Privacy Policy

Last updated: June 28, 2026

1. What we are

PRHandshake ("we", "our", "the App") is a GitHub App that analyzes pull request metadata to help repository maintainers assess submission quality. We are operated by parallelArchitect.

2. What data we access

When installed on a repository, PRHandshake receives GitHub webhook events containing:

• Pull request metadata — title, body, author, diff size, file names, labels
• Repository information — name, owner
• Contributor public profile — account creation date, public repository count, follower count
• PR comments — to detect maintainer override commands
• CI check run results — to verify required checks passed

We do not access repository source code, commit contents, or private repository data beyond what is necessary to evaluate PR metadata.

3. What we store

PRHandshake processes webhook payloads in real time and does not persistently store personal data. Access logs are retained for up to 30 days for debugging purposes and are then deleted automatically.

4. What we share

We do not sell, rent, or share your data with third parties. PR analysis results are posted back to your repository as GitHub Check Run results — visible to repository collaborators according to your existing GitHub permissions.

5. GitHub permissions

PRHandshake requests the minimum permissions necessary:

• Pull requests — read only
• Issues — read only
• Contents — read only (for repository files like CONTRIBUTING.md)
• Checks — read and write (to post analysis results)
• Metadata — read only (mandatory for all GitHub Apps)

6. Data security

Webhook deliveries are verified using HMAC-SHA256 signatures before processing. All traffic between GitHub and PRHandshake is encrypted in transit via HTTPS.

7. Uninstalling

You can uninstall PRHandshake at any time from your GitHub repository or organization settings. Uninstalling immediately revokes our access to your repositories.

8. Contact

Questions about this privacy policy can be sent to hello@prhandshake.dev.