Privacy Policy & GDPR Compliance

Last Updated: January 1, 2026

Your Privacy Matters: EasyDORA is committed to protecting your personal data and respecting your privacy rights in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

EasyDORA ("we", "us", or "our") is the data controller responsible for your personal information. You can contact us at:

  • Email: contact@easydora.dev
  • Website: https://easydora.dev

2. What Data We Collect

We collect and process the following types of personal data:

Data Type Purpose Legal Basis
Account Information
Email address, password (hashed) 		To create and manage your account Contractual necessity
GitHub OAuth Data
GitHub ID, username, avatar URL, email 		Authentication and profile display Consent (via OAuth authorization)
GitHub Access Token
OAuth access token 		To access your GitHub repositories and calculate metrics Consent (via OAuth authorization)
Repository Data
Repository names, owners, DORA metrics 		To provide our core service of calculating and displaying metrics Contractual necessity
Session Cookies
Session identifiers 		To keep you logged in and maintain your session Consent (via cookie banner)
Usage Analytics
Page visits, visitor count 		To improve our service and understand usage patterns Legitimate interest

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service Provision: To provide access to your account and calculate DORA metrics for your repositories
  • Authentication: To verify your identity when you log in via email/password or GitHub OAuth
  • Communication: To send you important service updates (we do not send marketing emails)
  • Security: To protect against unauthorized access and ensure platform security
  • Analytics: To understand how our platform is used and improve our services

4. GitHub Data Access

When you authenticate with GitHub OAuth, you grant us permission to:

  • Access your basic profile information (username, email, avatar)
  • Read your public and private repository data
  • Access commit history, pull requests, and deployment information

Important: We only use this data to calculate DORA metrics. We do not modify your repositories, create commits, or perform any write operations unless explicitly requested by you.

5. Data Storage and Security

5.1 Where We Store Your Data

Your data is stored securely in our PostgreSQL database hosted on secure cloud infrastructure. We implement industry-standard security measures including:

  • Encryption of data in transit (HTTPS/TLS)
  • Password hashing using bcrypt
  • Secure session management with HttpOnly cookies
  • Regular security audits and updates
  • Access controls and authentication mechanisms

5.2 Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. You can request deletion of your account and all associated data at any time.

6. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  1. Right to Access: You can request a copy of all personal data we hold about you
  2. Right to Rectification: You can update or correct your personal information through your account settings
  3. Right to Erasure ("Right to be Forgotten"): You can request deletion of your account and all associated data
  4. Right to Restrict Processing: You can request limitation on how we process your data
  5. Right to Data Portability: You can request your data in a machine-readable format
  6. Right to Object: You can object to processing of your personal data
  7. Right to Withdraw Consent: You can revoke GitHub OAuth access at any time

Exercising Your Rights: To exercise any of these rights, please contact us at contact@easydora.dev. We will respond to your request within 30 days as required by GDPR.

7. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Session cookies required for authentication and site functionality
  • Analytics Cookies: To track visitor counts and page usage (anonymized)

You can control cookie preferences through our cookie consent banner. Declining cookies may limit some functionality of the platform.

8. Third-Party Services

We integrate with the following third-party services:

  • GitHub: For OAuth authentication and repository data access. See GitHub's Privacy Policy
  • Redis (Optional): For session storage in multi-instance deployments (data stored in-memory only)

We do not share your personal data with any other third parties for marketing purposes.

9. Data Breaches

In the unlikely event of a data breach that affects your personal data, we will:

  • Notify you within 72 hours of becoming aware of the breach
  • Report the breach to relevant supervisory authorities as required by GDPR
  • Take immediate action to secure your data and prevent further unauthorized access

10. International Data Transfers

Your data may be processed in servers located in different countries. We ensure that any international data transfers comply with GDPR requirements through:

  • Standard Contractual Clauses (SCCs)
  • Ensuring adequate data protection levels in destination countries
  • Implementing appropriate technical and organizational measures

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by:

  • Updating the "Last Updated" date at the top of this page
  • Sending you an email notification (for material changes)
  • Displaying a prominent notice on our platform

13. Complaints and Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. In the EU, you can contact your local data protection authority.

14. Contact Us

If you have any questions about this privacy policy or how we handle your personal data, please contact us:

  • Email: contact@easydora.dev
  • Data Protection Officer: contact@easydora.dev

Your Consent: By using EasyDORA, you acknowledge that you have read and understood this privacy policy and consent to the collection, use, and processing of your personal data as described herein.

Back to Login