What miniCTO stores about you.

Last updated · 2026-06-12

Short version: miniCTO stores what you say to it (so it can remember the conversation), the GitHub repos you ask it to clone (so it can read your code), and the Slack identifiers that make routing work. We don't sell anything, don't profile you, don't share data with advertisers, and you can ask us to delete everything by uninstalling — or by writing to us.

1. Who runs this

miniCTO is a Slack app operated by Aric Zhang (cz2440@columbia.edu). This page describes how the service handles data you send through it. If something here is unclear, email and ask.

2. What we collect

Workspace metadata (always)

Field	Why
team_id, team name	To route messages back to your Slack workspace.
Installer's user_id	To know whose OAuth grant authorizes the install.
OAuth bot token	Required to post messages on behalf of miniCTO.
Scopes granted	Slack tells us which permissions we have.

Conversation content (when you talk to miniCTO)

Field	Why
Message text you send to the bot	To answer you. Stored so the agent can remember context across turns.
Message text the bot sends back	For audit and debugging.
Sending user's user_id	To distinguish who said what.
Channel and thread identifiers	To scope memory to the channel and continue the right thread.
Slack message timestamps	Needed to update or thread our replies.

We do not read messages in channels miniCTO isn't a member of, and we do not subscribe to message.channels events for channels they haven't been invited to. The app only sees what Slack delivers, which is gated by the bot's channel membership and the scopes you granted.

Code you ask us to look at

Field	Why
GitHub URLs you paste	Stored as a per-channel allowlist so the agent can clone them.
Cloned repository contents	Stored under slack/<team>/<channel>/<repo>/ on our server while the channel is active.
Files the agent reads or writes	Stay in that channel's folder. Not uploaded anywhere.

3. What we do not collect

• Your email or contact info, unless you give it to us directly.
• Messages in channels miniCTO isn't a member of.
• Slack DMs that don't involve miniCTO.
• Any personal information beyond what Slack passes via the OAuth flow.
• Web tracking cookies, fingerprints, or analytics SDKs on this site or in the app.

4. Who else sees your data

To do its job, miniCTO sends parts of your conversation to two third parties:

Service	What we send
Anthropic (LLM provider)	The agent's prompt — which includes your latest message, recent context from the channel, and contents of files the agent has chosen to read — goes to Anthropic to generate the reply. Anthropic's data policy applies. Their privacy page.
GitHub	If you share a repo URL, miniCTO calls the GitHub API to clone it and to accept any pending collaborator invitation. We don't push your data to GitHub unless you explicitly ask the agent to commit or push.

We do not share your data with anyone else. No advertisers, no analytics vendors, no data brokers.

5. Where data lives

• OAuth tokens and installation records live in a PostgreSQL database on our server.
• Message logs (in/out, per channel) live in the same database.
• Cloned repos and per-channel memory files live on the server's filesystem under slack/<team_id>/<channel_id>/.
• GitHub credentials for the bot's GitHub identity live in a file readable only by the service user (chmod 600) and are injected into git processes at runtime — they never enter URLs, repo metadata, or anything the language model can read.

6. How long we keep things

• While installed: tokens, message logs, cloned repos, and memory stay around so the agent can remember context. There's no scheduled deletion during normal operation.
• When you uninstall: we revoke the OAuth tokens with Slack immediately, then delete cloned repos, message logs, and per-channel memory for that workspace from our database and filesystem in the same transaction. There is no soft-delete or grace period.
• If you uninstalled via Slack's UI rather than our admin: ping us at cz2440@columbia.edu with your team ID and we'll do the same wipe within 48 hours. (We're working on auto-detecting uninstall events to make this automatic.)

7. Your controls

• Uninstall any time via Slack's Manage apps page — this revokes the OAuth grant and starts the deletion clock.
• Remove the bot from a channel to stop it receiving messages there.
• Delete a specific cloned repo or allowlist entry via our admin panel (workspace admins only).
• Request a copy of what we have about your workspace — email us.

8. Security

miniCTO runs on a single-tenant server we operate. Standard hardening: HTTPS-only with Let's Encrypt certificates, internal services on loopback, secrets in 600-permission files. The Slack signing secret verifies that incoming events are genuinely from Slack. Per-channel sandboxing prevents the agent from accessing data outside the conversation in front of it.

No service is perfectly secure. If you find a vulnerability, please email cz2440@columbia.edu rather than posting publicly, and we'll work with you on disclosure.

9. Children

miniCTO is a workplace tool not intended for users under 16. We don't knowingly collect data from minors.

10. International transfers

Our servers are in mainland China. When you send a message that goes to Anthropic (US-based), or when miniCTO calls GitHub (US-based), data crosses borders. By using miniCTO you're consenting to that.

11. Changes to this policy

We'll update this page when something changes. Material changes (new third parties, new categories of data, retention changes) will be announced via DM in any active installation at least 14 days before they take effect.

12. Contact

Email: cz2440@columbia.edu
Subject: [miniCTO privacy] <your question>