10 JUNE 2026You sign in with GitHub OAuth. From the GitHub API we read and store:
id (immutable handle)usernameThat's it. We do not request private repo, follower, or write scopes — only public-profile info needed to show your account.
When you submit a project we store the title, description, public GitHub repo URL, optional demo URL, and any screenshots you upload. Submissions are public — they appear on /challenges and your /u/[username] profile once voting closes.
We verify the repo is public, owned by your GitHub account, and was pushed during the submission window. We don't clone or download your code.
Each vote stores the eight category scores, an optional 500-character comment, and a one-way HMAC-SHA256 hash of your IP and User-Agent — never the raw values. The hashes let us spot vote clusters without ever reversing back to you.
New accounts under 24 hours old can't vote, and self-voting is blocked at the database level.
One cookie: aetrix.session-token (HTTP-only, SameSite=Lax, Secure in production). It identifies your session server-side. There are no analytics cookies, no third-party trackers, no fingerprinting scripts.
When the cron worker rolls a week (challenge starts, voting opens, results published) or an admin posts a broadcast, we create one notification row per user. Dismiss them per-row or all at once on /dashboard.
GitHub (OAuth + repo verification) is the only external service we talk to. We don't use Google Analytics, Mixpanel, Sentry, ad networks, or anything else that profiles you.
Access: everything the platform stores about you is visible on your /dashboard and public profile.
Deletion: head to /settings → Danger zone. Deleting cascades every submission, vote, notification, and session you ever had. The username is released back into the pool.
Questions: reach out at contact@yivani.dev.
Last updated 10 JUNE 2026