Privacy Policy

TryCrucible is an AI challenge platform operated by webpipl(“we”, “us”, “our”). We are based in India. You can reach us at privacy@trycrucible.io.

We collect the following categories of personal data:

• Account data — email address, display name, avatar (via GitHub or Google OAuth).
• Profile data — username, bio, GitHub URL, website URL, skills, open-to-work status.
• Submission data — GitHub repository URLs, decisions documents, AI evaluation text, scores.
• Usage data — LLM token consumption per challenge, submission timestamps.
• Billing data (companies) — Razorpay customer ID, subscription ID. We never store raw card numbers.
• Payout data (reviewers) — Razorpay contact ID, fund account ID, UPI or bank account details collected during payout setup.
• Log data — server-side structured logs (user ID, request path, timestamps). No prompt content is logged.

• Providing the platform — running challenges, evaluating submissions, displaying public profiles.
• Anti-cheating — personalised datasets, timing analysis, and similarity detection to maintain score integrity.
• Communications — transactional emails (submission scored, invitation received, payout processed). No marketing emails without explicit consent.
• Billing — processing company subscriptions and reviewer payouts via Razorpay.
• Safety & moderation — detecting abuse and policy violations.
• Analytics — aggregate, anonymised usage statistics to improve the platform.

We do not sell your personal data. We do not use submission content to train AI models.

You have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Correction — update inaccurate or incomplete data via your profile settings.
• Erasure (right to be forgotten) — permanently delete your account and all associated data. This is available directly from your account settings. See section 6 below.
• Portability — request your submission data in a machine-readable format.
• Objection — object to processing based on legitimate interests.

To exercise any right, email privacy@trycrucible.io or use the in-app account deletion feature. We will respond within 30 days.

You can delete your account at any time from Account Settings → Delete account.

Deletion permanently removes:

• Your auth account and login credentials
• Your profile, bio, and all profile data
• All submissions and submission files in storage
• All invitations, pipeline entries, and dispute records
• All notifications and LLM keys

LLM usage log rows are anonymised (user reference replaced with [deleted]) rather than deleted, for cost auditing purposes, and retained for 1 year. Your public profile URL returns 404 immediately after deletion.

We use a single session cookie for authentication, set by Supabase Auth. It is HttpOnly, Secure, and SameSite=Lax. We do not use any third-party tracking cookies or advertising cookies. We use privacy-first analytics that collect no personally identifiable information.

We implement industry-standard security measures including TLS encryption in transit, row-level security on all database tables, short-lived signed URLs for file access, and HMAC-signed webhook payloads. LLM keys issued to candidates are stored as hashes only — the plaintext is never stored.

If you discover a security vulnerability, please email security@trycrucible.io.

We may update this policy from time to time. Material changes will be communicated via email and a banner on the platform. Continued use after changes constitutes acceptance. The “Last updated” date at the top of this page always reflects the current version.

Questions about this policy? Email privacy@trycrucible.io or use our contact form.