Legal

Privacy Policy

Last updated: November 20, 2025

🔐

TL;DR: Your tokens never leave your browser.

DoppelGit stores all data locally on your device. We never see, collect, or transmit your GitHub Personal Access Tokens to any server.

Data We Store

DoppelGit stores the following information locally on your device using Chrome's extension storage (chrome.storage.local):

  • Doppel Identities – Each doppel consists of a friendly name and a GitHub Personal Access Token (PAT). These are stored only in your browser.
  • Encryption Settings – If you enable encryption, we store the encrypted tokens along with cryptographic metadata (salt, IV) required for decryption.
  • License State – Your subscription status from ExtensionPay (Free or Pro) is cached locally to determine feature access.

No data is transmitted to any third-party server by DoppelGit itself. Your PATs remain entirely within your browser.

Data We Send

When you use DoppelGit to perform actions (create PRs, post comments, file issues), the extension calls GitHub's REST API directly from the background service worker. Specifically:

  • The selected doppel's PAT is sent to api.github.com over HTTPS as an Authorization header.
  • Your action data (PR title, comment body, etc.) is sent to GitHub to complete the request.

This is a direct browser-to-GitHub connection. DoppelGit does not proxy, intercept, or log these requests through any external server.

Third-Party Services

ExtensionPay (Licensing)

DoppelGit uses ExtensionPay to manage the Pro subscription. When you:

  • Stay on the Free plan
  • Subscribe or manage billing
  • Log in to restore access

You interact directly with ExtensionPay's servers. ExtensionPay may collect your email address and payment information (processed via Stripe). Please review ExtensionPay's Privacy Policy for details.

DoppelGit never sends your GitHub tokens to ExtensionPay. We only query ExtensionPay to check whether your license is active.

Stripe (Payments)

All payment processing is handled by Stripe, a PCI-compliant payment processor. DoppelGit never sees or stores your credit card information.

Optional Encryption

DoppelGit supports encrypting your PATs at rest using a passphrase you control:

  • Algorithm: AES-256-GCM with PBKDF2 key derivation
  • Passphrase: Never leaves your browser. Never transmitted anywhere.
  • Session Caching: When unlocked, the passphrase is cached per-tab for 15 minutes and cleared automatically when you lock the session or switch tabs.

Without encryption enabled, PATs are stored in plaintext in Chrome's extension storage. Anyone with access to your browser profile can read them—similar to how browser-saved passwords work. We recommend enabling encryption if your device is shared.

Logging

  • Console logs are limited to non-sensitive debugging information.
  • GitHub error responses are sanitized so that PATs or request headers are never written to logs.
  • No analytics or telemetry data is collected by DoppelGit.

Your Responsibilities

  • Use Personal Access Tokens that you are authorized to use. Acting on behalf of another person or organization without permission may violate GitHub's Terms of Service.
  • Revoke PATs from GitHub immediately if you suspect compromise.
  • Use the optional encryption feature if your device is shared or accessed by others.

Data Retention

All DoppelGit data is stored locally on your device. To delete your data:

  1. Open the DoppelGit options page
  2. Remove all saved doppels
  3. Disable encryption (if enabled)
  4. Uninstall the extension from Chrome

This will remove all DoppelGit data from your browser.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of DoppelGit after changes constitutes acceptance of the new policy.

Contact

Questions or privacy concerns? Please reach out: