GitHub App Data Access Disclosure

The DirectiveOps GitHub App ("App") is installed on GitHub organizations or repositories to enable repository discovery, instruction-file scanning, constitution building, drift detection, and rollout PR creation. This disclosure describes the GitHub data we request, the purposes for which we use it, and how we store and protect it. It supplements our Privacy Policy and Terms of Service.

We request the minimum permissions necessary. These may include: Read access to metadata and content of repositories You select; read and write access where we need to create branches or open pull requests for rollouts; access to organization membership where needed for access control; webhook events for repository and content changes. We do not access Your source code beyond the instruction files we scan (e.g., AGENTS.md, CLAUDE.md) unless necessary to perform a rollout (e.g., creating a branch or PR). We do not access private repository content beyond what You explicitly connect and authorize.

Repository metadata and instruction-file content are used to build the constitution model, run the findings engine, and generate rollout previews and PRs. We store this data in our hosted environment in accordance with Your Plan and our Privacy Policy and Data Processing Addendum. We do not use GitHub data for advertising or sell it to third parties.

We retain GitHub-derived data for the duration of Your subscription and in accordance with Your Plan's history retention. When You remove the App or disconnect a repository, we will cease new collection and will delete or anonymize data in accordance with our retention schedule and applicable law.

For questions about the App's data access: privacy@directiveops.dev or see the Contact and Legal Notice document.