Privacy Policy

Last updated: December 2025

Our Commitment to Your Privacy

DevProof is committed to protecting your privacy and ensuring the security of your data. This policy explains what information we collect, how we use it, and most importantly, what we never do with your data.

What We Never Do With Your Data

  • We never sell your data. Your repository information, code, activity, or any other personal data is never sold to third parties for any purpose.
  • We never leak or share your private repositories. Private repository names are only visible to you unless you explicitly choose to display them publicly via the "Show repository name publicly" option.
  • We never access your code. We only use publicly available GitHub API metadata (stars, forks, languages, README quality) and never read or store your actual source code.
  • We never share your data with advertisers. DevProof does not run advertisements or share user data with advertising networks.

Information We Collect

From GitHub OAuth

  • GitHub username
  • Email address (primary)
  • Profile avatar URL
  • GitHub user ID
  • OAuth access token (stored securely, used only for fetching your repositories)

From Public GitHub API

  • Repository names (only for verified projects you choose to add)
  • Repository metadata (stars, forks, language, creation date, last update date)
  • README content (analyzed for quality scoring only, not stored)
  • Repository visibility status (public/private)

Location Data

  • Country of origin (detected via IP address during login using ipapi.co service)
  • Used only for country leaderboards and profile display
  • No precise location data is collected or stored

Usage Data

  • Project verification timestamps
  • DevProof score calculations and history
  • User status updates (optional, set by you)
  • Tech stack (aggregated from your project languages)
  • Social links (Twitter, LinkedIn, personal website - optional, set by you)

How We Use Your Information

  • DevProof Score Calculation: We use repository metadata to calculate your DevProof score based on the transparent algorithm explained in our Scoring Guide.
  • Leaderboard Display: Your username, avatar, score, and verified public projects are displayed on the public leaderboard.
  • Profile Pages: Your profile shows your verified projects, achievements, and optional status message.
  • Public API: Your public profile data (username, avatar, score, rank, badges, tech stack, social links) is available via our public API for embedding on personal websites, GitHub README, and portfolios. Private repository information is never exposed through the API.
  • Authentication: We use your GitHub OAuth token to verify repository ownership and fetch your repository list.
  • Service Improvement: Anonymous usage analytics help us improve DevProof features and performance.

Data Security

We implement industry-standard security measures to protect your data:

  • OAuth tokens are encrypted and stored securely via Supabase
  • All data transmission uses HTTPS encryption
  • Database access is protected with Row Level Security (RLS) policies
  • We follow the principle of least privilege for data access
  • Regular security audits and updates

Your Rights and Control

You have full control over your data:

  • Privacy Controls: Choose whether to display private repository names publicly on your profile. Private repositories with "Show name" disabled will not appear on the Projects leaderboard or show their names anywhere on the platform.
  • Data Access: View all your stored data via your profile page
  • Public API Access: Your public profile data is accessible via our public API endpoints. See our API Documentation for details on what data is available.
  • Data Deletion: Contact us to request account and data deletion at any time
  • OAuth Revocation: Revoke DevProof's GitHub access anytime through your GitHub settings
  • Project Management: Add or remove verified projects from your profile at will
  • Social Links: Optionally add or remove Twitter, LinkedIn, and personal website links from your profile

Third-Party Services

DevProof uses the following trusted third-party services:

  • GitHub: For OAuth authentication and public repository data (via GitHub API)
  • Supabase: For secure database storage and authentication management
  • Vercel: For hosting and deployment
  • ipapi.co: For IP-based country detection during login (no precise location data collected)

Each of these services has their own privacy policies, and we recommend reviewing them.

Transparency & Open Source

DevProof believes in transparency. Our scoring algorithm is publicly documented in the Scoring Guide, and we're committed to being open about how we handle your data. We encourage security researchers to report any vulnerabilities responsibly.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page. Continued use of DevProof after changes indicates acceptance of the updated policy.

Questions or Concerns?

If you have any questions about this privacy policy or how we handle your data, please contact us directly via contact@devproof.dev.