Read-only, by design
The DevXOS GitHub App requests four permissions, all read-only: repository metadata, contents, pull requests, and organization members. There is no write permission, no admin permission, no secrets permission, no workflow permission. DevXOS cannot push, comment, open issues, change settings, or read your CI secrets.
Exactly what we read
From the GitHub API we read commit SHAs, messages, authors, committers, parent SHAs, and timestamps; pull request numbers, titles, authors, branch names, merged_at, closed_at, and review states; release tags and dates; and the public member list of installed organizations. That is the full set — if a field is not in this list, DevXOS does not request it.
What we never store
DevXOS does not download, scan, or store source code. We never read repository contents (file blobs), diffs, file trees, branch tips, or any file inside a commit. The contents permission is held only because GitHub requires it for the commit history endpoint — we use it to read commit metadata, not the code itself. We also do not store webhook payload bodies beyond what is needed to update installation state.
GitHub App vs. OAuth login
Two separate GitHub authentications power DevXOS, with strictly partitioned roles. The GitHub App reads your organization's data through scoped, revocable installation tokens minted per-request. The OAuth login is used only for identity — it tells DevXOS who you are and which GitHub organizations you personally belong to, so we can match you to an existing workspace. The OAuth login never reads organization-level data on your behalf.
Revoking access
You can revoke the DevXOS GitHub App at any time from your GitHub organization's Installed GitHub Apps settings, or from the DevXOS settings UI. Revoking it cuts ingest immediately. On written request we also delete the metadata we have already ingested.
Privacy policy
This page documents what flows through our integration. For the broader data-handling policy, see our privacy policy.