Privacy Policy

Last updated: January 12, 2026

1. Introduction

pkglnk ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at pkglnk.dev.

2. Information We Collect

2.1 Account Information

When you sign in with GitHub, GitLab, or Bitbucket, we collect:

  • Your username and display name from the provider
  • Your email address
  • Your avatar URL

You can connect multiple Git platforms to your account to manage packages from different sources.

2.2 GitHub Profile Data

With your consent during GitHub OAuth, we collect publicly available information from your GitHub profile for platform analytics:

  • Account creation date (to understand our user base demographics)
  • Public repository count
  • Follower and following counts
  • Company affiliation (if publicly listed on your GitHub profile)
  • Location (if publicly listed on your GitHub profile)
  • Bio (if publicly listed on your GitHub profile)
  • Organization memberships (names only)

Note: All of this information is publicly visible on your GitHub profile. We do not collect any private GitHub data.

2.3 Unity Project Data

To provide relevant analytics about the Unity development community, we scan your repositories (with your OAuth consent) to count:

  • Number of repositories containing Unity projects
  • Number of Unity Package Manager (UPM) packages you maintain

Note: We only count repositories and packages; we do not access, store, or analyze the content of your code.

2.4 Package Analytics

When your packages are installed via our proxy, we collect:

  • Anonymous installation counts
  • Hashed IP addresses (with daily rotating salt for privacy)
  • Unity version information (when available)
  • Timestamp of installation

Important: We hash IP addresses by default. This means we cannot identify individual users from analytics data. Raw IP addresses are never stored.

2.5 Usage Data

We automatically collect certain information when you access our service, including:

  • Browser type and version
  • Pages visited and time spent
  • Referring website

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our service
  • Display analytics about your packages
  • Generate aggregated platform statistics (e.g., user demographics, Unity ecosystem metrics)
  • Understand our user base to improve the service for Unity developers
  • Send you important service updates (if you opt in)
  • Improve and optimize our service
  • Detect and prevent fraud or abuse

Aggregated Analytics: We use GitHub profile data and Unity project metrics to generate aggregated, anonymized statistics about our user base. These statistics help us understand who uses pkglnk and how to better serve the Unity development community. Individual user data is never shared publicly or with third parties.

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers: We use Supabase for authentication and data storage, and Vercel for hosting.
  • Legal requirements: We may disclose information if required by law or to protect our rights.

5. OAuth Permissions

We support sign-in via GitHub, GitLab, and Bitbucket. Here are the permissions we request for each:

5.1 GitHub

  • read:user - Read your public profile information
  • user:email - Read your email address for account identification
  • read:org - Read your organization memberships (names only)
  • public_repo - Access your public repositories to detect Unity packages

Revoke access: GitHub application settings

5.2 GitLab

  • read_user - Read your public profile information
  • read_api - Read-only access to the API (for listing your projects)

Revoke access: GitLab application settings

5.3 Bitbucket

  • account - Read your account information
  • repository - Read your repositories

Revoke access: Bitbucket application settings

Revoking access for any provider will prevent us from syncing new data from that platform, but previously collected data will remain until you delete your account.

6. Lawful Basis for Processing (GDPR)

Under GDPR, we process your personal data on the following legal bases:

  • Consent: When you sign in with GitHub OAuth, you explicitly consent to our collection and use of your profile data as described in this policy.
  • Legitimate Interests: We have a legitimate interest in understanding our user base to improve our service for the Unity development community. We balance this against your privacy rights by only collecting publicly available data and using it for aggregated analytics.
  • Contract: Processing is necessary to provide you with our service (package analytics, repository tracking).

7. Data Retention

We retain your account information for as long as your account is active. Analytics data is retained indefinitely in anonymized form. You can request deletion of your account and associated data at any time.

Specific retention periods:

  • Account data: Until account deletion
  • GitHub profile data: Synced on each login; deleted with account
  • Organization memberships: Synced on each login; deleted with account
  • Package install analytics: Retained indefinitely in anonymized form

8. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Portability: Request transfer of your data
  • Object: Object to processing of your personal data
  • Withdraw consent: Withdraw consent at any time

To exercise these rights, you can delete your account from your profile page or contact us at privacy@pkglnk.dev.

9. Data Security

We implement appropriate security measures to protect your data, including encryption in transit (HTTPS), secure authentication via OAuth, and regular security reviews.

10. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

10.1 Essential Cookies We Use

Cookie NamePurposeDuration
sb-*-auth-tokenSupabase authentication session - keeps you logged inSession / 1 year
pkglnk_auth_providerTemporarily stores which OAuth provider you're signing in with during the login flow5 minutes
pkglnk_linking_providerTemporarily stores which OAuth provider you're connecting when linking additional accounts5 minutes

10.2 Why We Use These Cookies

These cookies are strictly necessary for the website to function. Without them, you would not be able to log in or link multiple Git platform accounts. Because these are essential functional cookies (not tracking or advertising), we do not require consent to use them under GDPR and similar privacy regulations.

10.3 Third-Party Cookies

We do not use any third-party tracking, analytics, or advertising cookies. Our authentication provider (Supabase) sets cookies only for maintaining your login session.

10.4 Managing Cookies

You can delete cookies through your browser settings at any time. However, deleting authentication cookies will log you out and you will need to sign in again.

11. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect information from children under 13.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@pkglnk.dev.