Privacy Policy

Last updated: 6/27/2025

1. Introduction

MacoRun ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

2.1 GitHub Account Information

When you connect your GitHub account to MacoRun, we collect:

  • Your GitHub username and display name
  • Your GitHub email address
  • Your GitHub profile picture/avatar
  • Your GitHub user ID
  • List of organizations you belong to
  • Repository information for repositories you have access to

2.2 OAuth Access Tokens

We store OAuth access tokens to:

  • Access GitHub APIs on your behalf
  • Manage your GitHub Actions runners
  • Retrieve repository and organization information
  • Generate runner registration tokens

2.3 Runner and Setup Information

We collect and store:

  • Runner names, platforms, and architectures you configure
  • Setup link tokens and their expiration dates
  • Runner status and registration information
  • Organization and repository associations

2.4 Usage and Technical Information

We automatically collect:

  • IP addresses and browser information
  • Pages visited and features used
  • Error logs and performance metrics
  • Session information and authentication logs

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain the MacoRun service
  • Authenticate you and manage your account
  • Generate runner setup scripts and registration tokens
  • Display your runners, organizations, and repositories
  • Sync runner status with GitHub
  • Improve our service and user experience
  • Communicate with you about the service
  • Detect and prevent fraudulent or unauthorized use

4. GitHub Integration and API Usage

MacoRun integrates with GitHub's APIs and services. We:

  • Use GitHub OAuth for authentication
  • Access GitHub APIs using your authorized permissions
  • Store GitHub App installation information
  • Comply with GitHub's API terms and rate limits
  • Only access the minimum permissions required for functionality

5. Data Storage and Security

5.1 Data Storage

Your data is stored:

  • In a PostgreSQL database hosted securely
  • With encrypted connections (SSL/TLS)
  • In compliance with industry security standards

5.2 Security Measures

We implement:

  • Encryption of data in transit and at rest
  • Secure authentication using NextAuth.js
  • JWT session tokens with expiration
  • Access controls and authorization checks
  • Regular security updates and monitoring

6. Data Sharing and Third Parties

We do not sell or rent your personal information. We may share data:

  • With GitHub: As required for API functionality
  • For Legal Compliance: When required by law or to protect our rights
  • Service Providers: With trusted third-party services that help us operate (hosting, analytics)

7. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication and session management
  • Remembering your preferences
  • Analytics and performance monitoring
  • Security and fraud prevention

Essential cookies are required for the service to function. You can manage optional cookies through your browser settings.

8. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Request your data in a machine-readable format
  • Withdrawal: Revoke GitHub authorization at any time

9. Data Retention

We retain your data:

  • For as long as your account is active
  • As required to provide the service
  • To comply with legal obligations
  • For up to 30 days after account deletion for backup purposes

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with applicable privacy laws.

11. Children's Privacy

MacoRun is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

12. Changes to Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us through our GitHub repository or support channels.

Early Development Notice: MacoRun is in early development. Our data practices may evolve as we improve the service. We are committed to maintaining your privacy throughout this process.

Your Control: You can revoke MacoRun's access to your GitHub account at any time through your GitHub settings under "Applications" → "Authorized OAuth Apps".