Privacy Policy

GitPulse ("we", "our", or "the app") is developed and operated by Wexpa. This Privacy Policy explains how we collect, use, and protect your information when you use the GitPulse Android application.

We built GitPulse with privacy as a first principle. Your data stays on your device, and we never access your source code.

1. Information We Collect

1.1 Information You Provide

• GitHub Account Information — When you sign in via GitHub OAuth, we receive your GitHub username, profile URL, and avatar. This information is used solely to authenticate your identity and display your profile within the app.
• Repository Selection — You choose which repositories GitPulse is authorized to commit to. This selection is stored locally on your device.

1.2 Information Stored Locally on Your Device

• OAuth Token — Your GitHub OAuth access token is encrypted using Android's EncryptedSharedPreferences and stored exclusively on your device. It is never transmitted to our servers.
• Run History — Timestamps, repository counts, and success/failure status of each automated run are stored locally for your reference.
• App Preferences — Settings such as selected repositories, commit frequency, and notification preferences.

1.3 Information Stored in Firebase

• Device Identifier — A unique device ID is stored in Firebase Firestore to enforce single-device locking, preventing duplicate commits from multiple devices.
• Streak Metadata — Your current streak count and last run timestamp are synced to Firestore for persistence across app reinstalls.
• Run Metadata — Basic run information (timestamp, repository count, status) is stored for analytics and reliability purposes.

1.4 Information We Do NOT Collect

• Source code or file contents from your repositories
• Repository names, descriptions, or metadata beyond what you explicitly select
• Browsing history, location data, or contacts
• Personal messages or communications
• Payment or financial information

2. How We Use Your Information

• To provide the service — Authenticating with GitHub, pushing empty commits to your selected repositories, and tracking your contribution streak.
• To prevent conflicts — Using the device identifier to ensure only one device runs GitPulse at a time.
• To improve reliability — Anonymous crash reports via Firebase Crashlytics help us identify and fix bugs.

3. What GitPulse Does with Your Repositories

GitPulse pushes empty commits to your selected repositories. An empty commit contains no file changes — it only adds an entry to the Git history. GitPulse uses the GitHub API's repo scope solely for this purpose.

We never read, copy, modify, or store any source code, files, issues, pull requests, or other repository content.

4. Third-Party Services

GitPulse integrates with the following third-party services:

• GitHub API — For OAuth authentication and pushing commits. Subject to GitHub's Privacy Statement.
• Firebase Authentication — For managing user sessions. Subject to Firebase's Privacy Policy.
• Firebase Firestore — For storing device ID, streak data, and run metadata.
• Firebase Crashlytics — For anonymous crash reporting to improve app stability.

5. Data Security

We take your data security seriously:

• OAuth tokens are encrypted on-device using Android's EncryptedSharedPreferences (AES-256).
• All network communications use HTTPS/TLS encryption.
• Firebase Firestore data is protected by Firebase Security Rules restricting access to authenticated users.
• We do not operate any custom backend servers that could be compromised.

6. Data Retention and Deletion

You can delete your data at any time:

• Local data — Uninstalling the app removes all locally stored data, including your encrypted OAuth token and run history.
• Firebase data — You can delete your Firebase-stored data (device ID, streak metadata) directly from the app's Settings screen, or by contacting us at hello@shayxo.dev.
• GitHub access — You can revoke GitPulse's access to your GitHub account at any time from your GitHub Settings → Applications page.

7. Children's Privacy

GitPulse is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at hello@shayxo.dev and we will promptly delete such information.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. Continued use of GitPulse after changes constitutes acceptance of the revised policy.

9. Contact Us

If you have any questions about this Privacy Policy or your data, contact us at:

Wexpa
Email: hello@shayxo.dev