Privacy Policy

Last Updated: November 9, 2024

TL;DR: SpikePrimeGit does not collect, store, or transmit any of your personal data to third-party servers. All data stays in your browser and is only sent directly to GitHub's API to sync your LEGO SPIKE Prime projects.

1. Introduction

SpikePrimeGit ("the Extension") is a Chrome browser extension that enables users to sync LEGO SPIKE Prime projects to their GitHub repositories. This privacy policy explains what data the Extension collects, stores, and transmits.

2. Information We Collect

2.1 Data Stored Locally

The Extension stores the following information locally in your browser using Chrome's storage API:

GitHub Authentication Tokens: OAuth access tokens, refresh tokens, and token metadata required to authenticate with GitHub on your behalf
GitHub App Installation Data: Installation ID and account information from the SpikePrimeGit GitHub App
User Settings: Your selected repository, branch, and project path preferences
Sync History: A local log of your recent project syncs (project names, timestamps, repository/branch information) - limited to the last 50 entries
Temporary Authentication State: CSRF protection tokens used during OAuth authentication (automatically deleted after authentication completes)

2.2 Data We Do NOT Collect

The Extension does NOT collect, store, or transmit:

Your LEGO SPIKE Prime project code or content (only transmitted directly to GitHub)
Personal information (name, email, address, etc.)
Analytics or usage telemetry
Browsing history
Any data from websites other than spike.legoeducation.com

3. How We Use Your Information

The Extension uses stored data exclusively for the following purposes:

Authentication: GitHub tokens authenticate your identity with GitHub's API
Project Syncing: Your settings determine where projects are uploaded in your GitHub repository
User Interface: Sync history is displayed in the extension popup for your reference
Security: Temporary state tokens prevent Cross-Site Request Forgery (CSRF) attacks during authentication

4. Data Transmission

4.1 Direct Communication with GitHub

The Extension communicates directly with GitHub's API (api.github.com) to:

Authenticate your GitHub account
List your repositories and branches
Upload SPIKE Prime project files (.llsp3 format)
Create commits in your selected repository

Important: All data transmitted to GitHub is sent directly from your browser to GitHub's servers. The Extension does NOT route data through any third-party servers.

4.2 No Third-Party Services

SpikePrimeGit does NOT use:

Analytics services (Google Analytics, etc.)
Tracking pixels or beacons
Third-party APIs (except GitHub's official API)
Backend servers or databases
Advertising networks

5. Data Storage and Security

5.1 Local Storage Only

All Extension data is stored locally in your Chrome browser using chrome.storage.local. This data:

Remains on your device and is not transmitted to our servers (because we don't have any)
Is encrypted by Chrome's built-in storage security
Is isolated from other websites and extensions
Can be deleted by removing the Extension or clearing Chrome's extension data

5.2 GitHub Authentication Security

The Extension uses GitHub's OAuth 2.0 protocol for secure authentication:

You authorize the Extension through GitHub's official authorization page
Access tokens are stored securely in Chrome's local storage
Tokens are only used to make authenticated requests to GitHub's API
You can revoke access at any time through your GitHub settings

6. Chrome Permissions Explained

The Extension requests the following Chrome permissions:

6.1 Storage Permission

Purpose: Store GitHub authentication tokens, user preferences, and sync history locally in your browser.

Data Stored: OAuth tokens, repository/branch settings, project path, sync history.

6.2 Identity Permission

Purpose: Facilitate GitHub OAuth authentication flow using Chrome's built-in identity API.

Usage: Opens GitHub's authorization page and handles the OAuth callback securely.

6.3 Tabs Permission

Purpose: Communicate with the SPIKE Prime web application to detect project saves and display sync notifications.

Scope: Only queries tabs matching https://spike.legoeducation.com/*. Cannot access other tabs or browsing data.

6.4 Host Permissions

spike.legoeducation.com/* - Inject sync interface and capture project saves on the SPIKE Prime website
api.github.com/* - Make authenticated API requests to GitHub for repository operations
github.com/* - Complete OAuth authentication flow

7. Data Retention and Deletion

7.1 Automatic Deletion

Authentication state tokens are automatically deleted after OAuth completes
Sync history is limited to 50 most recent entries (older entries are automatically removed)

7.2 Manual Deletion

You can delete Extension data by:

Disconnecting: Click the Extension icon → "Disconnect" to clear all stored authentication data
Removing Extension: Uninstalling the Extension removes all stored data from Chrome
Chrome Settings: Clear Extension data via Chrome's settings: chrome://settings/content/all?searchSubpage=chrome-extension://

7.3 Revoking GitHub Access

To revoke the Extension's access to your GitHub account:

Visit GitHub App Installations
Find "SpikePrimeGit" in the list
Click "Configure" or "Uninstall" to revoke access

8. Third-Party Privacy Policies

The Extension interacts with the following third-party services, which have their own privacy policies:

GitHub: GitHub Privacy Statement
LEGO Education (SPIKE Prime): LEGO Education Privacy Policy

9. Children's Privacy

SpikePrimeGit is designed for educational use, including by children. We take children's privacy seriously:

We do NOT collect any personal information from children
We do NOT track or profile users
We do NOT serve advertisements
All data remains local to the user's browser

Parents and educators should supervise children's use of GitHub and ensure appropriate account permissions are configured.

10. Open Source Transparency

SpikePrimeGit is open source. You can:

Review the complete source code at github.com/varunmehta/spike-prime-git
Verify that no data is transmitted to third-party servers
Audit the Extension's behavior and permissions usage
Submit issues or security concerns on GitHub

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Extension after changes constitutes acceptance of the updated policy.

12. Contact Information

For questions about this Privacy Policy or the Extension's data practices:

GitHub Issues: github.com/varunmehta/spike-prime-git/issues
Repository: github.com/varunmehta/spike-prime-git

13. Your Rights

You have the right to:

Access: View all data stored by the Extension in Chrome's developer tools
Delete: Remove all Extension data at any time by disconnecting or uninstalling
Control: Manage GitHub repository access through GitHub's settings
Transparency: Review the Extension's source code to understand data handling

Summary

SpikePrimeGit is built with privacy as a core principle:

✅ Zero data collection or telemetry
✅ No third-party servers or analytics
✅ All data stored locally in your browser
✅ Direct communication with GitHub only
✅ Open source and auditable
✅ You control all data and access

SpikePrimeGit - Made for LEGO SPIKE Prime enthusiasts
Not affiliated with LEGO Education or GitHub, Inc.

Documentation • New to GitHub? • Custom App Setup • Data Storage • GitHub