We request access to your repositories so we can access your GitHub Issues (which we transform into cards on your repository's Waffle board). Unfortunately GitHub's OAuth API doesn’t allow us to request access only for Issues at this time -- we have to request read/write access to your code to interact with Issues. We’ll only request access for public repositories when possible. Read more about GitHub’s OAuth scope options here: GitHub's OAuth API
If/when GitHub supports Issues only access, we’ll change Waffle to limit our permissions appropriately.
GitHub's public and private repo scopes include access to both personal and organization repositories. Do note that GitHub organizations have third party restrictions enabled by default, and Waffle will not be authorized/given access to organization data for organizations with these restrictions enabled until approved by an administrator of the org.
If your organization does not have third party application restrictions enabled and you are concerned about giving Waffle access to organization repositories with sensitive information, you might suggest having your organization disable third party applications, enabling you to use Waffle for personal, non-organization use. Read more about Third Party Application Restrictions
We also have an on-premises version of Waffle available for GitHub.com organizations with strict security restrictions and for users of GitHub Enterprise. Contact us to find out more about our on-premises solution.