Welcome to gitresu.me! We're committed to helping developers like you showcase your GitHub work in the most exceptional way possible. This Privacy Policy explains how we handle your information when you use our service to create your developer resume. We've written this in plain language because we believe transparency is key to trust.
At gitresu.me, your privacy matters to us. We built this service with a privacy-first approach, which means we only access and display information that's already publicly available on your GitHub profile. We don't sell your data, we don't spam you, and we don't share your information with advertisers. Our sole purpose is to help you create an awesome resume from your GitHub profile.
To create your developer resume, we access your GitHub profile information. When you sign in with GitHub OAuth (the "Continue with GitHub" button), you grant us permission to read information from your GitHub account. Here's exactly what we access:
About Private Repositories: If you grant access to private repositories, we can see their metadata (name, description, language). However, we never read, store, or display your actual source code. You control which repositories appear on your public portfolio through your dashboard settings.
We use your information for one primary purpose: to create and display your developer resume. Here's a detailed breakdown of how we use each piece of information:
That's it. We don't use your information for advertising, marketing emails, or any other purpose beyond creating your resume and maintaining the service. We don't send promotional emails, newsletters, or notifications unless you explicitly opt in (which we currently don't even offer).
We take the security of your information seriously, even though most of it is already public on GitHub. Here's how we protect your data:
Minimal Data Storage: We practice data minimization, which means we only store the absolute minimum information necessary to operate the service. Specifically, we store your GitHub user ID and authentication tokens. We do NOT store your repositories, profile information, or statistics in our database. Instead, we fetch this information fresh from GitHub's API each time you or someone views your resume page.
Secure Infrastructure: We use Supabase, a trusted and secure platform, for authentication and minimal data storage. Supabase provides enterprise-grade security, including encryption of data in transit (using HTTPS/TLS) and encryption of data at rest. All communication between your browser and our servers is encrypted.
Token Security: Your GitHub OAuth tokens are stored securely using industry-standard encryption methods. These tokens are never exposed in client-side code, never logged, and are only used server-side when necessary to authenticate your identity.
Access Controls: We implement strict access controls to ensure that only authorized systems can access stored data. We regularly review and update our security practices to protect against emerging threats.
No Third-Party Sharing: We absolutely do not sell, rent, trade, or share your personal information with third parties for their marketing purposes. Your data stays between you, our service, and GitHub's API.
gitresu.me is built on top of GitHub's API. We want to be completely transparent about the permissions we request and how we use them:
Important - About GitHub OAuth Permissions: To access your private repositories for display on your portfolio, we request the GitHub repo scope. This scope technically grants read AND write access to repositories. Unfortunately, GitHub does not offer a "read-only private repos" scope—this is a limitation of GitHub's OAuth system, not our choice. We want you to know this upfront so you can make an informed decision.
What We Actually Do (Read-Only Operations): Despite having technical write permissions, we only perform read operations. Specifically, we only use HTTP GET requests to fetch:
What We Will NEVER Do: We commit to never performing any write operations on your GitHub account. We will never: push code, create/delete branches, fork repositories, create/close issues or pull requests, modify repository settings, add/remove collaborators, or make any changes whatsoever to your repositories. Your code remains completely untouched.
Private Repository Visibility: When you grant us access, we can see your private repositories. However, we only display repository metadata (name, description, language) on your portfolio—never your actual source code. You can also choose which repositories to display or hide in your dashboard.
Real-Time Fetching: When you or someone else visits your gitresu.me resume page, we fetch your latest information directly from GitHub. This means your resume automatically stays up-to-date as you push new code or update your profile.
Token Security: Your GitHub access token is encrypted and stored securely in our database. It is only used server-side to fetch your data and is never exposed to client-side code or third parties.
Revoke Access: You can revoke gitresu.me's access to your GitHub account at any time through GitHub Settings → Applications → Authorized OAuth Apps. This immediately invalidates our access token and prevents any further data fetching.
We use cookies and similar technologies, but only for essential functionality—not for tracking or advertising:
Essential Cookies: We use essential cookies to maintain your login session. These cookies are necessary for the service to function and allow you to stay logged in as you navigate between pages. Without these cookies, you'd have to log in every single time you visit a new page.
No Tracking Cookies: We do not use tracking cookies, advertising cookies, social media cookies, or any other type of cookie designed to track your behavior across the internet. We don't use Google Analytics, Facebook Pixel, or similar tracking services.
Local Storage: We may use browser local storage to cache non-sensitive information (like UI preferences) to improve your experience. This data stays in your browser and is never transmitted to our servers.
Do Not Track: We respect Do Not Track (DNT) browser settings. However, since we don't track you in the first place, enabling or disabling DNT won't change how we operate.
You have complete control over your data and how gitresu.me uses it. Here are your rights:
We respect all rights provided under GDPR (for EU residents), CCPA (for California residents), and other applicable privacy laws, even though we're a free service. Your privacy rights are important to us regardless of where you live.
It's important to understand that your gitresu.me resume page is publicly accessible by design:
Public URL: Your resume is accessible at gitresu.me/[your-github-username]. Anyone who knows or discovers this URL can view your resume. This is intentional—the whole purpose is to share your developer work with potential employers, clients, or collaborators.
Already Public Information: Remember, all the information displayed on your resume is already publicly available on your GitHub profile. We're not exposing any private information; we're just presenting public information in a more professional resume format.
Search Engines: Your resume page may be indexed by search engines (like Google) unless you ask us to prevent this. If you want your resume to be private or unlisted, please contact us and we can discuss options.
Control Your Public Data: If you want to limit what information appears on your resume, you can adjust your GitHub profile's public settings. For example, you can hide your email, remove your location, or make certain repositories private on GitHub.
We retain your information only as long as necessary to provide the service:
Authentication Data: We keep your GitHub user ID and authentication tokens for as long as your account is active. When you revoke access or delete your account, we delete this information within 90 days.
GitHub Data: Since we fetch most information in real-time from GitHub, we don't permanently store your profile information, repositories, or statistics. Any cached data is automatically deleted after a short period (typically hours or days).
Logs: We may keep technical logs (like error logs) for up to 90 days for troubleshooting and security purposes. These logs may contain your user ID but are automatically deleted after the retention period.
gitresu.me may be accessed from anywhere in the world. If you're accessing the service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We ensure that all such transfers comply with applicable data protection laws and use appropriate safeguards to protect your information.
gitresu.me is not intended for users under the age of 13. We do not knowingly collect information from children under 13. Since we rely on GitHub OAuth for authentication, and GitHub requires users to be at least 13 years old, we indirectly enforce this age requirement. If you believe we have inadvertently collected information from a child under 13, please contact us immediately and we will delete such information.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
We encourage you to review this Privacy Policy periodically. Your continued use of gitresu.me after changes are posted constitutes your acceptance of the updated policy.
We value your questions, concerns, and feedback about this Privacy Policy or how we handle your information. If you'd like to:
Please contact us at @solahidris_ on Twitter/X. We typically respond to privacy inquiries within 2-3 business days.
Thank you for trusting gitresu.me to help showcase your developer work. We're committed to protecting your privacy while providing you with a exceptional, professional resume that highlights your GitHub achievements. If you have any questions or concerns, we're here to help!