Privacy & FAQ

Short version: MapSense is currently best suited for public repos. Private repos are more sensitive, so they are not auto-published by default and should be reviewed manually.

Quick answers

  • Do you store GitHub OAuth tokens? No. MapSense uses GitHub OAuth for sign-in, but does not persist GitHub OAuth access tokens in allauth.
  • How does repo access work? Repo-scoped access uses a GitHub App with installation-scoped tokens.
  • Does connecting a repo make anything public by itself? No. Connecting a repo gives MapSense access to read the repo via the GitHub App, but it does not by itself publish anything.
  • Are private repos auto-published? No. Private repos are not auto-published by default.
  • Are private repo prompts public by default? No. Private-repo publication should stay manual and reviewed.
  • Can I use my own LLM for private repos? Yes. The safest/default private-repo workflow is manual review: generate or rewrite the post yourself, optionally with your own LLM, then publish only if you want to.
  • Does MapSense ever send PR data to third-party LLMs? Yes, if you use MapSense-hosted prompt generation. In that case PR-derived data may be sent to OpenRouter/model providers.
  • Can MapSense expose private-repo details without me choosing to? The private-repo path is intended to be user-directed: private repos are not auto-published by default. The remaining risk is making sure you understand what leaves the server when you choose hosted generation, and what becomes public when you choose to publish.

GitHub access model

MapSense uses two separate GitHub auth paths:

  • GitHub OAuth for sign-in and identity (`read:user`, `user:email`)
  • GitHub App installations for repository access, webhook delivery, and PR fetching

That means repo access is scoped to the repos/orgs where you installed the MapSense GitHub App.

What MapSense stores

  • Your account/profile data needed to run the product
  • Connected repository records for repos you choose to use with MapSense
  • Published posts and social data such as likes, bookmarks, comments, and follows
  • Hashed MapSense API session tokens

PR diffs are not intended to be stored long-term in the app database as a primary artifact.

Private repos and LLM usage

Private repos are more sensitive than public repos. Because of that, MapSense keeps private repos out of the automatic publication path by default.

For private repos, the recommended workflow is:

  1. Keep publication manual
  2. Review the text before publishing
  3. Use your own LLM locally if you prefer
  4. Only publish content you are comfortable making public

Important: if you choose a MapSense-hosted generation flow for a private repo, PR-derived data such as PR title/body, commit messages, and filtered diff content may be sent to OpenRouter / model providers in order to generate the prompt text.

In other words: manual/private-safe workflow and hosted generation workflow are different choices. If you want to keep private repo data out of third-party model providers, use your own LLM or write the text yourself.

What requires your explicit choice?

  • Connecting a repo is a choice.
  • Using MapSense-hosted generation is a choice.
  • Publishing a post derived from a private repo is a choice.

Those choices matter because they affect different things: GitHub App access, third-party LLM processing, and public visibility are not the same action.

Can published text still reveal private details?

Yes. Even if MapSense hides private repo names and PR URLs in the public UI, the text of a published post can still reveal implementation details, filenames, architecture hints, tooling choices, or roadmap context.

That is why manual review matters for private repos. Only publish text you are comfortable making public.

Who can expose a repo?

MapSense can only access repos that are part of a GitHub App installation available to you. That is a technical permission boundary, not a policy or workplace approval boundary.

If a repo belongs to your employer, client, or organization, make sure you are actually allowed to publish derived content from it.

Technical access is not the same as workplace, client, or organization approval.

What about public repos?

Public repos are less sensitive, but you should still review what MapSense publishes on your behalf. A public repo can still contain context you would prefer not to amplify automatically.

What happens when I disconnect or delete my account?

  • Disconnecting a repo stops MapSense from using it for future webhook-driven publication.
  • Deleting your MapSense account removes your user-owned data in the app database.

Current launch posture

Today, MapSense should be thought of as a public-repos beta. Private repos require more caution, more review, and clearer user judgment.