Privacy Policy

Effective Date: March 15, 2026

Hey there, welcome to GitMD. We built this tool so you can instantly understand any GitHub repository. Privacy matters to us, so here’s a clear breakdown of how your data is handled.

1. What Information We Collect

Depending on how you use GitMD, we process the following information:

  • Public Usage: When generating docs for public repositories without logging in, we only process the target repository URL (e.g., owner/repo). We do not collect your IP address for tracking or any personally identifiable information (PII).
  • Authenticated Usage (OAuth): If you choose to log in to access your private repositories, we receive basic profile information from GitHub (such as your username and avatar) and a secure OAuth access token.

2. How We Process Data

We use the data you provide strictly to operate the service:

  • Code Access: We use the repository URL (and your OAuth token, if applicable) strictly to securely fetch the codebase structure via the GitHub API.
  • AI Generation: We transmit the necessary context to Google Gemini AI to generate the markdown documentation.
  • Private Repositories: If you authorize GitMD to access your private repositories, your OAuth token is used exclusively as a secure pass-through to GitHub. We do not use your private code for any purpose other than generating your requested documentation.

3. Data Storage & Caching

We absolutely do not permanently store your repository's code, nor do we use your inputs or code to train our own AI models.

  • Temporary Caching: To respect GitHub's API rate limits and provide a lightning-fast experience, we utilize a Cache-Aside architecture. Generated markdown documentation is temporarily stored in Vercel KV (Redis) with a strict 6-hour Time-to-Live (TTL). After 6 hours, the cached data is automatically and permanently purged.
  • Token Storage: Your GitHub OAuth token is temporarily encrypted in a secure browser cookie. We do not permanently store your token in a database.

4. Third-Party Services

GitMD relies on industry-standard infrastructure providers. Your requests interact with the following third parties:

  • GitHub API: Used to authenticate your account and read repository data.
  • Google Gemini API: Used to generate the documentation. Data sent via the Gemini API is subject to Google's API terms and is not used to train their foundational models.
  • Vercel & Upstash: Our hosting and Redis caching platforms. They handle standard, anonymized server logs necessary for infrastructure health and security.

5. Cookies and Tracking

We use zero tracking cookies. We do not use Google Analytics, Meta Pixels, or any cross-site tracking scripts. If you log in via GitHub, we use strictly necessary, encrypted session cookies solely to keep you authenticated during your visit.

6. Your Rights

If you log in via GitHub, you can revoke GitMD's access to your account at any time directly from your GitHub account settings. If you are the owner of a public repository and wish for it to be excluded from our caching system, please contact us.

7. Contact

If you have any questions or concerns about this policy, please reach out by opening an issue on our GitHub repository or emailing your-email@example.com.