Skip to content
GITHTML
PRIVACY · POLICYEFFECTIVE · 2026·05·08OPERATOR · PRANAVREDREAD · 9 MIN

Privacy Policy

EFFECTIVE · 2026·05·08

Applies to: the githtml iOS application, version 1.0 and later, and the website at https://githtml.com.
Operator: pranavred (the “Operator,” “we,” or “us”), reachable at pranavreddy@outlook.com.

In one paragraph

ithtml runs entirely on your iPhone or iPad. We do not operate a server that receives, stores, or processes your personal data. The only network calls the app makes are directly between your device and GitHub. Your GitHub access token never leaves your device's Keychain. The HTML files you choose to sync are downloaded only to your device's app sandbox. We have no analytics, no tracking, no advertising identifiers, and no third-party SDKs that collect data.

1. What we do not do

  • We do not run a backend that handles your authentication, files, or settings.
  • We do not collect, store, or transmit your IP address, device identifiers, advertising IDs, or any analytics events to any server we operate.
  • We do not use cookies on the website beyond what is strictly necessary to remember your light/dark theme preference (stored in localStorage only — not transmitted).
  • We do not share data with advertisers, brokers, or marketing networks.
  • We do not sell or rent personal data. We have no personal data to sell or rent.

2. What stays on your device

When you use the app, the following are stored only on your device:

  • Your GitHub OAuth access token, in the iOS Keychain, scoped to the githtml app.
  • The list of repositories you have connected, your per-repository file selections, and metadata about cached files (paths, SHAs, sizes, last-sync timestamps), in a local SwiftData store inside the app's sandbox.
  • The HTML file contents you have synced, in the app's local cache directory.
  • Your theme preference and other UI settings, in iOS UserDefaults.

iOS controls access to all of the above. Other apps cannot read them. We cannot read them.

3. What GitHub sees

To sign you in, the app uses GitHub's OAuth Device Flow. This is a flow GitHub built specifically for clients (phones, CLIs, TVs) that cannot safely store a client secret. The flow:

  1. The app asks GitHub for a short user code.
  2. iOS opens Safari to https://github.com/login/device with the code already filled in.
  3. You sign in to GitHub (with your usual GitHub credentials — we never see them) and tap Authorize.
  4. The app polls GitHub for an access token, receives it, and stores it in your device's Keychain.

GitHub may log this activity per its own privacy policy at docs.github.com. We have no visibility into those logs and we do not receive any user data from GitHub other than what your device fetches in real time on your behalf.

4. Permissions the app requests from GitHub

We request the smallest scopes the GitHub API exposes that still allow the reader to function:

  • repo — to GET repository tree listings and read raw .html file contents from repositories you explicitly choose. GitHub does not currently expose a finer-grained read-only OAuth App scope. We never use this scope to write, push, modify, fork, or comment.
  • read:org — to list the organizations you belong to, so you can pick from them in the owner-picker screen.

You can revoke these permissions at any time at github.com/settings/applications. Revoking immediately invalidates the token; the app will detect this on its next request and prompt you to sign in again.

5. Network calls the app makes

  • github.com / api.github.com — for OAuth Device Flow, repository listings, tree listings, language detection, and raw blob downloads. These are end-to-end TLS.
  • fonts.googleapis.com / fonts.gstatic.com — only when you open the bundled Setup Guide or Sample Document inside the app, which load Google Fonts. These requests do not include any githtml-specific identifier; Google sees only that a generic webview requested a webfont. No personal data is sent.

The app makes no other outbound network requests. There is no telemetry endpoint. There is no analytics endpoint. There is no error-reporting endpoint that we control.

6. Children

githtml is not directed to children under the age of 13. We do not knowingly collect personal data from children.

7. Your rights under GDPR / UK GDPR / CCPA / CPRA

Because githtml does not collect or process personal data on any server we operate, the rights granted by GDPR, UK GDPR, CCPA, and CPRA (access, rectification, deletion, portability, opt-out of sale, etc.) are largely moot — there is no profile, no account, no record of you on our infrastructure for us to act on. Two narrow exceptions:

  • If you have ever emailed us at pranavreddy@outlook.com, we hold that email correspondence in the relevant inbox. You may ask us to delete it; we will do so within 30 days.
  • The website logs that Vercel keeps for the purpose of operating the website (request logs, edge function logs) are retained per Vercel's standard policy and may include your IP address. We do not access, query, or process those logs for any purpose other than operational debugging, and we do not link them to any user identity. See vercel.com/legal/privacy-policy.

To exercise rights or ask questions, email pranavreddy@outlook.com with the subject line PRIVACY · githtml.

8. Data we receive when you contact us

If you email us for support, security disclosure, or any other reason, we receive your email address and the contents of your message. We use this only to respond. We do not add you to a mailing list. We delete the message when the matter is resolved or upon your request.

9. Security

  • Your GitHub access token is stored in the iOS Keychain, which is hardware-backed on devices with the Secure Enclave.
  • All network traffic is TLS-only. The app refuses non-HTTPS responses.
  • HTML content is rendered in WKWebView with JavaScript disabled by default. You can opt to enable JavaScript on a per-document basis from the reader; in that case the document runs in a sandbox isolated from the rest of the app.
  • We do not request, accept, or store your GitHub password.

10. Changes to this policy

We may update this policy when the app's behavior changes. We will update the Effective date at the top, and material changes will be summarized here. The current canonical version always lives at https://githtml.com/privacy.

11. Contact

Questions, complaints, or requests:

Plain-English summary at the top of this page is for clarity. The numbered sections govern.

END · PRIVACY · 2026·05·08