Buzz reads and lists:

Buzz does not store, read or access any of your source code and the aforementioned data is never stored on Buzz servers.

To read and list the aforementioned data Buzz request the following GitHub permissions:

Read-only access to metadata

This permission is mandatory for all GitHub Apps when listing repositories or pull requests. It is used by Buzz to list basic information about your organization’s repositories without accessing their contents. To be specific, Buzz lists the names and URLs of your repositories so that you would be able to see them directly in Buzz.

Read-only access to Pull requests

This permission is needed to list open pull requests within your organization without accessing their contents. To be specific, Buzz reads names, statuses (approved, changes requested, etc.), authors, timestamps (date of creation and update) and URLs of your open pull requests so that you would be able to see them directly in Buzz.

Read-only access to Issues

This permission is needed to show a notification when a new comment is added in one of your pull request.

<aside> 💡 GitHub Apps have the Read-only metadata permission by default. The metadata permission provides access to a collection of read-only endpoints with metadata for various resources. These endpoints do not leak sensitive private repository information.

</aside>

GitHub Access Token

Buzz is fully compliant with the OAuth authentication flow of GitHub. When the GitHub app is installed on the organization and user connects their GitHub accounts, we receive a user access token that we’re storing in the database, encrypted and protected by firewalls, for each user. The access token may be used to get pull requests and may be revoked at any time by the user by uninstalling the GitHub app from their profile or organization. We’re not storing any user data other than the token.