Privacy Policy

We collect the minimum data needed to verify reviewers and run the platform. We do not sell data. We do not run advertising. We do not embed third-party trackers. The full details are below.

1. What we collect

Reviewer accounts (GitHub OAuth)

When you sign in with GitHub, the OAuth flow grants us read-only access to a narrow public-profile scope. Specifically, we collect and store:

• GitHub username and account ID
• Public display name and avatar URL
• Public email address — only if your GitHub profile lists one publicly
• Public repository count and account creation date
• Public organization memberships visible on your profile
• Aggregate commit-activity counts from your public timeline (used for credibility signal)

We do not request access to: private repositories, private email addresses, gists, packages, billing, or any other private GitHub data. The OAuth scope is read:user.

Visitor analytics

For everyone (signed-in or not), we log first-party page-view events to our own database. Each event records:

• Path visited (e.g., /tools/anthropic-claude-api/)
• User-agent string
• Country code (from Cloudflare's IP-geolocation header — never the IP itself)
• Event timestamp and request latency

No cookies. No fingerprinting. No third-party scripts. Logs are retained for 90 days for editorial decisions about what to cover next, then aggregated and discarded.

2. How we use it

• Reviewer verification: Account-signal data feeds the credibility weight described in the Methodology.
• Review attribution: Your GitHub handle is publicly displayed alongside any review you publish.
• Manipulation defense: Account graphs are analyzed for sock-puppet clusters as documented in the methodology.
• Editorial planning: Aggregate analytics inform which categories and tools to cover. Individual visitor paths are never published.

3. What we do not do

• We do not sell your data to anyone.
• We do not share data with advertisers — there are no advertisers.
• We do not load Google Analytics, Meta Pixel, Hotjar, FullStory, or any third-party analytics SDK.
• We do not load advertising or retargeting cookies. We load no advertising cookies.
• We do not transfer data to brokers, list-builders, or "data partners."

4. Cookies

We use the following cookies and only the following cookies:

No advertising cookies. No analytics cookies. No third-party cookies of any kind. Both cookies above are first-party only.

5. Your rights (GDPR, CCPA, and beyond)

You have the following rights regardless of where you live, on the strictest reading of GDPR and CCPA:

• Access: Request a JSON export of all data tied to your GitHub handle.
• Deletion: Request permanent deletion of your account, your reviews, and all derived analytics.
• Correction: Request correction of inaccurate data.
• Portability: Request your data in machine-readable format (JSON).
• Restriction: Request that we stop processing your data while a dispute is open.
• Objection: Object to specific processing purposes.

All requests honored within 30 days. Send to privacy@gitshowcase.com from the email address tied to your GitHub account, or via the contact page.

6. Data location and processors

All site data is stored on Cloudflare infrastructure (Workers, KV, D1, R2) in regions selected automatically for low-latency reads. Cloudflare is the only sub-processor. We do not use any other third-party service to store, process, or transmit user data.

7. Children

GitShowcase is not directed to children under 16, and we do not knowingly collect data from anyone under 16. If you believe we have, email privacy@gitshowcase.com and we'll delete the account immediately.

8. Changes to this policy

This policy is versioned. Material changes are announced 30 days in advance via the homepage and via email to active reviewers. The current version is v1.0 effective 2026-04-30. Previous versions are archived and linkable.