Task Assistant Privacy Policy
This policy describes how the Task Assistant GitHub App (“Task Assistant”, “the App”) handles data. Task Assistant is published by Automated Assistant Systems Incorporated (“AAS”, “we”, “us”).
- No PAT usage: Task Assistant does not request, use, or store personal access tokens.
- GitHub App authentication: Task Assistant uses GitHub App installation tokens.
- Telemetry separation: Telemetry is written to a dedicated repository configured by the installer, not the host repository.
1. Data we process
Task Assistant processes GitHub data necessary to perform automation in repositories where the App is installed. Examples include:
- Repository metadata (owner/repo identifiers, configuration files used by the App)
- Issue and pull request metadata required to execute configured workflows
- Labels, milestones, and workflow execution metadata for deterministic automation
- GitHub App installation identifiers and associated permissions
2. Data we do not collect
- Personal access tokens (PATs)
- GitHub passwords or user credentials
- Private keys belonging to end users
- Non-GitHub platform data (unless explicitly integrated in a future feature set and disclosed)
3. Authentication (no PATs)
Task Assistant authenticates using GitHub App installation tokens. These tokens are short-lived and scoped to the permissions granted during installation. Task Assistant does not rely on PATs.
4. Telemetry and separation architecture
Task Assistant emits operational telemetry (execution events, validation results, diagnostics) for auditability and support.
- Telemetry destination: a dedicated telemetry repository configured by the installer.
- Host repository: Task Assistant avoids writing telemetry into the host repository.
- Purpose: debugging, audit trails, deterministic execution verification, and support.
5. Retention and deletion
Telemetry retention is controlled by the repository owner. Telemetry remains in the configured telemetry repository until removed by the owner (or according to the owner’s retention policies).
6. Sharing
We do not sell telemetry data. Telemetry is written to repositories controlled by the installer. We may ask you to share specific telemetry entries when troubleshooting, but you control what you share.
7. Security
- Least-privilege GitHub App permissions
- Scoped, short-lived installation tokens
- Deterministic and auditable execution model
8. Contact
For privacy questions, contact support@automatedassistantsystems.com.