Back to home

Privacy Policy

Last updated: March 2026

1. Introduction

MeritDeck ("we", "our", or "us") provides a software-as-a-service platform that enables recruiters to assess developer candidates through AI-analysed code challenges. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service.

This policy applies to all users of MeritDeck, including recruiters who create and manage assessments, and candidates who submit code for evaluation. By using MeritDeck, you acknowledge that you have read and understood this policy.

2. Data We Collect

Account Data

When recruiters sign up, we collect personal information through Supabase Auth, including your email address and name. This data is used to create and manage your account.

GitHub Data

When candidates authenticate via GitHub OAuth, we access your GitHub username, public profile information, and the contents of the repository you submit for assessment. We only access repositories that you explicitly authorise for evaluation.

Assessment Data

We collect and store submission records, AI-generated analysis results, scores, and feedback associated with each assessment. This includes the code you submit and the structured evaluation produced by our AI analysis engine.

Usage Data

We collect analytics data via PostHog to understand how our service is used and to improve the user experience. We also use Sentry for error tracking to identify and resolve technical issues. This data may include your IP address, browser type, device information, and interaction patterns.

Cookies

We use essential cookies to manage authentication sessions and optional analytics cookies for service improvement. See Section 8 for more detail on our cookie usage.

3. How We Use Your Data

We use the data we collect to:

  • Provide the assessment service — enabling recruiters to create roles and briefs, and candidates to submit code for evaluation.
  • Generate AI-powered code analysis— sending submitted code to Anthropic's Claude AI for structured evaluation against the role brief.
  • Send transactional emails — delivering assessment notifications, results, and account-related communications via Resend.
  • Improve our service — analysing usage patterns, fixing bugs, and enhancing the platform experience.

4. AI Processing

Submitted code is analysed by Anthropic's Claude AI to generate structured assessments. This is an automated process that evaluates code quality, architecture, and alignment with the role brief.

AI does not make autonomous hiring decisions. The AI generates analysis and recommendations, but recruiters always make the final decision on whether to progress a candidate. MeritDeck is a decision-support tool, not a decision-making tool.

Under Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Our AI analysis is always reviewed by a human recruiter before any hiring decision is made.

5. Data Sharing

We share your data with the following third-party service providers, solely to deliver and improve our service:

  • Anthropic — processes submitted code through Claude AI for analysis.
  • Resend — delivers transactional emails such as assessment notifications and results.
  • Vercel — hosts our application infrastructure.
  • Supabase — provides our database and authentication services.
  • PostHog — processes anonymised analytics data.
  • Sentry — captures error reports for debugging.

We do not sell your personal data to any third party, and we never will.

6. Data Retention

  • GitHub access tokens are encrypted using AES-256-GCM and are deleted immediately after the code analysis is complete. We do not retain long-term access to your GitHub account.
  • Assessment data(submissions, analysis results, scores) is retained for the lifetime of the recruiter's account to allow ongoing access to historical evaluations.
  • Account deletion is available on request. When a recruiter deletes their account, all associated assessment data is permanently removed.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing — request that we limit how we use your data.
  • Right to data portability — receive your data in a structured, commonly used, machine-readable format.
  • Right to object — object to our processing of your personal data in certain circumstances.
  • Right to withdraw consent — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the details in Section 12. We will respond to your request within 30 days.

8. Cookies

Essential Cookies

We use essential cookies to manage your authentication session. These are strictly necessary for the service to function and cannot be disabled.

Analytics Cookies

We use PostHog for product analytics. These cookies help us understand how our service is used so we can improve it. You can opt out of analytics tracking at any time through your browser settings or by contacting us.

9. International Transfers

Your data may be processed outside the European Economic Area (EEA), including in the United States, where our service providers operate. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your personal data.

10. Children

MeritDeck is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date above.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint about how we handle your personal data, please contact us at:

Email: privacy@meritdeck.com

You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.