← Home

Privacy Policy

Last updated 21 April 2026

This page explains what personal data awesome-repositories.com collects when you visit the site or submit a repository, why we collect it, and what we do with it. It is provided in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and Romanian Law 190/2018. It covers every endpoint we run — the public directory, search, the submission form, and the admin pages.

Data controller

The controller of your personal data is:

  • Bringes Technology SRL
  • Str. Crișului nr. 14 Bis, Oraș Băicoi, Jud. Prahova, Romania
  • VAT: RO45896025
  • Contact: hello@bringes.io

We have not appointed a Data Protection Officer because our processing does not meet the thresholds of Article 37 GDPR. For any privacy matter write to the address above.

Data we collect

  • Submitted repository metadata. When you paste a GitHub URL into Submit a repository we fetch the repo's public metadata and README from the GitHub API and store a copy in our Turso (SQLite) database. No content beyond what GitHub already exposes publicly is collected.
  • Directory listings. Display name (owner/repo), description, stars, language, topics, moderation status, views, upvotes, and downvotes are stored in our Turso (SQLite) database.
  • Votes. To enforce one vote per visitor we store a SHA-256 hash of your IP address (salted) with the vote. We do not store the raw IP. The hash is a one-way fingerprint used only for deduplication.
  • Views. Every visit to a repository page increments a counter on that repository. We store the counter, not the visitor identity.
  • Search queries. The text you type into the search box is saved together with how many results it returned. Admins use this to understand what people are looking for. Search logs are not tied to your identity.
  • Feedback. If you submit feedback, we store the message, the optional email you provide, the page you sent it from, and your user-agent string.
  • Admin accounts. Admins sign in with Google OAuth. We store the name, email, profile image, and Google account id provided by Google, plus session records needed to keep them logged in. The public-facing site does not offer user accounts.
  • Analytics (PostHog). We use PostHog (EU region) to track page visits, clicks on interactive elements, and — when enabled — session recordings with form inputs masked. PostHog drops a first-party cookie / local-storage entry to maintain an anonymous visitor id. Analytics run only after you accept cookies.
  • Analytics (Google Analytics 4). We also load Google Analytics 4 via the gtag.js tag. Google receives your IP address (truncated), user-agent, and the pages you view. GA uses first-party cookies (the _ga family) to distinguish unique visitors. GA runs only after you accept cookies.

Why we collect it and on what legal basis

We process personal data under the following Article 6 GDPR bases:

  • Performance of a service (Art. 6(1)(b)): hosting and serving submitted repository metadata, running moderation, processing take-down requests.
  • Legitimate interests (Art. 6(1)(f)): preventing vote manipulation through salted IP hashes, counting page views, logging search queries to improve the product, keeping admin session records, and protecting the Service against abuse. You may object to processing based on legitimate interests (see "Your rights" below).
  • Consent (Art. 6(1)(a)): PostHog and Google Analytics cookies and the associated processing. Consent is collected through the cookie banner and can be withdrawn at any time by clearing the cc cookie in your browser, after which analytics stop loading.
  • Legal obligation (Art. 6(1)(c)): keeping records we are required to keep under Romanian tax, accounting, or platform-regulation laws, and responding to valid requests from competent authorities.

Who can see what

  • Public: anything in an approved repository listing (owner/repo, description, cached README, topics, view and vote counts).
  • Admins only: pending / rejected submissions, feedback messages, search logs, admin-session metadata.
  • Processors and sub-processors: Turso / ChiselStrike (EU region — database), Cloudflare (worker + edge delivery), GitHub, Inc. (public repo metadata source), Google Ireland Limited (sign-in + Analytics), PostHog (EU region — analytics). Each of them receives only the data needed to provide that service.

International transfers

We aim to keep personal data within the European Economic Area. Cloudflare and Google may process limited data (your IP address, request metadata) outside the EEA. When that happens, transfers are covered by the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and, for Google, the EU-US Data Privacy Framework adequacy decision of 10 July 2023. You can ask us for a copy of the safeguards in place.

Retention

  • Approved repository listings: stored until the submitter or an admin deletes them.
  • Pending or rejected submissions: up to 90 days, then deleted unless kept longer for a specific moderation reason.
  • Salted IP-hash vote records: kept for the lifetime of the repository they relate to.
  • Feedback messages: up to 24 months from receipt.
  • Search logs: up to 12 months, then aggregated or deleted.
  • Admin sign-in records: kept while the admin is active and for up to 12 months after deactivation.
  • PostHog and Google Analytics events: as per each provider's default retention (typically 12–14 months).

Your rights under the GDPR

If we hold personal data about you, you have the right to:

  • Access the data we hold (Art. 15).
  • Rectify data that is inaccurate or incomplete (Art. 16).
  • Erase data ("right to be forgotten", Art. 17).
  • Restrict processing in certain circumstances (Art. 18).
  • Data portability — receive the data you gave us in a machine-readable format (Art. 20).
  • Object to processing based on legitimate interests (Art. 21).
  • Withdraw consent you have given for analytics at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3)).
  • Lodge a complaint with a supervisory authority. In Romania this is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), B-dul G-ral Gheorghe Magheru 28-30, Sector 1, București, dataprotection.ro. You may also complain to the authority in your EU country of residence.

To exercise any of these rights email hello@bringes.io. We respond within one month (extendable by two months for complex requests, as allowed by Article 12(3) GDPR).

Automated decisions and profiling

We do not use your personal data to make automated decisions with legal or similarly significant effects on you, and we do not build behavioural profiles for advertising.

Security

Data is transmitted over HTTPS, admin access is protected by Google OAuth and single-sign-on session cookies marked HttpOnly and SameSite, and secrets are kept in the runtime environment rather than in the code. We review access to admin endpoints regularly. No system can be guaranteed secure, but we use reasonable technical and organisational measures proportionate to the risk, as required by Article 32 GDPR.

Cookies & local storage

We use a small number of cookies and storage entries, split into two categories:

  • Strictly necessary (no consent required): a session cookie for admin sign-in (first-party, HttpOnly), a did first-party cookie that stores an anonymous visitor id for linking searches and votes, the cc cookie that remembers your cookie-banner choice, and session-storage entries used to avoid double-counting a page view within a single tab.
  • Analytics (require your consent): PostHog's cookie / local-storage entry for an anonymous visitor id, and the Google Analytics _ga family of cookies. These load only after you click Accept in the cookie banner.

We do not use cross-site advertising cookies. You can withdraw analytics consent at any time by clearing the cc cookie or by blocking analytics scripts in your browser.

Changes

We may update this policy. Material changes will be noted at the top of this page with a new "last updated" date.

Contact

Bringes Technology SRL, Str. Crișului nr. 14 Bis, Oraș Băicoi, Jud. Prahova, Romania — VAT RO45896025. Questions, takedown requests, or corrections: hello@bringes.io.