Octogriffin Logo

Privacy Policy

Last updated: 12.01.2026

1. Introduction

We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you use our GitHub App and website, and tell you about your privacy rights.

2. Controller

The data controller responsible for this website is:

Drazen Bebic

Postfach 0029 1190 Vienna, Austria

Email: octogriffin@bebic.dev

3. The Data We Collect

To provide the gamification service, we process the following data:

  • GitHub Account Data: Username, Avatar, and GitHub User ID (via NextAuth).
  • Habitica Credentials: Your Habitica User ID and API Token. These are stored using AES-256 encryption(Advanced Encryption Standard) in our database. We cannot see your raw token, and it is only decrypted momentarily to send requests to Habitica on your behalf.
  • Webhook Data: Metadata about your GitHub activity (commits, pull requests, issue comments).

Important: We do not access, read, or store your source code files.

4. Cookies & Local Storage

We use a minimal number of cookies that are strictly necessary for the application to function. We do not use cookies for advertising or marketing purposes.

  • Authentication (NextAuth): We use secure, http-only cookies (e.g., next-auth.session-token) to maintain your active session while you are logged in.
  • Preferences: We may use LocalStorage to remember your UI preferences (e.g., dismissing a welcome message).

5. Infrastructure & Data Processors

We use strictly selected third-party service providers to host our application and store data.

5.1. Hosting (Vercel)

Our website and API functions are hosted on Vercel Inc. (USA). Vercel processes standard server logs (IP addresses, user agents) for security and debugging purposes. Vercel complies with GDPR via standard contractual clauses.

5.2. Database (Neon)

Our database is provided by Neon Inc. We have configured our database instance to reside in the AWS Frankfurt (eu-central-1) region to ensure your data remains within the EU/EEA.

5.3. Habitica API

To score your habits, we transmit command data (e.g., "Score Up Task X") to the Habitica API. This is necessary for the core functionality of the app.

5.4. Analytics & Performance

We use Vercel Analytics and Speed Insightsto monitor the performance and reliability of our website. These tools collect anonymous usage data (e.g., page load speeds, device type, and country). This data is aggregated and does not identify individual visitors. We do not use tracking cookies for analytics.

6. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right to access your stored data.
  • Right to rectification (update your keys).
  • Right to erasure (delete your account via the GitHub App).
  • Right to restrict processing (revoke GitHub App access).

Questions?

If you have any questions about this policy, please contact us at:

octogriffin@bebic.dev