This policy explains what data Ngaio collects, how it is used, and how it is stored. Current Ngaio apps include Pull Request Viewer, a developer tool for reviewing Bitbucket Cloud and GitHub pull requests inside IntelliJ IDEA.
Who we are. Ngaio is operated by Sonny Graystone ("Ngaio", "we", "us", or "our"), based in New Zealand. For the purposes of the EU and UK General Data Protection Regulation (GDPR), we act as the data controller for personal data we determine the purposes and means of processing, and as a data processor for Customer Data we process on your behalf to provide the Services. You can reach us about any privacy matter at support@ngaio.dev.
The short version
- We collect only the data needed for the app or plugin to function.
- We do not sell, rent, or share your personal data with third parties.
- We do not run third-party advertising or analytics trackers on this site.
- Bitbucket and GitHub credentials are stored locally through IntelliJ's secure credential store.
- The Pull Request Viewer plugin talks to Bitbucket Cloud and GitHub, and, for Bitbucket OAuth only, Ngaio's lightweight token exchange proxy.
Information Pull Request Viewer uses
Bitbucket OAuth sign-in. If you connect through Atlassian OAuth, the plugin receives your Bitbucket display name, account ID, access token, and refresh token from Bitbucket.
Bitbucket repository access tokens. If you connect with a repository, workspace, or project access token, the token value is stored locally. The plugin does not request your Bitbucket display name or account ID for repository-scoped token auth.
GitHub personal access tokens. If you connect to GitHub, the personal access token you provide is stored locally and used to read pull request data for the repositories you add. The plugin attaches the token only to requests to GitHub.
Pull request data. The plugin reads PR titles, descriptions, diffs, comments, reviewers, participants, pipeline or Actions runs, and activity from Bitbucket Cloud or GitHub on your behalf. This data is displayed in IntelliJ IDEA and is not persistently stored by Ngaio.
How credentials are stored
Pull Request Viewer credentials are stored on your local machine using IntelliJ's PasswordSafe API, which delegates to your operating system's secure credential store, such as macOS Keychain, Windows Credential Manager, or a compatible Linux secret store.
Pull Request Viewer credentials are not written to plain text files by the plugin.
OAuth token exchange
For Bitbucket OAuth sign-in, Pull Request Viewer uses a lightweight OAuth proxy operated by Ngaio to perform the authorization code exchange. This keeps the OAuth client secret out of the distributed plugin binary. GitHub uses personal access tokens, which do not go through the proxy.
The proxy receives the short-lived authorization code from Bitbucket, exchanges it with Bitbucket for access and refresh tokens, and returns Bitbucket's response to the plugin. The proxy is not designed to log, store, or reuse your tokens.
External services
Pull Request Viewer communicates with Bitbucket Cloud through api.bitbucket.org and Bitbucket's OAuth token endpoint, and with GitHub through api.github.com. Atlassian's and GitHub's own privacy policies apply to data stored in those services.
Service providers and sub-processors
We use a small number of service providers to run our apps and website. They process data only on our instructions and to the extent needed to provide their service:
- Cloudflare — hosts and serves the ngaio.dev website.
The connected services you choose to use — Bitbucket and GitHub — are independent controllers of the data held in their own platforms, governed by their own privacy policies. Pull Request Viewer runs locally inside your IDE; it has no Ngaio-operated backend other than the Bitbucket OAuth token-exchange proxy described above.
International data transfers
We are based in New Zealand, and our service providers may process data in other countries, including the United States and the European Union. Where personal data is transferred across borders, we rely on the safeguards offered by those providers (such as Standard Contractual Clauses or equivalent mechanisms) and take reasonable steps to ensure your data remains protected to the standard described in this policy.
Legal bases for processing (EU/UK)
If you are in the European Economic Area or the United Kingdom, we process personal data on the following legal bases under the GDPR:
- Performance of a contract — to provide the app or service you have installed and to operate the sync and review functionality you request.
- Legitimate interests — to secure, maintain, debug, and improve our apps, and to respond to your support requests, where those interests are not overridden by your rights.
- Consent — where you have given it, for example by connecting an optional third-party service; you may withdraw consent at any time.
- Legal obligation — where we must process or disclose data to comply with applicable law.
Data sharing
We do not sell, rent, or share your personal data with third parties. We may disclose information if required by law.
Data retention and deletion
For Pull Request Viewer, credentials are stored locally, so you control their retention. To remove credentials, open Settings -> Tools -> Pull Request Viewer and sign out or clear the stored token. You can also revoke OAuth access in Bitbucket under authorized applications, or revoke the personal access token in GitHub.
Pull request content read to display in the apps is processed transiently and is not stored persistently by Ngaio beyond what is described above.
Your privacy rights
Depending on where you live, you may have rights over your personal data, including the rights to access, correct, delete, or receive a copy of it, to restrict or object to certain processing, and to withdraw consent. Where we act as a processor on behalf of a host platform or your organization, we will direct requests to the relevant controller or assist them in responding. To exercise any right, email support@ngaio.dev; we will respond within the time required by applicable law. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority. We do not sell your personal data, and we do not use it for cross-context behavioral advertising.
Cookies and fonts
The ngaio.dev website does not set advertising or analytics cookies, does not run third-party trackers, and serves its fonts from our own domain, so browsing it makes no third-party requests. Within the apps themselves, any cookies or local storage used are limited to what is necessary for the app to function.
Security
We apply reasonable technical and organizational measures to protect personal data, including encryption in transit, encryption of stored credentials, per-account data isolation, and server-side handling of secrets. More detail, and how to report a vulnerability, is in our Security Policy. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
Support messages
If you email us, we receive your email address and whatever information you include in the message. We use that information only to respond and provide support.
Children
Our apps are business and developer tools that are not intended for or directed at children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
Changes to this policy
We may update this policy when our apps or data-handling practices change. The last updated date above will reflect any changes.
Contact
Questions about privacy? Email support@ngaio.dev.