GitHawk requests a GitHub OAuth token with the repo, user, and notifications scopes. According to the GitHub documentation, these scopes allow read/write access to profile information, read access to the authenticated user's notifications, and read/write access to code and commit messages for all public and private repositories to which the authenticating user has access.

By using OAuth, GitHawk avoids needing to store any passwords on the device or in the cloud.

GitHawk stores an OAuth session token on the device in order to maintain the user's OAuth session across multiple runs of the app. This token has an expiry and is never uploaded to any servers.

GitHawk stores some repository information on the device, including source code, pull request contents, and issue contents. This information is stored for the purpose of speeding up the app's user experience and reducing the number of redundant calls it needs to make to the GitHub API. Source code and other information downloaded using the repo OAuth scope is never uploaded to any servers.

GitHawk reads source code from repositories only in the form of pull request diffs. Git patches, which contain multiple versions of relevant source code snippets, are read via GitHub API requests when the user asks to read the code corresponding to a given pull request. GitHawk does not read repo source code at any other time.

GitHawk does not clone Git repositories for any reason. All repo-specific information is acquired via OAuth-authenticated requests to the GitHub API.

GitHawk writes to repositories only at the user's request. This includes actions like commenting on an issue or merging a pull request. GitHawk never writes to repositories without some explicit form of user confirmation immediately preceding the action.

GitHawk does not upload any information gathered via the GitHub API to third-party servers.

Logs are kept locally on the device for the purpose of debugging.