Privacy Policy

1. Information We Collect

When you create an account, we collect your name, email address, and profile information from your OAuth provider (GitHub or Google). When you complete assessments, we collect behavioral telemetry from the MCP server including tool calls, edit patterns, and session timing.

We do not access, store, or transmit your source code. The MCP server observes workflow patterns only.

2. How We Use Your Information

• Generate and display your GoShip score across four dimensions
• Provide assessment results and score reports
• Enable employers to discover and evaluate candidates (with your consent)
• Improve our scoring algorithms and challenge quality
• Send transactional emails (assessment results, bounty awards)

3. Data Sharing

Your public profile and scores are visible to employers who have an active GoShip organization. You control what appears on your public profile through your settings.

We do not sell your personal data. We may share anonymized, aggregated data for research purposes.

4. Data Security

All data is encrypted in transit (TLS 1.3) and at rest. Assessment telemetry is processed in isolated environments and stored in our Neon Postgres database with row-level security. We conduct regular security reviews and follow OWASP best practices.

5. Your Rights

• Access and export your data at any time from Settings
• Delete your account and all associated data
• Opt out of employer visibility
• Request correction of inaccurate data

6. Cookies & Analytics

We use essential cookies for authentication and session management. We do not use third-party advertising trackers. We may use privacy-respecting analytics to understand usage patterns.

7. Contact

For privacy-related questions, contact us at privacy@goship.tech.