Privacy Policy
Todoke ("the app") is a third-party client for GitHub Issues, developed by David Collado Sela ("we", "us"). This policy explains what data the app touches, where it lives, and — most importantly — what we never see.
Signing in with GitHub
Todoke signs you into your existing GitHub account using GitHub's standard OAuth authorization code flow, with PKCE (a code verifier/challenge pair, generated fresh on your device) added on top, in a system browser session. The app never sees your GitHub password.
PKCE alone isn't enough to complete GitHub's flow: GitHub's authorization-code exchange still requires a confidential application secret, which cannot safely ship inside a public app binary. For that one step — and that step only — the app calls a small service we operate (a Cloudflare Worker at todoke-auth.bitomule.workers.dev) that holds the secret on our behalf. This service:
- performs only the momentary code-for-token exchange (and token refresh) with GitHub;
- holds the application secret so the app doesn't have to;
- stores nothing — no database, no user records, no token logs. The exchange is transient: the token passes through to your device and is immediately forgotten;
- never receives your issues, comments, repositories, or any other GitHub content.
Your access token
The token GitHub issues to you is stored only on your device, in the iOS Keychain (device-only, protected after first unlock). It is never synced to iCloud, never sent to us, and only ever transmitted to api.github.com and github.com to make the requests you ask for.
Your GitHub data
Issues, comments, repositories, labels, and profile information flow directly between your device and GitHub, authenticated with your own token. Todoke displays that data; it does not copy it to any server of ours. Your use of GitHub itself is governed by GitHub's Privacy Statement.
Todoke can only access the repositories you explicitly grant when you install the Todoke GitHub App, requesting only the Issues permission plus GitHub's mandatory read-only Metadata permission (repository names and labels — never source code). You can review the exact permissions the app requests on that page before installing it, and again any time at github.com/settings/installations.
Analytics, advertising, and tracking
None. Todoke contains no analytics, no advertising, no trackers, and no third-party SDKs that receive your data. We do not build profiles, fingerprints, or usage statistics.
Preferences
App preferences (issue filters, repository defaults, and similar settings) are stored on your device in local app storage (UserDefaults). They never leave your device.
Signing out and revoking access
When you sign out, Todoke deletes the token from your device's Keychain and asks GitHub to revoke it, so it can no longer be used anywhere.
You can also revoke Todoke's access yourself at any time, independently of the app, at github.com/settings/apps/authorizations, and manage or uninstall the Todoke GitHub App from your repositories at github.com/settings/installations.
Data retention
We retain nothing, so there is nothing to delete on our side. Removing the app from your device (or signing out) removes everything Todoke stored locally. Revoking the authorization on GitHub severs the app's access entirely.
Children
Todoke is not directed at children and is not intended for use by anyone under 13 (or the equivalent minimum age in your jurisdiction). GitHub itself requires users to be at least 13. We do not knowingly collect any information from children — indeed, we do not collect any information from anyone.
Changes to this policy
If this policy changes, the updated version will be posted at this address with a new effective date. Because the app collects nothing, changes are expected to be rare and editorial.
Contact
Questions about privacy in Todoke: hello@todokeapp.com