Privacy Policy
Last updated: June 27, 2026
1. Controller and contact details
Repodin acts as the controller for personal data related to its own service users. For privacy matters, you can contact us at privacy@repodin.com.
In education use cases, the institution will typically act as the controller for student data and Repodin as the processor. In that case, the institution is responsible for its own student-facing privacy information and legal basis.
2. Categories of personal data we process
We process the following categories of data:
- account and profile data such as name, email address, role and account settings
- consent and audit data such as granted consents, timestamps, IP address and browser/device environment data
- usage and log data such as sign-ins, security logs and service events
- analysis data such as GitHub repositories, AI analysis results, reports and feedback
- optional user-provided data such as LinkedIn and CV data
- landing-page analytics data such as hashed identifiers, page paths, referrers and UTM parameters
3. Purposes of processing and legal basis
We process personal data to provide the service, manage user accounts, generate analyses, maintain security, provide customer support and comply with legal obligations.
The legal basis may be:
- contract, when we deliver the service you requested
- consent, when we process optional data or non-essential analytics
- legitimate interest, when we secure the service, prevent misuse or handle support requests
- legal obligation, when we must retain or disclose data under applicable law
4. Cookies and tracking
We use essential identifiers for sign-in, session handling and storing consent choices. We also use first-party analytics only when the user has granted analytics consent.
Landing-page analytics is handled through our own endpoints. We do not currently use Google Analytics, Meta Pixel or similar third-party marketing trackers on our public pages.
5. Recipients and processors
We use the following sub-processors to deliver the service. Each has a Data Processing Agreement in place and, where applicable, Standard Contractual Clauses (SCCs) for transfers outside the EU/EEA.
Infrastructure:
- Supabase (Supabase Inc., US) — database, authentication and file storage; data stored in EU (Frankfurt)
- Vercel (Vercel Inc., US) — web application hosting; EU region (Frankfurt); SCCs
- Railway (Railway Corp., US) — background workers and queue processing; EU region; SCCs
Communication:
- Resend (Resend Inc., US) — transactional email; SCCs
Payments:
- Stripe (Stripe, Inc., US) — payment processing and subscriptions; SCCs
Authentication and data source:
- GitHub / Microsoft (GitHub Inc., US) — OAuth and repository API; SCCs via Microsoft DPA
AI analysis (data sent only when you trigger an analysis; not used for model training):
- Anthropic (US) — Claude models; SCCs
- OpenAI (US) — GPT models; SCCs
- Google (US) — Gemini models; SCCs
- Mistral AI (Mistral AI SAS, EU/France) — Mistral models; EU company, no transfer
Optional features:
- ProxyCurl (Nubela Pte. Ltd., Singapore) — LinkedIn profile enrichment with explicit consent; SCCs
Full sub-processor list: docs/compliance/sub-processors.md or privacy@repodin.com.
6. Retention
We retain data only for as long as needed to provide the service, maintain security, fulfil contractual obligations or comply with legal requirements.
Users can request a data export or account deletion. Some data may need to be retained longer for security, accounting or legal claims handling.
7. Your rights
You have the right to access your data, request rectification, object to processing in certain situations, restrict processing, request erasure and receive your data in a portable format.
You can manage consent choices in the service privacy settings. Data subject requests can be sent to privacy@repodin.com. We aim to respond without undue delay and within the time limits required by GDPR.
You may also lodge a complaint with a supervisory authority:
Office of the Data Protection Ombudsman (Finland) — tietosuoja@om.fi | tietosuoja.fi
8. Updates to this policy
We update this notice when the service, data flows or legal requirements change. Material changes will be communicated in the service or by another appropriate means before they take effect.
9. Automated analysis and AI
We use artificial intelligence to analyze code and generate skills reports when you request an analysis in the service. AI outputs are informational — they are not legal, financial or career advice.
In developer and portfolio use, we do not make solely automated decisions with legal or similarly significant effects (for example, automated hiring decisions). Employers may use public portfolio links at their own discretion.
More about our AI systems: /legal/eu-ai-act
© 2026 Repodin • privacy@repodin.com