Privacy Policy

GitHub Actions Monitor Chrome Extension

Effective Date: January 26, 2025

Introduction

GitHub Actions Monitor ("the Extension") is committed to protecting your privacy. This Privacy Policy explains what data the Extension collects, how it is used, stored, and protected.

      Key Privacy Commitment: The Extension does NOT collect, transmit, or share any personal data with third parties. All data stays on your local device.
    

Information We Collect

1. GitHub Personal Access Token

The Extension requires you to provide a GitHub Personal Access Token to access the GitHub API.

What: Your GitHub Personal Access Token
Why: To authenticate API requests to GitHub and retrieve workflow status
Storage: Stored locally in Chrome's chrome.storage.local on your device
Encryption: Not encrypted (Chrome's local storage is not encrypted by default)
Transmission: Only sent to GitHub's API servers (api.github.com) with HTTPS encryption

2. Repository List

The Extension stores the list of GitHub repositories you choose to monitor.

What: Repository names in owner/repo format
Why: To track which repositories to monitor for workflow status
Storage: Stored locally in chrome.storage.local
Transmission: Never transmitted to any server except as part of GitHub API requests

3. Workflow Status Data

The Extension caches workflow status information retrieved from GitHub.

What: Workflow names, status, branches, timestamps, run URLs
Why: To display status in the Extension popup and update the icon
Storage: Stored locally in chrome.storage.local
Duration: Cached until the next refresh or until you remove the repository

4. Extension Settings

The Extension stores your configuration preferences.

What: Polling interval preference (e.g., 30 seconds, 60 seconds)
Why: To remember your preferred update frequency
Storage: Stored locally in chrome.storage.local

How We Use Your Information

The Extension uses your information solely for the following purposes:

API Authentication: Your GitHub token is used to authenticate requests to GitHub's API
Workflow Monitoring: Repository names are used to query GitHub for workflow status
Status Display: Cached workflow data is used to display current status in the popup and extension icon
Configuration: Settings are used to control polling behavior and user preferences

⚠️ Important: The Extension does NOT:

Send your data to any analytics services
Track your usage or behavior
Share your data with any third parties
Use cookies or tracking mechanisms
Collect personally identifiable information beyond what you provide

Data Storage and Security

Chrome Sync Storage

The Extension uses Chrome's sync storage to synchronize certain data across your devices when you're signed into Chrome with sync enabled:

Always Synced: Repository list and polling interval preferences
Optional Sync: GitHub token (OFF by default - you control this with a checkbox in settings)

How Chrome Sync Works:

Data is encrypted in transit using HTTPS
Stored on Google's servers while you're signed into Chrome
Automatically synchronized across your Chrome instances
Covered by Google's Privacy Policy
Only works if you're signed into Chrome with sync enabled

      Token Sync Control: By default, your GitHub token is stored locally only (not synced) for privacy. You can enable token sync in settings if you want it available across devices. This is your choice.
    

Local Storage (Not Synced)

Some data is always stored locally and never synced:

Cached workflow results: Too large and device-specific
Rate limit status: Device-specific
GitHub token (by default): Stored locally unless you enable sync

Local data:

Remains only on the specific device
Is not encrypted by Chrome (plain text storage)
Can be accessed by the Extension but not by websites or other extensions
Persists until you uninstall the Extension or clear extension data

Security Recommendations

To protect your GitHub token:

Use Fine-Grained Tokens: Create tokens with minimal permissions (read-only Actions access)
Limit Repository Access: Restrict tokens to only repositories you need to monitor
Set Expiration: Use tokens with 30-90 day expiration and rotate regularly
Shared Computers: Clear your token before using on shared/public computers
Revoke if Compromised: Immediately revoke tokens if you suspect unauthorized access

Third-Party Services

GitHub API

The Extension communicates with GitHub's official API (api.github.com) to retrieve workflow status information.

Data Sent: Your GitHub token (via Authorization header) and repository names
Purpose: To query workflow run status
Encryption: All communication uses HTTPS
Privacy Policy: GitHub's privacy policy applies to data processed by GitHub: GitHub Privacy Statement

Google Chrome Sync

If you're signed into Chrome with sync enabled, certain extension data is synchronized via Google's Chrome Sync service:

Data Synced: Repository list, polling preferences, and optionally your GitHub token (if you enable it)
Purpose: To provide access to your configuration across your Chrome instances
Encryption: Data is encrypted in transit
Privacy Policy: Google's privacy policy applies: Google Privacy Policy
Control: You can disable Chrome sync in Chrome settings, or disable token sync specifically in the Extension settings

No Other Third Parties: The Extension does not communicate with any other servers, services, or third parties beyond GitHub and Chrome Sync.

Data Retention

Your data is retained as follows:

GitHub Token: Stored until you clear it via the settings page or uninstall the Extension
Repository List: Stored until you remove repositories or uninstall the Extension
Cached Status: Updated with each poll; cleared when you remove a repository
Settings: Stored until you change them or uninstall the Extension

Your Rights and Choices

You have complete control over your data:

Access Your Data

You can view all stored data at any time:

Open Chrome DevTools (F12)
Go to Application → Storage → Extension Storage
Select "GitHub Actions Monitor"

Delete Your Data

You can delete your data in several ways:

Clear Token: Settings page → Click "Clear Token"
Remove Repositories: Popup → Click trash icon next to each repository
Clear All Data: Uninstall the Extension from chrome://extensions/
Manual Clear: Chrome Settings → Privacy and Security → Clear Browsing Data → Advanced → Extension Storage

Opt-Out

If you wish to stop using the Extension, simply uninstall it. All locally stored data will be removed.

Children's Privacy

The Extension is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you are under 13, please do not use this Extension.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Effective Date" at the top of this page. We encourage you to review this policy periodically.

Material changes will be communicated through:

Update to this page
Chrome Web Store listing update
GitHub repository changelog

Open Source

GitHub Actions Monitor is open source. You can review the complete source code to verify our privacy claims:

Repository: https://github.com/JD2005L/GithubActionsMonitor
License: Open source (personal and educational use)

Contact Us

If you have questions or concerns about this Privacy Policy or the Extension's data practices:

GitHub Issues: Report an issue
Repository: Visit the project

Consent

By installing and using the GitHub Actions Monitor Extension, you consent to this Privacy Policy and agree to its terms.