Privacy Policy

Our Commitment to Your Privacy

DevProof is committed to protecting your privacy and ensuring the security of your data. This policy explains what information we collect, how we use it, and most importantly, what we never do with your data.

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Consent: When you authorize GitHub OAuth access and agree to our terms.
• Contract: To provide the DevProof service as described in our Terms of Service.
• Legitimate Interests: For analytics to improve our service (with appropriate safeguards).

Information We Collect

Data Retention

We retain your personal data only as long as necessary:

• Active accounts: Data is retained while your account is active
• Deleted accounts: Data is deleted within 30 days of account deletion request
• OAuth tokens: Immediately invalidated upon logout or revocation
• Analytics data: Anonymized and aggregated, retained for up to 24 months

International Data Transfers

DevProof uses infrastructure providers (Vercel, Supabase) that may process data outside the EEA. These providers maintain appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data is protected in accordance with GDPR requirements.

How We Use Your Information

• DevProof Score Calculation: We use repository metadata to calculate your DevProof score based on the transparent algorithm explained in our Scoring Guide.
• Leaderboard Display: Your username, avatar, score, and verified public projects are displayed on the public leaderboard.
• Profile Pages: Your profile shows your verified projects, achievements, and optional status message.
• Public API: Your public profile data (username, avatar, score, rank, badges, tech stack, social links) is available via our public API for embedding on personal websites, GitHub README, and portfolios. Private repository information is never exposed through the API.
• Authentication: We use your GitHub OAuth token to verify repository ownership and fetch your repository list.
• Service Improvement: Anonymous usage analytics help us improve DevProof features and performance.

Data Security

We implement industry-standard security measures to protect your data:

• OAuth tokens are encrypted and stored securely via Supabase
• All data transmission uses HTTPS encryption
• Database access is protected with Row Level Security (RLS) policies
• We follow the principle of least privilege for data access
• Regular security audits and updates

Your Rights and Control

You have full control over your data:

• Privacy Controls: Choose whether to display private repository names publicly on your profile. Private repositories with "Show name" disabled will not appear on the Projects leaderboard or show their names anywhere on the platform.
• Data Access: View all your stored data via your profile page
• Data Export: Request a copy of all your data in JSON format
• Data Deletion: Contact us to request account and data deletion at any time
• OAuth Revocation: Revoke DevProof's GitHub access anytime through your GitHub settings
• Project Management: Add or remove verified projects from your profile at will
• Cookie Preferences: Manage cookie consent via the banner or by clearing browser cookies

Third-Party Services

DevProof uses the following trusted third-party services:

• GitHub: For OAuth authentication and public repository data (via GitHub API)
• Supabase: For secure database storage and authentication management
• Vercel: For hosting, deployment, and analytics
• ipapi.co: For IP-based country detection during login (no precise location data collected)

Each of these services has their own privacy policies, and we recommend reviewing them.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page. Continued use of DevProof after changes indicates acceptance of the updated policy.