Privacy policy for GitHub Cherry Pick Assistant

This policy explains what data the extension handles, why it is used, and how temporary backend storage supports GitHub authentication and workflow execution.

1. Overview

GitHub Cherry Pick Assistant is a browser extension that helps developers move pull request changes into the correct target branch or repository. It operates inside GitHub, authenticates the user with GitHub, reads repository and pull request context, and triggers GitHub Actions workflows to perform cherry-pick and follow-up pull request tasks.

2. Information the extension handles

The extension and its supporting backend may handle:

GitHub authentication tokens and refresh tokens
GitHub username
Current GitHub repository and pull request context
Selected repositories, branches, and workflow preferences stored locally in the browser
Workflow run identifiers and resulting pull request links
Workflow dispatch details sent to the authentication broker, including selected source and target repositories, branches, pull request numbers, and commit identifiers

3. How the information is used

Information is used only to support the extension’s single purpose:

Signing the user in with GitHub
Prefilling the side panel from the current GitHub page
Showing repositories, pull requests, commits, branches, and workflow status
Dispatching GitHub Actions workflows requested by the user
Verifying the signed-in user can access the selected source and target repositories before central workflow dispatch
Opening workflow runs and follow-up pull requests

4. Temporary backend storage

The authentication broker uses temporary Cloudflare KV storage to complete GitHub sign-in. It stores:

Pending login flow data for up to 10 minutes
Temporary authentication result data for up to 5 minutes

This temporary result data may include an access token, refresh token, expiration values, and GitHub username so the extension can complete sign-in. The temporary result entry is deleted after the extension retrieves it.

5. Local browser storage

The extension stores limited settings and workflow preferences in Chrome storage, such as recent repositories, selected targets, and session-related state required to keep the user signed in and reduce repetitive setup.

6. Data sharing

The extension does not sell personal data. Data is used only to support the requested GitHub workflow. Data may be sent to GitHub APIs, GitHub Actions, the extension's authentication broker, and Cloudflare infrastructure that hosts the broker because those services are required for the extension to function.

7. Retention

Temporary authentication data in the backend expires automatically. Browser-stored preferences remain until the user clears extension storage, signs out, or removes the extension.

8. Security

The extension uses GitHub authentication and a dedicated auth broker to complete sign-in. Access is limited to the permissions required for the extension’s workflow. Users should still protect their GitHub accounts and rotate credentials if exposure is suspected.

9. Contact

For questions about this policy or the extension, use the project repository: github.com/aryanat1911/cherry-pick-assistant