I’m one of the owners of a very large organization, many of whom focus on privacy issues. GitHub members can express several privacy preferences as relates to identity on GitHub:
- They can choose to not have their email address displayed publicly.
- They can choose to be a private member of an organization.
When a GitHub App (or OAuth app) requests access to org membership and email addresses, how are these privacy preferences handled?
Assuming that GitHub does not filter or proxy for those members, are the preferences passed on in the data to the external app?
If the preference is passed on to the external app, is there any text which states the app author is bound to honor such preferences?
P.S. I originally thought this question was linked to org permissions, but they are not.