Legal
Ethics & Compliance
GitLeads is built on public data and user consent. This page explains how we handle your data, respect GitHub's platform rules, and protect your privacy.
Last updated: April 2026
1. GitHub Terms of Service Compliance
- We use only the public REST and GraphQL APIs, authenticated with user-provided OAuth tokens. No HTML scraping.
- All API calls respect GitHub's rate-limit headers. We use GitHub Apps for higher App-tier rate limits.
- We cache aggressively and send If-None-Match headers to minimise load on GitHub's infrastructure.
- We do not access private repository data unless the user explicitly grants the repo scope.
Reference: GitHub Terms of Service ↗
2. Acceptable Use Policy
GitLeads surfaces public signals (stars, forks, contributor activity, release cadence). We do not:
- Bulk-email or cold-contact GitHub users without consent
- Sell scraped contact lists
- Access private repos without authorisation
- Allow spam or harassment via the platform
Outbound communication is the customer's responsibility via their own tools. GitLeads is a signal source — we surface intent and push it to your stack.
3. GDPR & CCPA
Right to access — POST /api/export/all returns all data we hold about your account.
Right to deletion — DELETE /api/account removes all data within 30 days.
Right to portability — JSON export available at any time.
Data we hold — Public GitHub profile data, activity signals, GitLeads account data.
We do not collect sensitive personal data or sell data to third parties.
See our full Privacy Policy for more detail.
4. Rate Limit Etiquette
- GitHub App installations get higher rate limits; we encourage installation.
- All requests include User-Agent: GitLeads/1.0.
- Conditional requests (ETag / If-None-Match) to avoid re-fetching unchanged data.
- Repository signals refresh no more than once per hour per repo.
5. Security
| Data at rest | Postgres with full-disk encryption |
| Data in transit | TLS 1.3 enforced end-to-end |
| OAuth tokens | Encrypted with AES-256 before storage |
| Access control | Role-based, strict tenant isolation |
| SOC 2 Type II | Targeted Q3 2026 |
| Security contact | security@gitleads.app (72-hour response target) |
6. Data Retention
| Free plan | 7 days |
| Starter plan | 90 days |
| Pro plan | Unlimited |
| On account deletion | All data purged within 30 days |
7. How to Report Abuse
- Email security@gitleads.app
- 5 business day investigation SLA
- Confirmed violations result in immediate account suspension
8. Contact
| General enquiries | hello@gitleads.app |
| Security / abuse | security@gitleads.app |
| Data requests (GDPR/CCPA) | privacy@gitleads.app |