Sextant — Privacy Policy

Sextant is a Chrome extension that adds a "Lines of code" panel to GitHub repository pages. This policy describes what data the extension collects, where it goes, and how the companion backend at sextant.octago.nl handles it. The source code for both the extension and the backend is published at github.com/Galacticnaut/sextant.

What's stored on your machine

The extension stores the following items in chrome.storage.local, which lives only inside your browser profile and is not synced or transmitted elsewhere by the extension itself:

• A GitHub Personal Access Token (PAT), if you paste one into the Options page.
• A GitHub OAuth user access token, if you complete the "Connect GitHub" flow.
• Your GitHub login name, displayed in the Options page next to "Connected as…".

Use "Clear all" in the Options page to delete these at any time, or uninstall the extension to remove all local storage.

What's transmitted off your machine

For each GitHub repository page you visit, Sextant may make these requests:

1. Public small repos → codetabs.com

The string owner/repo is sent to api.codetabs.com. No tokens, no headers identifying you. codetabs is a third-party service; see codetabs.com for their policy.

2. Private or large repos → sextant.octago.nl

If codetabs cannot serve the repo (private, too large, etc.), Sextant calls https://sextant.octago.nl/sloc with:

• The owner/repo string in the request body.
• Your stored GitHub token in the Authorization: Bearer … header.

The backend uses the token to:

1. Resolve the default branch's HEAD commit SHA via the GitHub REST API.
2. Clone the repository (with --depth=1 and a 10 MB per-file cap to skip binary blobs) into ephemeral storage.
3. Run scc against the working tree to compute lines of code per language.
4. Cache the SLOC result on disk, keyed by commit SHA only — your token is never written to disk.
5. Delete the cloned repository immediately.

The backend does not persist your token. Tokens are held in memory only for the lifetime of a single request, used to authenticate the clone, and discarded. Backend logs record the request path, HTTP status, and duration; they never include tokens or request bodies.

3. Byte-estimate fallback → api.github.com

If both codetabs and the backend fail, Sextant calls GitHub's /repos/<owner>/<repo>/languages endpoint directly from your browser with your stored token, divides bytes-per-language by an embedded constants table, and shows the result prefixed with ≈. This request is from your browser to GitHub; the backend is not involved.

OAuth scope

The "Connect GitHub" button requests the repo and read:user scopes. repo is required to clone private repositories; read:user is required to fetch your login name for display. Sextant performs only read operations and never writes to your repos.

What we do not do

• No analytics, telemetry, page tracking, or third-party trackers.
• No advertising, no sale of data.
• No transmission to any service other than the three named above.
• No persistence of access tokens on the backend.
• No reading of pages outside github.com.

Data retention

The backend's SLOC cache is keyed by commit SHA and contains only computed line counts per language. It contains no user data. Cache entries are kept indefinitely but may be evicted by the operator at any time. Backend logs are retained for up to 30 days for operational diagnostics.

Revoking access

• To revoke OAuth: visit github.com/settings/applications and remove "Sextant".
• To revoke a PAT: visit github.com/settings/tokens and delete the relevant token.
• To clear local storage in the extension: click "Clear all" in Sextant's Options page, or uninstall the extension.

Contact

Operator: Galacticnaut. File issues at github.com/Galacticnaut/sextant/issues.