Skip to main content
Back to app

Privacy Policy

Last updated: May 29, 2026

Overview

GitHub Folder Downloader is designed to process repository selection, previews, and ZIP creation primarily in your browser. Repository data is fetched directly from GitHub when requested. This policy explains browser storage, third-party services, feedback handling, and your rights.

Data controller and contact

The project maintainers of GitHub Folder Downloader act as the data controller for this website. For privacy requests, contact the maintainers privately at privacy@x00.ai. Do not post personal data, token details, or private repository contents in public issues.

Data we process

  • GitHub repository, folder, or file URLs you enter or paste.
  • Repository metadata and file contents fetched from GitHub when you request them.
  • Optional GitHub personal access token (PAT), if you choose to paste one.
  • Optional GitHub account metadata returned by GitHub during token validation, such as login, name, avatar URL, and profile URL.
  • Clipboard text only when the browser permits clipboard reading and only to detect a GitHub URL; detected URLs are shown to you before being applied.
  • Feedback submissions sent through the Tally feedback form.
  • Basic hosting and security logs processed by infrastructure providers.

Purposes and legal bases (GDPR Art. 6)

  • Service delivery (fetching trees/files, generating ZIPs): processed under Art. 6(1)(b), necessary to provide the service you request.
  • Security, abuse prevention, and reliability (infrastructure and operational logs): processed under Art. 6(1)(f), legitimate interest.
  • Token persistence in your browser storage (`gh-token`, `gh-token-validation`, `gh-token-user`): processed under Art. 6(1)(a), your consent via optional input.
  • Feedback submissions (Tally form): processed under Art. 6(1)(a), your consent when you submit feedback.

Browser storage and retention

  • Your optional PAT is stored in browser storage as `gh-token` until you remove it.
  • Token validation state may be stored as `gh-token-validation` while a token is configured.
  • When validation succeeds, GitHub login, name, avatar, and profile details may be cached locally as `gh-token-user` for display.
  • IndexedDB database github-folder-downloader-cache stores trees, previews, contents, and meta for repository tree, preview, and content caching.
  • Clearing the token in app settings also clears locally cached repository tree, preview, and downloaded-content data from IndexedDB in this browser.
  • Generated ZIP files are created in the browser and downloaded to your device.
  • Repository content is fetched directly from GitHub to your browser and is not uploaded to this app's servers for ZIP generation.

Third-party services and processors

  • GitHub APIs and raw content endpoints are used to fetch repository data you request.
  • Hosting, delivery, and security operations are provided by Vercel.
  • Tally provides the embedded feedback form and processes feedback submissions.
  • These providers may process data in countries outside your residence. Where applicable, transfers rely on provider contractual safeguards such as Standard Contractual Clauses (SCCs) or equivalent lawful transfer mechanisms.

Your rights

Where GDPR or similar laws apply, you may have rights to:

  • Access personal data.
  • Rectify inaccurate personal data.
  • Request erasure, where applicable.
  • Restrict or object to processing based on legitimate interests.
  • Data portability, where applicable.
  • Withdraw consent for optional local token storage at any time.
  • Lodge a complaint with your local supervisory authority.

How to remove local data

  1. Open app settings and clear your token to remove token state and locally cached repository data.
  2. Clear this site's browser storage (localStorage and IndexedDB) in your browser settings, if needed.
  3. Clear downloaded files from your device storage if you no longer need them.

Cookies and tracking

This app does not use advertising cookies. The downloader does not include a general-purpose third-party analytics SDK in the application code. The feedback page loads a Tally popup form, which may process feedback submissions and standard request metadata according to Tally's own terms and privacy practices.

Feedback

The feedback form is provided by Tally. Do not submit access tokens, passwords, private repository contents, sensitive logs, or security vulnerabilities through the feedback form. Security issues should be reported through the security contact.

Security notes

No client application can guarantee absolute security. If you use a shared device, avoid storing tokens and revoke or rotate tokens if you suspect exposure.

Policy updates

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the latest version.

Related terms

Please also review our Terms of Use.

Contact

For privacy questions or rights requests, contact privacy@x00.ai. Public issues are appropriate for reproducible product bugs, not personal data requests.