Privacy
Plain English. No dark patterns.
What we use
Public GitHub data only: your handle, display name, avatar URL, public repositories (names, descriptions, languages, timestamps), and public commit metadata (messages and times). We do notread or store source code, and we don't process facial data from avatars.
Deep Record (optional)
If you sign in with GitHub for a Deep Record, we use your access token in the moment to read your own repository metadata (including private repos you authorize) and immediately discard the token. By default your Deep Record is never written to our database. If you explicitly opt in to rank on Most Wanted, we store only your sentence, charge titles, and counts. Never repo names, never commit text. Remove it anytime on the Remove my record page.
What we store
For public lookups we cache a computed record (handle, name, avatar URL, total sentence, charge titles/counts, last-updated time) in our database to keep pages and badges fast and current. That's it. We do not sell, rent, or share this data.
Why
Satire and commentary built on already-public information (our legitimate interest). No marketing, no profiling for ads.
Your rights
Access and erasure. Remove your record and block future booking on the Remove my record page, or email privacy@commitcrimes.dev.
Analytics
We use PostHog for privacy-conscious, cookieless analytics: anonymous page views and a handful of action counts (a record was run, claimed, shared). No autocapture, no cross-site tracking, no personal profiles. We also use it to catch errors so we can fix them.
Cookies
None for the public app, and our analytics are cookieless. If you choose to sign in (Deep Record / removal), our auth provider Clerk sets a session cookie to keep you signed in.
Not GitHub
CommitCrimes is an independent parody project, not affiliated with or endorsed by GitHub, Inc.