Privacy Policy
Last updated: 2026-04-26 · Effective: 2026-04-26
This Privacy Policy explains what data the Amitte project ("we", "us") collects when you use the registry, portal, CLI, or SDK ("the Service"), and what we do with it.
1. Data we collect
1a. From sign-in (GitHub OAuth)
When you sign in, we receive from GitHub:
- Your GitHub username and numeric ID
- Your public profile name and avatar URL (if set)
- Your verified email address (if you grant the
user:emailscope) - An OAuth access token (kept server-side; never sent to the browser)
We do not receive your GitHub password, your private repos, your followers list, or any data outside the OAuth scopes (read:user, user:email).
1b. From publishing skills
When you publish to the registry, we store:
- The full manifest (id, version, description, capabilities, domains, etc.)
- The artifact content (typically
skill.md) - Submission metadata: timestamps, pipeline stages run, judge scores, your publisher handle
- Sigstore bundle (when supplied) — used to verify provenance
This data is public — it's the whole point of a registry.
1c. From verifying domains
- The domain name you claim
- A challenge token we generate
- Verification status, timestamps, last DNS lookup result
The domain itself is public (visible on your /p/<handle> profile). The token is server-side only.
1d. From browsing
For every HTTP request to the registry:
- IP address (used only for rate limiting; aggregated to per-publisher buckets when authenticated, never logged long-term)
- User-agent string (for compatibility metrics)
- Request path and response status (for error telemetry)
We do not use third-party analytics, tracking pixels, or advertising cookies. The portal sets only the session cookie required by Auth.js for sign-in.
2. How we use the data
We use it solely to:
- Operate the Service (auth, publishing, search, fetch).
- Enforce rate limits and abuse policies.
- Compute trust signals (verified domains, judge scores).
- Communicate critical updates (security, account, takedowns) — by email if we have one.
We do not:
- Sell or rent your data.
- Share your data with advertisers, brokers, or marketing partners.
- Use your data to train language models. (The judge LLM scores published content but never your private profile data.)
3. Where data lives
- Database — Neon (Postgres) hosted in AWS US East (N. Virginia).
- Object storage — Cloudflare R2 for skill artifacts (markdown bodies).
- Logs — Render application logs (Singapore region), retained ~7 days.
- Backups — Neon point-in-time-restore (7 days).
All data is encrypted in transit (TLS 1.2+) and at rest (provider-managed AES-256).
4. Third-party processors
We share data with the following processors purely to operate the Service:
| Processor | Purpose | Data shared |
|---|---|---|
| GitHub | Authentication | OAuth handshake (no further data sharing) |
| Neon | Database | Manifests, publisher records, verifications |
| Cloudflare R2 | Object storage | Skill artifacts |
| Render | Application hosting | Request metadata in logs |
| Vercel | Portal hosting | Request metadata in logs |
| Groq | LLM judge for skill evaluation | Skill description + artifact content (public data) |
| Jina AI | Embedding generation | Skill description + artifact content (public data) |
None of these processors receive your password, OAuth token, or any data outside what's necessary for the listed purpose.
5. Your rights
You can:
- Access all data we hold on you — sign in, visit
/me, or email us. - Correct your profile data via your GitHub account.
- Delete your account and all linked data (verified domains, credentials) — see "Closing your account" below.
- Export your published content via the public RPC (
fetch/search). - Object to our processing — email us; we will respond within 30 days.
- Lodge a complaint with your local data protection authority. EU residents can contact their national supervisory authority.
For users in the EU/UK, the legal basis for processing is legitimate interest (operating the registry) and consent (when you publish or verify a domain).
6. Closing your account
To close your account:
- Email privacy@amitte.com from the address tied to your GitHub account, OR
- Open a deletion issue at github.com/amitte-ai/amitte/issues using the
account-deletiontemplate.
Within 30 days we will:
- Delete your
publishersrecord, verified domains, and credentials cache. - Anonymize submission audit rows (we keep them for compliance, but with
publisher_idnulled). - Leave your already-published skills in the registry by default. If you want them removed too, say so in the deletion request — they will be revoked and the artifact storage objects deleted.
7. Data retention
- Active account data — kept while your account exists.
- Published skill content — kept indefinitely (this is the point of an immutable registry).
- Logs — 7 days.
- Backups — 7 days (Neon PITR window).
- Deleted account data — 30 days from deletion request.
8. Children's privacy
The Service is not directed at children under 13 (or the local minimum age). We do not knowingly collect data from children. If you believe a child has registered, contact us and we will delete the account.
9. Changes
We may update this policy. The "Last updated" date reflects the most recent change. Material changes will be announced in the Changelog and, where practical, by email to publishers.
10. Contact
Privacy questions: privacy@amitte.com, or open an issue tagged privacy at github.com/amitte-ai/amitte/issues.