Privacy

What Vibe Tracker reads and stores.

If you connect GitHub, you should be able to see exactly what the app reads, stores, and does not access.

Back to dashboard
Code accessNo source-file ingestion
Token handlingEncrypted at rest
Metric sourceMerged PR stats only

If the product ever needs broader repository access, that should come with a new permission review and updated disclosure.

Overview

What Vibe Tracker reads

GitHub identity, installation scope, repository names, repository visibility, and the merged PR stats needed to measure shipped work.

Overview

What Vibe Tracker stores

Encrypted GitHub session tokens, connected repo scope, merged PR counters, and daily aggregates that power the dashboard and social surfaces.

Overview

What Vibe Tracker does not touch

It does not clone repositories, read source files, or ingest repo contents to compute your metrics.

Current safeguards

How the current access model stays limited

GitHub tokens are encrypted server-side before they are written to the database.

The sync stays limited to merged pull request activity instead of crawling your full branch graph.

The GitHub App only asks for repository metadata and pull-request read access.

Permission scope

GitHub access

Requested: repository metadata read-only and pull requests read-only.

Not requested: source code contents permission.

Users should be able to compare their shipped work without handing over repo code.

Questions about data handling should be answered here before the connect flow, not after the app is already installed.