Privacy: GitHub Integration
Aurora Coach for GitHub connects to your team's GitHub workflow to provide coaching context. This page explains exactly what data the integration accesses, what it calculates, and how that data is handled.
1. What the GitHub App Accesses
When you install Aurora Coach for GitHub, the app requests access to the following GitHub data:
Repository Metadata
Repository names, descriptions, and visibility. This is a mandatory GitHub App permission required for the app to function.
Pull Requests
PR number, title, creation date, merge date, author username, and first commit timestamp. Used to calculate delivery speed, throughput, work-in-progress, and lead time.
Code Reviews
Review submission date, reviewer username, review state (approved, changes requested), and comment count per review. Used to measure review responsiveness and collaboration patterns.
PR File Changes
Number of lines added and deleted per pull request. Used to calculate PR size categories. No file names, paths, or source code content is read.
Checks
CI workflow run counts and success/failure status. Used to calculate build success rates. No logs, artifacts, or workflow configuration is read.
Deployments
Deployment or release timestamp and identifier. Used to calculate shipping frequency and lead time. No deployment targets, environment details, or release assets are read.
Repository Contents
Used to read the optional .github/aurora-coach.yml configuration file for per-repo settings (schedule, thresholds). No source code, application files, or commit messages are read.
Issues
Used to post sprint health summary cards as GitHub Issues. Only creates or updates Aurora Coach health card issues. No existing issue content is read, modified, or deleted.
Webhook Events
The app receives installation lifecycle events (install, uninstall, repository added/removed) to manage the connection between your GitHub organization and Aurora Coach. No repository data is transmitted via webhooks.
2. What the GitHub App Does NOT Access
- Source code, application files, or diffs
- Commit messages or commit content
- Existing issue content or comments
- Repository settings or configuration
- Organization member lists or profiles
- Private user data (emails, profile details)
- Secrets, tokens, or environment variables
- Branch protection rules or repository policies
3. What Gets Calculated
The raw data above is aggregated into team-level metrics. No individual developer metrics are stored or displayed. The following metrics are calculated per coaching period:
| Metric | What It Measures |
|---|---|
| Cycle time (median) | Median time from PR open to merge |
| Cycle time (P90) | 90th percentile PR cycle time, capturing outliers |
| Throughput | Number of PRs merged in the period |
| Work in progress | Number of open PRs at period end |
| PR size (median) | Median lines changed (additions + deletions) per PR |
| PR size category | Whether typical PRs are small, medium, or large |
| Build success rate | Percentage of CI workflow runs that pass |
| Build total runs | Total CI workflow runs in the period |
| Ship frequency | Deployments or releases per day |
| Ship count | Total deployments or releases in the period |
| Ship source | Whether shipping is tracked via deployments or releases |
| Lead time | Median time from first commit to production deployment |
| Review turnaround | Median time from PR open to first review |
| Collaborator count | Number of unique PR reviewers |
| Review concentration | Fraction of reviews handled by the top reviewer |
| Review depth | Average review thoroughness based on comment volume |
| Cycle time trend | Whether cycle time is improving, stable, or degrading |
| PR numbers | List of PR numbers included in the period |
4. How Data Flows
Aurora Coach periodically requests data from the GitHub API using your installation's credentials
Raw API responses are processed in memory to calculate the metrics listed above
Only the calculated metrics are stored in Aurora Coach's database — raw API data is not persisted
Metrics are associated with your team, not with individual developers
These metrics are provided to Aurora Coach AI as context to provide relevant, data-informed team-level analysis and coaching recommendations
5. Data Storage and Retention
All data is stored in the EU. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Tenant isolation is enforced at the database level. Metrics data is retained for the duration of your subscription.
For full details on data storage, security measures, international transfers, and retention schedules, see our Data Processing Agreement. Subscription termination and data export terms are covered in our Terms of Service.
6. AI Processing
Team-level metrics are included as coaching context when your team uses Aurora Coach's AI coaching features. No raw GitHub data is sent to AI providers — only the calculated aggregate metrics listed above.
For full details on AI data handling, model training policies, and data flow architecture, see our AI Governance statement. A list of our AI providers is available at aurora-coach.com/subprocessors.
7. Revoking Access
You can uninstall Aurora Coach for GitHub at any time from your GitHub organization settings. Uninstalling immediately revokes the integration's access to your GitHub data.
Existing metrics data in Aurora Coach is retained according to your subscription terms.
8. Questions
For our general privacy practices, see our Privacy Policy. See our Terms of Service for subscription and data retention terms.
Contact us at [email protected] with any questions about this integration's data practices.