Why do you need such broad access to my GitHub account?

RetroGit requests access for a couple of kinds of data from your GitHub account:

How much data can you see about my account?

RetroGit has access to the following data about your GitHub account and repositories: However it only uses the data in bold, everything else is provided as a side effect of the scope that it uses with the GitHub API.

What is is stored in your servers?

RetroGit does not persist any commit messages or source code from your repositories on its servers (GitHub API responses may be cached in memory for a short period). Digests are generated dynamically when they need to be sent out. What ends up being stored is (see the Account struct for details): There is also a per-user map of the timestamp of the oldest commit for each repository, since this is expensive to compute.

Can I run my own instance?

RetroGit's source is available and it runs on the App Engine Go Runtime, so you can easily start your own instance. It is not very resource intensive -- single user accounts should definitely fit within the free daily quota.

Can I delete my account?

Yes, this can be done via the settings page. You can also revoke RetroGit's access to your account via the GitHub authorized applications page.