FAQ

FREQUENTLY_ASKED_QUESTIONS // 11_ENTRIES

SECURITY

Is my Personal Access Token (PAT) safe?

Yes. Your PAT is used exactly once — to make a single authenticated request to the GitHub API to fetch contribution counts. It is never written to a database, log file, or any persistent storage. Once the API call completes, the token is discarded. We recommend using a fine-grained PAT with read-only access for extra safety.

Can UCP read my code or repository names?

No. The GitHub GraphQL API request we make returns only your contribution calendar — aggregate daily counts and dates. No repository names, commit messages, file paths, or source code are ever requested, received, or stored.

DATA

What data is actually stored?

We store: your GitHub username and avatar (from OAuth login), the labels you assign to connected accounts, and contribution metadata — a date and a count per day, per account. Nothing else. Your PAT is not stored.

How do I delete my data?

Go to the Connect page and click the disconnect button on any account. This immediately deletes all contribution snapshots for that account from our database. To remove all your data, disconnect all accounts. For full account deletion, email pallavkumarjha26@gmail.com.

Does it work with private repositories?

Yes — that is the main use case. GitHub's contribution graph counts contributions from private repos in the aggregate daily count. UCP fetches that same aggregate number. The names of your private repos are never requested or stored.

PRODUCT

How is the unified heatmap built?

When you connect multiple GitHub accounts, we fetch 365 days of contribution history for each. We then merge them by date — if you contributed 3 times on one account and 5 times on another on the same day, the merged count for that day is 8. The heatmap shows this unified view.

How do I share my contribution record?

First, sign in with GitHub to create your account. Then go to Settings, choose a unique URL slug, toggle your profile to public, and save. You'll get a public URL like /p/your-slug that anyone can view — it shows your unified heatmap and contribution stats, but no repository names or code.

Can employers verify this data?

The data is sourced directly from the GitHub API using your own authenticated token, which resolves your actual GitHub identity. It is not self-reported. Employers can see your GitHub username(s) and avatar in the public profile, which provides a verifiable link to your GitHub accounts.

How many GitHub accounts can I connect?

You can connect up to 5 GitHub accounts per session. Each account requires its own PAT. Sign in with GitHub to manage persistently connected accounts.

ACCOUNT

Why does UCP need GitHub OAuth to sign in?

GitHub OAuth is used only to create and authenticate your UCP account — it establishes your identity and links your profile. It does not grant us ongoing access to your GitHub data. Contribution data is fetched separately via PAT, which you provide intentionally for each account you want to track.

How do I revoke UCP's access to GitHub?

Go to your GitHub Settings → Applications → Authorized OAuth Apps and revoke UCP. This will not delete your UCP account or contribution data, but it will prevent OAuth sign-in. To fully remove your data, disconnect all accounts first (see above).

Still have a question? pallavkumarjha26@gmail.com

DOC_TYPE: FAQ ENTRIES: 11
LAST_UPDATED: 2026-03-29