Version: 0.1.0 (Draft) | Last Updated: 2025-11-16
CodePals.io is a developer growth and mentorship network. We collect the minimal data necessary to enable connections, context‑rich help requests, and safe community interaction. We do not sell personal data.
This policy covers data processed through the CodePals.io platform (website/app), repositories, and integrated authentication (e.g., GitHub OAuth). Future scholarship program data will be governed by an extension of this policy before activation.
| Category | Purpose | Notes |
|---|---|---|
| Account Identifiers (e.g., GitHub username) | Authentication, profile linking | OAuth only; no passwords stored |
| Profile Metadata (optional: bio, interests, technologies) | Matchmaking & mentorship discovery | User‑provided; editable or removable |
| Connection Graph (who you follow or mentor) | Enable personalized interactions | Stored as relationships, no public exposure of private links |
| Help Requests (content + context tag: work/school/self‑development) | Facilitate targeted assistance | Users instructed not to include confidential data |
| Activity Events (timestamps of posts, edits) | Abuse detection & rate limiting | Minimal operational metadata |
| Logs (non‑PII; request IDs, error traces) | Reliability & security monitoring | No sensitive payloads |
| Scholarship Application Data (future) | Case‑by‑case review | Collected only post program launch (separate policy addendum) |
We intentionally avoid collecting: precise location, unrelated demographic profiling, behavioral tracking across third‑party sites.
- Legitimate interest: Operating a mentorship and growth platform.
- Consent: Optional profile fields, help request posting.
- Contract: Providing requested platform functionality. (Refinements for jurisdictional compliance will be added—TBD.)
All new data categories require justification and governance review. Any proposal must specify retention, security, and privacy risk.
| Data Category | Draft Retention | Status |
|---|---|---|
| Account Identifiers | While account active | Confirm |
| Connection Graph | While account active or until removal | Confirm |
| Help Requests | Until user deletes or global archival (TBD max 2 years) | NEEDS DECISION |
| Logs | 30 days (operational) | Confirm |
| Scholarship Data (future) | Duration of evaluation + required reporting period (TBD) | NEEDS DECISION |
Retention decisions marked NEEDS DECISION will be finalized before production launch.
- No secrets in code or logs.
- Least privilege access to storage & keys.
- Dependency and secret scanning enforced.
- Potential future encryption-at-rest for sensitive scholarship data.
Users may request: access, correction, deletion of profile and help requests. Email privacy@codepals.io (placeholder) or use future in‑app controls. Data export functionality planned post MVP.
Currently limited to essential session management (if any). No cross‑site advertising or behavioral tracking. Any future analytics will be aggregated, anonymized, and documented.
Platform not intended for users under 13. Accounts determined to violate this will be removed pending guardian contact procedure (to be documented).
- GitHub OAuth: handles authentication; we store returned identifiers only.
- Cloud Hosting & Key Vault: credential storage; no direct user personal data beyond account IDs.
We do not voluntarily disclose personal data except:
- Legal compliance (narrowly scoped)
- Security investigations (minimal necessary data)
- Scholarship reporting (aggregate, anonymized) once program active.
Material privacy incident will trigger public summary within 72h of containment (aligned with constitution governance metrics).
Material updates follow amendment workflow; version and date will increment; prior versions archived.
privacy@codepals.io (placeholder) | security@codepals.io (placeholder) | conduct@codepals.io (placeholder)
- Finalize help request retention threshold.
- Define scholarship data fields & retention.
- Implement user self‑service export & deletion.
This is a draft and may evolve prior to production launch.