← Back to specgit

specgit trust center

Approving specgit for your organization

Someone on your team asked to use specgit — a visual editor for the Markdown and HTML docs already stored in your GitHub repositories. Saves are commits, comments are pull request review threads, and publishing is a merge. This page covers what approving the specgit GitHub App actually grants, so you can review it in one sitting.

What you're approving

A GitHub App installation on your organization, limited to the repositories you select — you can start with a single docs repo. Members then sign in with their own GitHub accounts, so every edit and comment is attributed to the person who made it; specgit adds no separate accounts or passwords. You can change the repository grant or uninstall at any time from your organization's GitHub settings, which revokes all access immediately.

The exact permissions, and why

The App requests four fine-grained permissions, only on the repositories granted to the installation:

  • Contents

    Read & write

    Read the Markdown and HTML files people open, and save their edits back as ordinary git commits on review branches.

  • Pull requests

    Read & write

    Open a pull request for each draft, post review comments, and merge when someone publishes.

  • Issues

    Read & write

    Post and read the discussion comments on those pull requests (GitHub serves PR-level comments through its issues API).

  • Metadata

    Read-only

    List the repositories the installation grants — the mandatory baseline permission for every GitHub App.

The installation cannot

  • change repository settings, branch protections, or webhooks
  • manage collaborators, teams, deploy keys, or invitations
  • reach any repository outside the ones the installation grants
  • keep a copy of your documents — they stay in your repository

Where your data lives

  • Documents and comments stay in your GitHub repository — specgit reads them to render the editor and writes back through commits and pull requests, without keeping a long-term copy.
  • Access tokens are short-lived, stored encrypted for active sessions only, and revoked at GitHub on sign-out.
  • No product analytics, ad tracking, or third-party tracking scripts. Operational logs are metadata only (never document content) and are retained for up to 30 days.
  • The optional AI features run only when a user invokes them, and every AI-proposed change requires human approval; content is never used to train models. Details are on the security page.

How to approve the request

Member requests appear in your organization's GitHub settings under Settings → Third-party access → GitHub Apps, and GitHub also emails organization owners when a member requests an App. Approving lets you choose exactly which repositories the installation can reach.

Want to dig deeper?

Read the full security and data privacy overview, the Privacy Policy and Terms of Use, see pricing (free to start, no credit card), or contact support with any question before approving.