Privacy Policy

Effective Date: June 23, 2026

1. Introduction

ShareMyGit ("we," "our," or "us") is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Your email address and display name from your connected Git provider
  • Authentication Data: OAuth tokens from your Git provider, encrypted at rest using AES-256-GCM
  • Repository Data: Metadata and content of repositories you choose to share

2.2 Automatically Collected Information

  • Usage Data: Anonymised IP address and browser type for security and operational purposes
  • Access Logs: Records of who views your shared repositories, including anonymised IP address, user agent, file path, and timestamp
  • Browser Storage: Authentication tokens and preferences stored in localStorage (we do not use cookies)

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your access to your Git provider via OAuth2
  • Generate public-facing views of your shared repositories
  • Log access to shared content for your audit and oversight
  • Provide analytics on your shared repositories, including view counts, unique visitors, browser and device type, and referrer sources
  • Send service-related communications and notifications
  • Detect, investigate, and prevent fraud or abuse
  • Comply with legal obligations

3.1 Legal Basis for Processing (GDPR)

Where GDPR applies, we process your personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): Processing your account information and OAuth tokens is necessary to provide the Service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): Access logging, security monitoring, and fraud prevention are necessary for our legitimate interests in operating a secure service, provided these do not override your fundamental rights.
  • Legal obligation (Art. 6(1)(c)): We may process data where required to comply with applicable law.

4. Data Security

We employ industry-standard security measures to protect your data:

  • Encryption at Rest: Sensitive credentials are encrypted using industry-standard algorithms
  • Encryption in Transit: All data transmitted over HTTPS
  • Access Control: Token-based authentication with automatic expiration
  • OAuth Security: CSRF protection during authentication flows
  • Rate Limiting: Request throttling to prevent brute-force and abuse
  • Security Headers: Standard protections against XSS, clickjacking, and content injection
  • Database Security: Parameterized queries to prevent injection attacks

4.1 Data Breach Response

In the event of a data breach:

  • We will notify affected users within 72 hours as required by applicable law
  • Encrypted credentials remain protected by our encryption measures
  • Access logs are isolated and do not expose repository contents
  • We maintain and regularly review our security incident response procedures

Important: While we implement robust security measures, no system is completely secure. Please refer to our Terms of Service for liability details.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

5.1 Service Providers

  • Hosting Providers: Infrastructure and data storage with encryption at rest

5.2 Legal Requirements

We may disclose your information when required by law, regulation, court order, or governmental request, or when necessary to protect our rights, property, or safety.

5.3 Public Content

Repositories you choose to share are made publicly accessible via unique links. Anyone with the link can view the shared content. You can revoke access at any time from your dashboard.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account:

  • Account data is permanently and immediately deleted
  • Shared repositories are unpublished immediately
  • Access logs are deleted within 7 days
  • Backup copies are purged within 60 days

Our servers also produce standard access logs (IP address, request path, timestamp) for security and operational purposes. These logs are rotated and deleted automatically within 7 days.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Delete your account and all associated data directly from your dashboard settings, or contact us
  • Portability: Request a machine-readable copy of your data by contacting us
  • Objection: Object to processing based on legitimate interests
  • Complaint: Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at [email protected]. If you are in the EU/EEA, you also have the right to lodge a complaint with the supervisory authority in your country of residence.

8. Browser Storage

We do not use cookies. Instead, we use browser localStorage for:

  • Authentication Token: A session token that maintains your login session
  • Theme Preference: Your chosen light or dark mode setting
  • OAuth State: A temporary value used during the login flow, cleared after authentication

You can clear this data at any time through your browser's settings. Doing so will log you out and reset your preferences.

We do not use any third-party analytics, advertising, or cross-site tracking tools. Access to your shared repositories is logged so we can show you first-party visit analytics (view counts, unique visitors, referrers, and browser/device info) in your dashboard. We load fonts from Google Fonts (Google Privacy Policy), which may result in your browser making a request to Google's servers.

9. Third-Party Services

Our Service integrates with the following third parties:

We are not responsible for the privacy practices of third-party services. We encourage you to review their respective privacy policies.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately so we can take appropriate action.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through a prominent notice on the Service. Your continued use of the Service following such notification constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]