PRIVACY_POLICY

EFFECTIVE DATE // 2026-03-29

UCP (Unified Contribution Portal) is built on a single principle: your code stays yours. This policy explains exactly what data we collect, what we don't, and how we use it.

01

DATA_CONTROLLER

  • UCP (Unified Contribution Portal) is operated by Pallav Kumar Jha. For privacy questions, contact: pallavkumarjha26@gmail.com

02

WHAT_WE_COLLECT

ANONYMOUS_USERS (no sign-in required)

  • We collect and store nothing. Your PAT is used once to fetch contribution counts from the GitHub API, then immediately discarded. No data is written to any database. Your session data is held only in your browser's sessionStorage and cleared when you close the tab.

SIGNED_IN_USERS

  • When you sign in with GitHub, we receive your GitHub username, display name, and avatar URL via OAuth. We store these to identify your account.

  • When you authenticate via GitHub OAuth, we request the following scope: read:user (or the default public profile scope). This is used solely to retrieve your GitHub username, display name, and avatar URL. We do not request access to your repositories, code, or private data via OAuth.

  • When you connect a GitHub account via Personal Access Token (PAT), we use the token to fetch contribution metadata — dates and daily contribution counts — for the past 365 days. This data is stored and associated with your account.

  • We do not collect email addresses, IP addresses, or any browser fingerprinting data.

03

WHAT_WE_NEVER_COLLECT

  • Repository names, commit messages, file contents, diffs, or any source code.

  • Your Personal Access Token. It is used once to contact the GitHub API, then immediately discarded — never logged, never stored.

  • Contribution data from private repositories beyond the aggregate daily count.

  • Any data from repositories you have not contributed to.

04

HOW_WE_USE_YOUR_DATA

  • To render your unified contribution heatmap across all connected GitHub accounts.

  • To generate a public profile URL (e.g. /p/your-slug) when you explicitly choose to make your profile public.

  • We do not sell, share, or rent your data to third parties. We do not use your data for advertising.

05

LEGAL_BASIS

Processing ActivityLegal Basis
GitHub OAuth sign-in — storing username, avatarArticle 6(1)(b) — performance of a contract
Contribution metadata storageArticle 6(1)(b) — performance of a contract
Public profile URL generationArticle 6(1)(a) — consent (user explicitly opts in)
Session managementArticle 6(1)(b) — performance of a contract
06

THIRD_PARTY_SERVICES

  • GitHub API — used to resolve your GitHub identity and fetch contribution metadata. Governed by GitHub's Privacy Statement.

  • Supabase — used for data storage and authentication. Your data is stored in a Supabase-managed PostgreSQL database hosted in the US.

  • Vercel — used to host and serve this application. Vercel may collect standard HTTP request logs.

  • Vercel Analytics — used to collect anonymous page view data (pages visited, country-level location, device type). No personally identifiable information is collected. See Vercel's Privacy Policy for details.

07

DATA_RETENTION

  • Contribution data is retained for as long as your account exists. When you disconnect a GitHub account, all associated contribution snapshots are immediately deleted.

  • When you delete your account, all data associated with your account is permanently deleted.

  • Public profile caches expire automatically every 5 minutes and are rebuilt on next request.

  • For signed-in users, your session token and basic profile (username, avatar) are stored in your browser's sessionStorage under the key 'udp-auth' to maintain your login state. This data is automatically cleared when you close the browser tab and is never transmitted to third parties.

08

YOUR_RIGHTS

  • You can disconnect any GitHub account at any time from the Connect page. This immediately removes all associated contribution data.

  • You can make your public profile private at any time from the Settings page.

  • To request deletion of your entire account and all associated data, contact us at the address below.

  • If you are in the EU or UK, you have rights under GDPR/UK GDPR including access, rectification, erasure, and portability. Contact us to exercise these rights.

09

CONTACT

  • For privacy questions, data requests, or concerns: pallavkumarjha26@gmail.com

  • We aim to respond to all privacy-related requests within 5 business days.

DOC_TYPE: PRIVACY_POLICY LAST_UPDATED: 2026-03-29
JURISDICTION: GLOBAL