Privacy Policy

Last updated: February 20, 2026

What Brag Frog is

Brag Frog is an open-source, self-hosted brag document tool. Each organization runs its own instance. This policy covers the Brag Frog software and any instance operated by the project maintainers.

Data we collect

When you sign in with Google, we receive and store:

• Name and email address — from your Google account, used for authentication
• Profile photo URL — displayed in the app header

When you use the app, we store:

• Entries you create — manual entries and synced work items (titles only from external services)
• Goals and key results — that you define
• API tokens — encrypted with AES-256-GCM before storage
• AI-generated summaries — self-review drafts you generate

Data we do NOT collect

• No analytics or tracking
• No cookies beyond the session cookie for authentication
• No PR/issue body content — only titles are synced from external services
• No data is shared with third parties

Where data is stored

All data is stored in a SQLite database on the server running the Brag Frog instance. API tokens are encrypted at rest with AES-256-GCM using per-user derived keys. The database is controlled by the organization operating the instance.

Third-party services

• Google OAuth — used for sign-in. Google receives standard OAuth flow data (redirect URI, scopes). See Google's Privacy Policy.
• Anthropic API — if you configure an API key for AI summaries, your entry titles are sent to Anthropic's API to generate self-review drafts. See Anthropic's Privacy Policy.
• External sync services (GitHub, Jira, etc.) — the app connects to these using tokens you provide, fetching only titles and metadata.

Data deletion

You can delete your data at any time:

• Delete individual entries, goals, or key results from the UI
• Delete an entire performance cycle (cascades to all its data)
• Reset integration tokens from Settings

For complete account deletion, contact the administrator of your Brag Frog instance.

Self-hosted instances

If your organization self-hosts Brag Frog, the instance operator controls all data. This policy applies to the software's default behavior. Your organization may have additional policies.

Contact

For privacy questions, open an issue on GitHub.