Terms of Service | DevTrace — Open Source Contributor Trust Scoring

DevTrace collects and processes only data that is already publicly accessible via the GitHub API. No information is gathered that is not available to any user of github.com.
Data collected includes contributor profiles, contribution metadata (pull requests, commits, reviews), repository metadata (stars, forks, language, license), and account activity signals.
DevTrace does not access, read, or store source code. Only event metadata, repository statistics, and contributor signals are processed.

DevTrace authenticates you via the standard GitHub OAuth web flow. The OAuth token is used only during the sign-in process to verify your identity and is not stored.
Scoring queries use GitHub App installation tokens that are short-lived, minted on-demand, and never persisted to disk or database.
Your dashboard session is maintained via an encrypted, HTTP-only cookie. No GitHub credentials, tokens, or secrets are stored by DevTrace at any time.
API tokens you generate are stored as one-way hashes. The raw token is shown once at creation and cannot be recovered.

Scoring data is stored in our database and used solely to generate contributor reputation scores and analytics for your dashboard.
Your data is isolated from other users. Other users cannot view your scoring history or API usage.
We do not sell, share, or distribute your data to third parties.

DevTrace may send aggregated, non-identifying contributor statistics to a third-party large language model provider (currently Anthropic) to generate AI-powered risk summaries.
No personally identifiable information or source code is included in these requests. Only pre-computed scores and summary statistics are sent.
AI-generated insights are informational only and should not be treated as professional advice or the sole basis for trust decisions.

Reputation scores are computed from publicly available signals and are informational only.
Scores should not be the sole basis for employment, access, or trust decisions.
DevTrace does not guarantee the accuracy, completeness, or timeliness of any score or signal.

You can generate and revoke API tokens at any time from Settings.
You can revoke DevTrace access by uninstalling the GitHub App from your account settings.
You can sign out and clear your session at any time from the dashboard.
You may request deletion of all your data by contacting us. Upon account deletion, all associated data is permanently removed.

Free accounts are limited to 50 scored contributors per month and 60 API requests per hour.
When limits are reached, scoring requests are rejected until the next billing period or rate limit window.
Higher limits are available on paid plans.

DevTrace is provided on an “as is” and “as available” basis. We do not guarantee any specific level of uptime or availability.
We reserve the right to modify, suspend, or discontinue the service (or any part of it) at any time, with or without notice.
We will make reasonable efforts to provide advance notice of material changes or planned discontinuation.
In the event of service discontinuation, a reasonable wind-down period will be provided during which you may export your data.

We may update these Terms of Service from time to time. When we make material changes, we will notify you by posting the updated terms on this page.
Your continued use of DevTrace after changes are posted constitutes acceptance of the revised terms.
If you do not agree with the updated terms, you should discontinue use and may request deletion of your data.

You must be at least 13 years old (or 16 in jurisdictions where required) to use DevTrace.
You are responsible for all activity under your account, including API token usage.
We reserve the right to suspend or terminate accounts that engage in abusive behavior, violate these terms, or place unreasonable burden on the service.

To the maximum extent permitted by applicable law, DevTrace and its operators shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of data, profits, or goodwill, arising out of or related to your use of the service.
Our total aggregate liability for any claims arising from your use of the service shall not exceed the amount you paid to us (if any) in the twelve months preceding the claim.
DevTrace makes no warranties, express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.