Back to extension landing page

StarScout Extension

Privacy Policy

Effective date: 2026-05-02

This privacy policy describes how the StarScout - See Suspected Non-Legit Stars on GitHub repos browser extension ("the extension") handles information.

Data The Extension Collects And Sends

When you visit a public GitHub repository page that the extension recognizes as public, the extension sends the following information to the StarScout API:

  • The public GitHub repository identifier currently being viewed, such as owner/repo.
  • Standard browser request metadata automatically sent by the browser when calling the API, such as IP address and user agent.

Data The Extension Does Not Collect

The extension does not collect or send any of the following:

  • GitHub credentials, tokens, or passwords.
  • GitHub username or account identity, which the service does not receive.
  • Extension-specific user identifiers.
  • Private repository names or contents.
  • Suspected actor-level stargazer identities.

How The API Uses Data

  1. The extension sends the public owner/repo identifier for the repository being viewed.
  2. The API uses that identifier to look up aggregate StarScout-derived suspected non-legit star metrics for that repository.
  3. The API tries to fetch current public repository metadata from GitHub, such as the current stargazers_count, to compute the displayed percentage denominator when available.
  4. The API returns repo-level aggregates only and does not expose suspected actor lists.

Logs And Retention

  • The backend application does not implement its own request-log storage or log-retention system.
  • Normal Uvicorn, container, or platform access logs are written temporarily for availability, debugging, abuse prevention, and rate limiting.
  • Because the public repository name is part of the API path, those temporary logs include public owner/repo paths, IP address, and user agent metadata automatically sent with the request.
  • The project does not keep long-term request logs or create user profiles. The service does not receive GitHub account identity or extension-specific identifiers at all.
  • The service has no persisted browsing history table and no persistent identifier it can use to track a person's GitHub browsing history over time.

Sharing And Sale

This project does not sell user data. The API is designed to return aggregate public-repository metrics and does not require accounts, login, or payment. The backend tries to query GitHub for public repository metadata needed to provide the feature, but it does not have access to GitHub account identity or extension-specific identifiers to share.

Scope And Limitations

  • The extension supports public github.com/owner/reporepository pages.
  • Private repositories and GitHub Enterprise Server are not supported.
  • Missing StarScout aggregate data is shown as not analyzed, not as zero suspected stars.
  • Results are heuristic signals, not definitive claims that stars, users, or repositories are fake.

Contact And Support

For support or privacy questions, open a GitHub Issue in the project repository: github.com/arthurnunesc/starscout-extension/issues.