Privacy Policy

Repodin acts as the controller for personal data related to its own service users. For privacy matters, you can contact us at privacy@repodin.com. In education use cases, the institution will typically act as the controller for student data and Repodin as the processor. In that case, the institution is responsible for its own student-facing privacy information and legal basis.

We process the following categories of data: - account and profile data such as name, email address, role and account settings - consent and audit data such as granted consents, timestamps, IP address and browser/device environment data - usage and log data such as sign-ins, security logs and service events - analysis data such as GitHub repositories, AI analysis results, reports and feedback - optional user-provided data such as LinkedIn and CV data - landing-page analytics data such as hashed identifiers, page paths, referrers and UTM parameters

We process personal data to provide the service, manage user accounts, generate analyses, maintain security, provide customer support and comply with legal obligations. The legal basis may be: - contract, when we deliver the service you requested - consent, when we process optional data or non-essential analytics - legitimate interest, when we secure the service, prevent misuse or handle support requests - legal obligation, when we must retain or disclose data under applicable law

We use essential identifiers for sign-in, session handling and storing consent choices. We also use first-party analytics only when the user has granted analytics consent. Landing-page analytics is handled through our own endpoints. We do not currently use Google Analytics, Meta Pixel or similar third-party marketing trackers on our public pages.

We use service providers for hosting, authentication, database operations, email delivery and AI processing. These may include providers such as Supabase, Vercel, GitHub, Resend and the AI model provider in use. If data is transferred outside the EU/EEA, we use appropriate safeguards such as Standard Contractual Clauses and assess transfer risks case by case.

We retain data only for as long as needed to provide the service, maintain security, fulfil contractual obligations or comply with legal requirements. Users can request a data export or account deletion. Some data may need to be retained longer for security, accounting or legal claims handling.

You have the right to access your data, request rectification, object to processing in certain situations, restrict processing, request erasure and receive your data in a portable format. You can manage consent choices in the service privacy settings. Data subject requests can be sent to privacy@repodin.com. We aim to respond without undue delay and within the time limits required by GDPR.

We update this notice when the service, data flows or legal requirements change. Material changes will be communicated in the service or by another appropriate means before they take effect.