Privacy Policy — RepoLogs

Last updated: May 03, 2026
Product: RepoLogs — Chrome extension for analyzing public GitHub repositories

This Privacy Policy explains how RepoLogs collects, uses, stores, and protects information during the use of the extension. RepoLogs is a Google Chrome extension that adds an analyze button to public GitHub repository pages. When triggered by the user, the extension collects relevant files from the public repository, sends that content for analysis by artificial intelligence, and displays a quality report directly on the GitHub page.

1. Information We Collect

RepoLogs is designed to collect only the information necessary to perform the analysis requested by the user.

1.1 Information About the Analyzed Repository

When you click the ”Analyze repo” button, the extension may collect public information from the accessed GitHub repository, including:

Repository owner name;
Repository name;
Default branch;
SHA of the analyzed commit;
Repository file structure;
Content of selected public files for analysis.

The extension analyzes only public repositories. Private repositories are not supported in the MVP.

1.2 Content of Public Files

To generate the report, RepoLogs selects relevant files from the repository, such as:

README.md;
Configuration files;
Dependency files;
Source code files;
Workflows and files related to project structure.

Files such as images, builds, installed dependencies, compressed files, PDFs, and very large files are ignored whenever possible.

1.3 User API Key

After the first free analysis, the user can enter their own Google Gemini API key to continue using the extension. When provided, this key is stored locally in the browser via chrome.storage.local. RepoLogs does not have its own server to receive, store, or process the user's API key.

1.4 Local Usage Data

The extension may locally store operational information, such as:

Whether the free analysis has already been used;
Whether a personal API key is configured;
Total number of analyses performed;
Cache of previous analyses by repository and commit SHA.

This information is used to improve the user experience and avoid unnecessary reprocessing.

2. How We Use Information

The collected information is used exclusively to:

Identify the public repository the user wants to analyze;
Fetch relevant public files via the GitHub API;
Build a technical context of the project;
Send that context to the Google Gemini API;
Generate a report with score, strengths, weaknesses, inconsistencies, recommendations, and architecture observations;
Display the result in a modal within the GitHub page itself;
Store a local cache of the analysis to improve performance.

RepoLogs does not use collected data for advertising, behavioral tracking, data selling, or commercial profiling.

3. Third-Party Information Sharing

RepoLogs relies on external APIs to function.

3.1 GitHub API

The extension queries the public GitHub API to obtain metadata and files from public repositories. These queries are necessary to identify the project structure and collect the content to be analyzed.

3.2 Google Gemini API

The selected repository content is sent to the Google Gemini API to generate the analysis report. If you use your own API key, API calls will be made using that key. Use of the Google Gemini API is subject to Google's terms and policies.

3.3 No Own Backend

In the MVP model described, RepoLogs has no backend of its own. This means the extension does not send analyzed data to RepoLogs developer servers. Data flows directly between the user's browser, the GitHub API, and the Google Gemini API.

4. Data Storage

RepoLogs uses chrome.storage.local to store information in the user's own browser. The following may be stored locally:

User API key;
Free analysis status;
Analysis counter;
Cache of results by repository and commit.

This data remains in the browser until the user removes the extension, clears browser data, or manually deletes the information in the extension settings, when that option is available.

5. Security

RepoLogs aims to minimize data collection to what is necessary for its functionality. Some measures adopted in the project include:

Analysis restricted to public repositories;
Local storage of the user's API key;
Use of chrome.storage.local for persistence;
Limited local cache;
File filtering to avoid sending irrelevant, binary, or very large files;
Ignoring directories such as node_modules, dist, build, .git, coverage, and similar.

Despite these measures, users should avoid analyzing public repositories that contain secrets, credentials, or sensitive information improperly exposed.

6. API Key and Free Analysis

RepoLogs may offer 1 free analysis using a system API key. After that analysis, the user will need to provide their own Google Gemini API key to continue using the extension.

The logic is as follows:

If the user has their own saved API key, the extension uses that key.
If the user has not yet used the free analysis, the extension uses the system key once.
If the free analysis has already been used and no personal API key is saved, the extension prompts the user to configure their own key.

The user's API key is stored locally in the browser.

7. Analysis Cache

To improve performance and avoid repeated API calls, RepoLogs may locally store the results of previous analyses. The cache is associated with the repository and the SHA of the analyzed commit.

When the same repository and the same commit are analyzed again, the extension may display the locally saved result instead of performing a new analysis.

8. Extension Permissions

RepoLogs may request permissions necessary for its operation, including:

Access to GitHub pages to inject the analyze button and result modal;
Access to the GitHub API to collect public repository data;
Access to the Google Gemini API to generate the report;
Local storage permission to save settings, API key, and cache.

The extension uses these permissions solely to perform the features described in this policy.

9. Data We Don't Collect

RepoLogs does not intentionally collect:

User passwords;
Banking data;
Sensitive personal information;
Full browsing history;
Content from private repositories;
Data from pages not required for the extension's functionality;
Information for sale, advertising, or behavioral tracking.

10. User Control

Users can control their data in the following ways:

Removing the saved API key in the extension settings, when available;
Clearing local browser data;
Removing the extension from Chrome;
Avoiding triggering analysis on repositories that contain sensitive information.

11. Limitations

The report generated by RepoLogs is produced by artificial intelligence and should be used as an auxiliary reference, not as a definitive assessment.

The extension may make mistakes, fail to identify issues, or generate inaccurate recommendations. Users should critically review the results before making technical decisions based on the analysis.

12. Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in the product, extension permissions, APIs used, or legal requirements. The date of the last update will always be indicated at the beginning of this document.

13. Contact

If you have questions about this Privacy Policy or about how RepoLogs works, please contact the project maintainer.

This policy was created based on the RepoLogs implementation plan and should be reviewed before official publication on the Chrome Web Store.