Privacy Policy

Account and employer data

• We collect account data such as name, email address, password credentials handled by Supabase Auth, role, and session information.
• For employers, we collect company name, optional website, job titles, job descriptions, qualifications, location, remote status, and employment type.
• Open job information and employer company names may be visible to authenticated users so students can browse and apply.

GitHub data

• When a student connects GitHub, Truen stores GitHub identity data such as user id, username, display name, avatar URL, installation id, and connected timestamp.
• For repositories authorized through the GitHub App, Truen syncs repo names, descriptions, languages, public/private status, pushed dates, topics, fork signals, issue counts, contributor counts, and related metadata.
• For selected repositories, Truen may store commit messages, author names/logins, authored dates, pull request titles and bodies, issue titles and bodies, selected file paths, selected code file contents, and selected markdown documentation.
• Truen does not clone or mirror full repositories, but it does store bounded file samples and derived evidence needed for analysis.

Generated profile and application data

• Truen stores generated repo insights, Truen Profile JSON, evidence references, code snippets, weaknesses, flags, limitations, interview questions, and qualification fit assessments.
• When a student applies, Truen stores the job, company name, applicant name, GitHub username, profile snapshot, profile version, and application timestamp.
• Employers can record review statuses such as reviewed, shortlisted, or rejected. These statuses are employer-managed and are not automated Truen decisions.

AI and service providers

• Truen may send selected repository evidence and generated signals to AI service providers, including OpenAI, to create profiles and qualification assessments.
• Truen uses service providers such as Supabase, GitHub, OpenAI, Vercel, and any future vendors listed on the Subprocessors page.
• Data may be processed in the locations where those providers operate. Review their terms and data-processing commitments before launch.

Sharing with employers

• A student profile is private by default and shared with an employer when the student applies to that employer job.
• Employers receive the frozen profile snapshot, applicant name where available, GitHub username where available, and any employer-generated qualification analysis for their own jobs.
• Employers do not receive raw repository access through Truen, but profile evidence may include file paths, commit message samples, repo names, interpretations, and selected code snippets.

Retention, deletion, and correction

Truen is still adding formal deletion, export, GitHub disconnect, and correction workflows. Until those flows are implemented, do not promise immediate deletion or export beyond what the product supports. Students should have a way to request correction or removal before public launch.

Security

Truen uses server-side access controls and Supabase row-level security for sensitive data. No internet service can guarantee perfect security, and private repository evidence should be treated as sensitive.