Privacy
Last updated: 2026-05-06
GitRace is a fun project. This page explains what data the site collects and what it does with that data, in plain English.
What GitRace collects
- The display name you type when you submit a score. Names appear on the public leaderboard.
- Your game stats for each submitted run: score, time, pipes passed, combo, character, difficulty, and the GitHub repo slug you played.
- A one-way HMAC-SHA-256 hash of your IP address, used only on the server to enforce the per-IP rate limit (10 submissions and 60 repo lookups per hour). The raw IP is never written to storage. The hash is salted with a server-only secret so it cannot be reversed via a precomputed lookup table.
- Anonymous page-view counts via Cloudflare Web Analytics. No cookies, no fingerprinting, no cross-site tracking.
What GitRace does NOT collect
- No accounts, no passwords, no email.
- No advertising IDs, no third-party trackers, no marketing cookies.
- No data on which repos you browse on github.com or anywhere else.
- No microphone, camera, or location access.
Where the data lives
Public scores and the curated repo cache live in Google Firestore. Server-only metadata (the hashed IP, your one-time game session id) is in a sibling collection that no client can read; it auto-deletes after 90 days via Firestore TTL.
GitHub data
When you load a track, GitRace fetches public repository metadata (file tree, sizes, default branch) from GitHub's public REST API on the server. Only public repos are supported; private repos are out of scope. The fetched analysis is cached for an hour to avoid hammering GitHub's rate limit.
Children
GitRace is not directed at children under 13. The site does not knowingly collect personal information from children. The display name is the only user-supplied identifier and it is filtered for profanity before posting.
Contact
For takedowns or privacy questions, please open an issue on the project repository.