Is it acceptable to add privacy-respecting analytics to my open-source GitHub repo?

[RyukLovesApples]

Select Topic Area

Question

Body

I’ve noticed something odd — every time I merge a pull request on my project, it gets cloned 15–25 times, but the GitHub Traffic page shows only one unique viewer (which is me). So I’m wondering:

• Are actual people or employers cloning and running it locally without hitting my tracking page?
• Or are bots or automated scripts (maybe for ML) doing all that cloning?

To get some answers, I’m working on a lightweight, privacy-friendly analytics setup:

Add an invisible pixel in the README that triggers a URL request when rendered, extracting:

• Sanitized and encrypted user-agent
• Geo country and region via GeoIP (IP addresses are never saved)
• No personal or IP data stored

This should help me see if the README is rendered locally or accessed by automated scripts.

Add app usage counter directly in app that logs only one entry per day without any user identifiers — just a basic count of how many times the app is run.

A separate script that logs into my GitHub account, takes a screenshot of my traffic page, and extracts usage data via OCR (Tesseract), to correlate clone activity with actual usage.

I’m doing this mainly out of curiosity and to learn. Does anyone know if this kind of tracking is acceptable with GitHub’s terms?

Thanks in advance!

[PedrCruz19]

Yes—so long as you’re transparent, data‑minimal, respect rate‑limits, and comply with GitHub’s Privacy Statement and TOS (particularly Sec 8 of the Acceptable Use Policies), you’re free to add lightweight, privacy‑respecting analytics to your open‑source repo. Just be sure you’re not inadvertently harvesting or storing anything that could identify an individual user against their will, and that you’re giving people a clear opt‑out.

check: https://docs.github.com/en/site-policy/acceptable-use-policies/github-acceptable-use-policies and https://docs.github.com/en/site-policy/github-terms/github-terms-of-service?utm_source=chatgpt.com

[RyukLovesApples]

Thanks a lot, @PedrCruz19.
I’ll keep the invisible pixel in the idea bin — I like the concept, but not the practice. It feels unsettling that someone could visit my page and have data extracted without doing anything actively (your point about a clear opt-out really)