Privacy Policy

1. Information We Collect

Account Information

When you create an account using LinkedIn, we receive your name, email address, and profile photo from LinkedIn through our authentication provider (Clerk). You may optionally provide additional information such as a bio, headline, GitHub URL, skills, and credentials.

LinkedIn Profile Data

By signing in with LinkedIn, you authorize us to receive your public profile information including your name, email address, and profile photo. This data is used to create and maintain your SkillTrek.ai account. LinkedIn's own privacy policy governs what data LinkedIn shares with third-party applications.

Challenge & Submission Data

We collect the content of challenges you create and solutions you submit, including text descriptions, analysis reports, and file attachments. This data is necessary to operate the grading and leaderboard features.

AI Workspace Data

Conversations with AI models in the workspace are stored to provide continuity during challenge completion. Message content, model selections, and token usage are recorded.

Usage Data

We automatically collect information about your interactions with the platform, including pages visited, features used, and timestamps. This helps us improve the platform experience.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details directly. We retain Stripe account IDs and transaction records for payment facilitation.

2. How We Use Your Information

• Platform operation: To authenticate you, display profiles, process submissions, run AI grading, and manage leaderboards.
• AI grading: Submitted solutions are sent to AI models (via OpenRouter) for automated evaluation. Only the solution content and grading criteria are shared with AI providers.
• Payment processing: To facilitate prize pool funding and payouts through Stripe Connect.
• Communication: To send notifications about challenge updates, grading results, and prize awards.
• Platform improvement: To analyze usage patterns and improve features, performance, and user experience.
• Security: To detect and prevent fraud, abuse, and violations of our terms.
• Age eligibility: Authentication through LinkedIn ensures users meet the minimum age requirement. Additional age-based protections are applied for users under 18.

3. Data Sharing

Public Information

Your display name, profile photo, badges, and challenge participation are publicly visible only if you have opted in to leaderboard visibility. You may opt out at any time in your profile settings. Minors (users under 18) are opted out of public leaderboard visibility by default.

Challenge Creators

Employers who create challenges can view submissions and scores of participants in their challenges.

Third-Party Services

• LinkedIn: Authentication via OAuth (Sign In with LinkedIn).
• Clerk: Authentication management and user session handling.
• Supabase: Database hosting and file storage.
• OpenRouter: AI model access for workspace conversations and grading.
• Stripe: Payment processing for prize pools and payouts.
• Vercel: Platform hosting and deployment.

We do not sell your personal information to third parties. Data shared with service providers is limited to what is necessary for their function.

Opportunity Matching

Only with your explicit, affirmative consent, your rankings and analysis work may be shared with third parties in anonymized form for career opportunity matching. This feature requires you to opt in through your profile settings. You may withdraw consent at any time, and we will cease sharing your data with new third parties within 30 days of withdrawal.

Users under 18: Opportunity matching and third-party data sharing are not available to users under 18, regardless of parental consent status.

4. AI-Specific Privacy Considerations

• Your submissions are processed by AI models for grading. These models are accessed through OpenRouter and may be hosted by various AI providers (Anthropic, OpenAI, Google).
• AI workspace conversations are stored in our database and are not shared beyond the grading process.
• We do not use your submissions or conversations to train AI models.
• Grading results and AI-generated feedback are stored and may be visible to challenge creators.

5. Data Retention

• Account data: Retained as long as your account is active. Deleted upon account deletion request.
• Submissions & grades: Retained for the lifetime of the challenge and for historical leaderboard accuracy. For educational institution accounts, retention follows the institution's data retention policy.
• AI conversations: Retained for 12 months after the last message, then automatically purged.
• Payment records: Retained for 7 years as required for tax and legal compliance.
• LinkedIn profile data: Name, email, and profile photo from LinkedIn are retained as long as the account is active and deleted upon account deletion.

6. Your Rights

You have the right to:

• Access: Request a copy of your personal data. You can export your data from your profile settings.
• Correction: Update inaccurate information via your profile settings.
• Deletion: Request deletion of your account and associated data through your profile settings or by contacting us.
• Portability: Request your data in a machine-readable format.
• Objection: Object to certain processing of your data.
• Withdraw consent: Withdraw any previously given consent (e.g., data sharing, opportunity matching) at any time through your profile settings.
• Leaderboard opt-out: Remove yourself from public leaderboards at any time.

To exercise these rights, visit your profile settings or contact us at privacy@skilltrek.ai.

7. Security

We implement industry-standard security measures including encrypted data transmission (TLS), secure authentication via Clerk, and role-based access controls on our database. We maintain audit logs for access to student data in educational contexts. However, no system is perfectly secure, and we cannot guarantee absolute security.

8. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. Analytics data is collected in aggregate form.

9. Children's Privacy & COPPA Compliance

SkillTrek.ai is committed to protecting the privacy of children and complying with the Children's Online Privacy Protection Act (COPPA).

• Under 16: SkillTrek.ai requires authentication through LinkedIn, which has a minimum age requirement of 16 (or 18 in certain jurisdictions). As a result, SkillTrek.ai does not permit users under the age of 16 to create accounts. We do not knowingly collect personal information from children under 16. If we discover that we have inadvertently collected information from a user under 16, we will promptly delete that information and terminate the account.
• Ages 16–17: Users between 16 and 17 may use SkillTrek.ai. By LinkedIn's terms, these users have already agreed to LinkedIn's age requirements. On SkillTrek.ai, minor users operate with the following restrictions:
  • Performance data is not shared with third parties
  • The user is excluded from public leaderboards by default
  • Opportunity matching features are disabled
• Parental rights: Parents or guardians of users under 18 may at any time:
  • Review the personal information collected from their child
  • Request deletion of their child's personal information
  • Refuse further collection of their child's personal information
  • Revoke previously given consent
  To exercise these rights, contact us at privacy@skilltrek.ai with "Parental Rights Request" in the subject line.

10. FERPA Compliance & Educational Records

When SkillTrek.ai is used in an educational context (e.g., through teacher-managed classrooms), we act as a "school official" with a "legitimate educational interest" under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g.

Educational Records

In the classroom context, the following data constitutes "education records" under FERPA: challenge scores, completion status, performance analytics, grade data, and AI-generated feedback. These records are accessible only to the student and their authorized teacher(s).

FERPA Protections

• Access controls: Teachers may only view data for students enrolled in their classrooms. Classroom leaderboards are visible only to classroom members and teachers.
• No unauthorized disclosure: We do not disclose education records to third parties without prior written consent from the eligible student (if 18 or older) or the student's parent/guardian (if under 18), except as permitted under FERPA.
• Directory information: We treat display names and profile photos as directory information. Students may opt out of directory information disclosure through their profile settings (leaderboard opt-out).
• Audit trail: We maintain records of access to student education data, including who accessed the data, when, and for what purpose.
• Data minimization: We collect only the information necessary to provide educational services and do not use education records for non-educational commercial purposes.

Institutional Agreements

Educational institutions using SkillTrek.ai in a classroom setting may request a Data Processing Agreement (DPA) that outlines FERPA-specific obligations. Contact edu@skilltrek.ai for institutional agreements.

Student Rights Under FERPA

Eligible students (and parents of minor students) have the right to:

• Inspect and review their education records within 45 days of a request
• Request amendment of inaccurate or misleading education records
• Consent to or withhold consent for disclosure of personally identifiable information from education records
• File a complaint with the U.S. Department of Education if they believe their FERPA rights have been violated: Family Policy Compliance Office, U.S. Department of Education, 400 Maryland Avenue SW, Washington, DC 20202

11. State Privacy Law Compliance

In addition to federal law, we comply with applicable state privacy laws including:

• California (CCPA/CPRA & Student Online Personal Information Protection Act): California residents may request disclosure of collected data, deletion of data, and opt out of data sales. We do not sell personal information. For student data, we comply with SOPIPA by not using student data for non-educational targeted advertising.
• New York Education Law § 2-d: We implement data security and privacy standards for student data as required by NY Ed Law 2-d when working with New York educational institutions.
• Other state laws: We comply with state-specific student privacy laws including those in Colorado, Connecticut, Virginia, and other states with applicable student data privacy legislation.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email or platform notification at least 30 days before changes take effect. For changes affecting the collection or use of children's data, we will obtain new parental consent where required. Continued use after changes constitutes acceptance.

13. Contact

For privacy-related questions or requests, contact us at:

• General privacy: privacy@skilltrek.ai
• Parental rights: privacy@skilltrek.ai (subject: "Parental Rights Request")
• Educational institutions: edu@skilltrek.ai
• FERPA requests: privacy@skilltrek.ai (subject: "FERPA Request")