← yearincode

Privacy policy

Last updated 2026-05-24.

Three ways to generate

There are three ways to make a wrapped, and they differ in what they touch:

  • Username (no sign-in)— you type any GitHub username and we read that account's public commit metadata using our own app-level token. No login, no access to anything private. This is the same public data anyone can already see on that account's GitHub profile.
  • Sign in with GitHub — grants us read-only access to your public repositories (public_repo scope) plus your basic profile. We cannot read your private repositories and cannot write anything to your account. If you've enabled "include private contributions on my profile" in GitHub, the aggregate counts GitHub already publishes flow through too.
  • Personal access token (optional, for private repos) — you paste a token you created yourself, with whatever scopes you chose (a read-only token is enough). We use it once to read your stats, then discard it. We never write it to our database. It is not stored.

What we read

Commit metadata only: timestamps, repository names, additions/deletions, and commit message subject lines. We use this to compute your wrapped statistics.

We do not read, store, or transmit the contents of your source code. Ever. Only commit metadata.

For private repositories (token mode only), the data never leaves the aggregate: your public share page shows counts and totals, never a private repository name, never a commit message, never code. Private repos appear only as anonymized contributions to the big numbers.

What we store

  • Your computed wrapped statistics for each wrap generated — whether a single year or the all-time ("Since Day One") recap.
  • The longest and shortest commit message subject lines that contributed to those stats (these are not rendered on the public page).
  • If you signed in: your authenticated session and a copy of your GitHub OAuth token, used to refresh data when you regenerate. If you used a pasted token or username mode: nothing about your token is stored.
  • An anonymous view count per shared wrapped.

What we don't store

  • Source code or file contents.
  • Anything beyond the commit metadata listed above.
  • Marketing identifiers, fingerprints, or third-party trackers.

Sharing & ownership

Wrappeds are public by default— anyone with the URL can view them, and they're built from data that is already public on GitHub (or, in token mode, anonymized to aggregate counts).

Because username mode needs no login, someone could generate a wrapped for your public username before you do. If that happens, sign in with GitHub to claim it as yours — once claimed, only you can regenerate or delete it from /me. Don't want a page for your username to exist at all? Email us (below) and we'll remove it.

We don't sell your data and we don't share it with third parties.

Revoking access

You can revoke yearincode's access to your GitHub account at any time at github.com/settings/applications. That stops future data fetches; to delete data we already have, also delete your wrapped from /me.

Contact

For privacy questions, takedown, or deletion requests outside the in-app flow, email hiteshm.devlog@gmail.com or reach @Hitesh-Meghwal on GitHub.