Privacy
oc-oxide privacy notes
oc-oxide is designed so GitHub profile synchronization does not require GitHub to receive VPN credentials or readable VPN profile contents.
GitHub sync data
The planned GitHub integration stores encrypted profile files in a user-selected private repository. Profile content is encrypted locally before upload. GitHub receives ciphertext and normal repository metadata such as commit history, timestamps, file names, and account activity.
Data not stored in GitHub
oc-oxide does not store VPN passwords, OTP values, session cookies, private keys, client certificate passphrases, router credentials, or daemon tokens in GitHub profile synchronization.
GitHub tokens
GitHub access and refresh tokens should be stored in the operating system keyring, not in profile files. If authorization expires or is revoked, oc-oxide will require a fresh GitHub sign-in before syncing.
Local data
Local profile configuration lives on the user's device. Device-specific route, DNS, daemon, and network backend settings should stay local because they can differ between Linux, macOS, Windows, and individual networks.
Diagnostics
oc-oxide should not upload diagnostics or logs automatically. Any diagnostic bundle sharing should be an explicit user action and should redact secrets before export.