Back to Home

Privacy Policy

Last updated: 11/10/2025

1. Information We Collect

When you use the Repository Access Portal, we collect the following information:

  • GitHub Account Information: When you sign in with GitHub, we receive your GitHub username (login) and basic profile information. This information is used solely to identify you for repository access requests.
  • Course Name: You provide a course name which is validated server-side but not stored permanently.
  • Session Data: Temporary session data is stored in your browser's sessionStorage to facilitate the access request process. This data is cleared when you complete the process or log out.

2. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity via GitHub OAuth
  • Validate course enrollment
  • Send repository access invitations through GitHub's API
  • Provide and improve the Service

We do not sell, trade, or rent your personal information to third parties.

3. Data Storage

We minimize data storage:

  • Session data is stored temporarily in your browser's sessionStorage and is automatically cleared when you log out or complete the access request.
  • GitHub authentication tokens are managed by NextAuth.js and are stored securely according to NextAuth.js security practices. After a successful repository invitation is sent, your GitHub OAuth access token is automatically revoked for security purposes.
  • We do not permanently store your GitHub credentials, passwords, or personal information beyond what is necessary for the Service to function.

4. Third-Party Services

The Service integrates with:

  • GitHub: We use GitHub OAuth for authentication and GitHub's API to send repository invitations. After a successful invitation is sent, your GitHub OAuth access token is automatically revoked. Your use of GitHub is subject to GitHub's Privacy Policy and Terms of Service.
  • NextAuth.js: We use NextAuth.js for authentication management. Please refer to NextAuth.js privacy practices for more information.

5. Cookies and Local Storage

We use sessionStorage to temporarily store course name information during the access request process. This data is automatically cleared when you log out or complete the process. We do not use persistent cookies for tracking purposes.

6. Your Rights

You have the right to:

  • Revoke GitHub OAuth access at any time through GitHub settings
  • Clear your browser's sessionStorage and localStorage
  • Log out of the Service at any time
  • Request information about what data we have collected

7. Security

We implement reasonable security measures to protect your information. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at j.weinert@lse.ac.uk.