Privacy Policy

What we process

• If you sign in with GitHub: your GitHub identity (login, name, avatar) and an OAuth access token (scopes read:user and repo). The token is stored only in an encrypted session cookie in your browser — never in a database — and is used solely to read your commit metadata on your behalf. It is cleared when you sign out or when the session expires.
• Commit metadata: repository names and commit timestamps, used to draw the chart. We do not read, store, or transmit your source code.
• Public pages (/u/<username>): the requested user’s public commit metadata, fetched with no login. Only public data is used on this path.
• Shared images: if you create a share link, the rendered chart image is stored at an unguessable URL on Vercel Blob and automatically deleted after about 30 days.
• Operational logs:we write structured log lines for sign-ins and chart requests (the GitHub login or queried username, repository count, lookback window, and detected persona). These go to our platform/observability logs and are retained per that provider’s log retention. We also use Vercel Web Analytics, which counts page views without cookies and without identifying you.

How we use it

Only to generate and display the charts and to operate, secure, and improve the Service. We do not sell your data and we show no ads.

Processors

We rely on: GitHub (authentication and the source of commit data), Vercel (hosting, serverless functions, Blob storage, and analytics), and Axiom (log storage). Each processes data on our behalf under its own terms.

Retention

We keep no application database. The access token lives only in your cookie; shared images expire after ~30 days; logs follow our providers’ retention windows.

Your choices & rights

• Revoke Inkblot’s access anytime at github.com/settings/applications.
• To remove a shared image before it expires, or to exercise data rights under the GDPR/CCPA (access, deletion, objection), contact us below.

Contact

Security Ronin Ltd — albert@securityronin.com