||
| We recommend being extra careful with which browser extensions you have installed to avoid token exposure to third parties. | ||
|
|
||
|
|
||
| ### Marketing | ||
|
|
||
| We might contact you (very rarely) via e-mail to share things like big updates or important announcements, with the option to unsubscribe any time. | ||
|
|
||
|
|
||
| ### Support | ||
| Feel free to open an issue or contact us via e-mail ([[email protected]](mailto:[email protected])).<br/> | ||
| If you find any bug, please contribute by opening an issue or sending a pull request with the fix. | ||
|
|
||
| --- | ||
|
|
||
| Updated: June 06th, 2019. | ||
| Updated: Dec 08th, 2020. | ||