This Privacy Policy describes Alion's policies and procedures on the collection, use and disclosure of your information when you use the services, websites, and applications offered by Alion (the "Services") and tells you about your privacy rights and how the law protects you. We only process your personal data where we have a legal basis, including your consent where required under the GDPR.
Alion operates a discovery tool that helps developers showcase their public work. We invite developers to claim an auto-generated public portfolio that we build from artifacts they have already published publicly themselves. We do not score candidates for hiring purposes, we do not make automated decisions with legal or similarly significant effects on a person, and we do not resell personal data. Any suggestion surfaced by the Service is a non-binding hint; any hiring decision is taken by a human employer outside our platform.
We will not use or share your personal information with anyone except as described in this Privacy Policy. Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Terms of Service. For information on how we use cookies and similar tracking technologies, please review our separate Cookie Policy. For a deeper view of our compliance posture, see our public DPIA, LIA and RoPA pages, and our Data Subject Requests page.
With that in mind, this Privacy Policy is designed to describe:
This Privacy Policy is intended to meet our duties of transparency under relevant law, including the General Data Protection Regulation ("GDPR") and the California Consumer Protection Act ("CCPA"). We will post any modifications or changes to this Privacy Policy on this page.
Alion is the Controller (for the purposes of the GDPR) of your Personal Data (referred to as either "Alion", "we", "us" or "our" in this Privacy Policy).
If you have any questions about our practices or this Privacy Policy, or if you wish to exercise any of your rights, please contact us using the contact details available on our Site or through our Data Subject Requests page. To delete data we have indexed about you from public sources, you can also use our public erasure endpoint at any time, without creating an account or authenticating.
As we do not have an establishment in the European Union ("EU"), we have appointed a representative based in the European Union, who you may address if you are located in the EU to raise any issues or queries you may have relating to our processing of your Personal Data.
You have the right under this Privacy Policy, and by law in certain jurisdictions, to:
If you want to exercise any of the rights described above, please contact us using the contact details in Who We Are and How to Contact Us. Typically, you will not have to pay a fee to access your Personal Data. We try to respond to all legitimate requests within one month.
If you would like to submit a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us. We will reply to your complaint as soon as we can. If you feel that your complaint has not been adequately resolved and you are in the EU, the GDPR gives you the right to contact your local data protection supervisory authority.
This section does not cover the single transactional invitation we may send to an author of publicly available developer artifacts on the basis of legitimate interest. That single notification is not marketing and is described in detail in the section "Indexing of Publicly Available Developer Artifacts" below.
You can ask us to stop sending you marketing messages or modify your email preferences at any time through any of the following methods:
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of emails relating to existing or pending hires, purchases or other transactions using the Services.
We index publicly available professional artifacts (public Git repositories, public package registries, public model hubs) from public developer platforms and use the email addresses that authors themselves have published in their public commits or profiles for one purpose only: to send a single transactional notification inviting the author to view, claim, or permanently delete the auto-generated public portfolio we have built from their public work. We do not use these email addresses for marketing, advertising, product promotion, or any communication other than this single invitation. If no action is taken within 30 days, all personal data, including the email address, is permanently deleted and cannot be re-collected (the contact is added to our do-not-re-index registry). Recipients can trigger immediate deletion at any time via a one-click link in the invitation or via our public erasure endpoint, with no authentication required.
The legal basis for indexing publicly available artifacts and for sending the single transactional invitation is legitimate interest (GDPR Article 6(1)(f)). Our legitimate interest is to help developers be discovered for professional and recruitment opportunities by building, from their already-public work, a portfolio they can claim and control. We have balanced this interest against your rights and freedoms in our public Legitimate Interest Assessment. Where applicable local laws require a stricter basis, we either do not index residents of that jurisdiction or rely on a different lawful basis specifically permitted by that law.
Public username, public display name (only if voluntarily published by the author), public commit email (only when published by the author in public commits), counts and metadata of public repositories, packages and model cards, declared languages and topics, public links to personal sites that the author has chosen to publish. The source of this data is always the author's own public profile and public contributions on the platform concerned. We never collect from private repositories, private packages, leaked databases or other non-public sources.
We never produce, store or expose any score that ranks the value of a person as a candidate. We never share, resell, transfer or otherwise disclose indexed personal data to third parties for advertising, profiling or unrelated commercial purposes. We never send a second invitation: the invitation is a one-off transactional notification.
An unauthenticated public erasure endpoint is available on the Site. Submitting it deletes the corresponding record immediately and adds an irreversible hash of the identifier to our do-not-re-index registry, which prevents future re-collection from public sources. Recipients of an invitation can use the same mechanism via a one-click link inside the email.
An auto-generated portfolio created from public artifacts is not published anywhere on the Site before the author claims it. It is reachable only via the unique one-time invitation link issued to the author. If the author does not act on the invitation within 30 days, the record is permanently deleted; deactivating or expiring the link alone is not sufficient - physical deletion is the default.
Alion uses Personal Data we collect to provide the Services, personalize content, remember information to help you efficiently access your account, analyze how the Services are used, diagnose service or technical problems, maintain security, monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns, and track user content and users as necessary to comply with applicable laws.
The Personal Data we may collect from you includes the following categories:
In addition to the Personal Data that we collect directly from you, we may also collect certain of your Personal Data from third party sources, such as credit reporting agencies, social media sites, our affiliates, analytics providers, advertisers, data brokers, and identity verification and compliance service providers.
We may also collect, use and share "Aggregated Data" such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute Personal Data for the purposes of the GDPR or CCPA as this data does not directly or indirectly reveal your identity.
We do not collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We generally use Personal Data for the following: to deliver and improve our Services; to manage your account and provide you with customer support; to perform research and analysis about your use of the Services; to develop, display, and track Content and advertising tailored to your interests; for website or mobile application analytics; to diagnose or fix technology problems; to automatically update the Services on your device; to verify your identity and prevent fraud or other unauthorized or illegal activity; to enforce or exercise any rights in our Terms of Service.
The GDPR requires us to ensure that we have a legal basis for that use if you are within the EU. We collect and use your Personal Data only where:
Where we need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.
We may share your Personal Data with third parties in the ways that are described below. We consider this information to be a vital part of our relationship with you.
Resume scanning is optional. If you do not want resume contents to be transmitted to an AI provider, do not use the resume upload/scanning feature and enter profile information manually. AI-generated results may be inaccurate; you are responsible for reviewing and correcting your profile information.
In addition, Personal Data you choose to add to your profile will be available for public viewing on the Site. If you want your information to remain private, don't make it available to other users on our Site. If you are a Job Seeker, your information will generally be publicly available and employers may have access to your Personal Data to assist them in discovering, evaluating and tracking communications with prospective candidates.
As we develop our business, we may buy or sell businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, we may also transfer your Personal Data as part of the transferred assets without your consent or notice to you.
We will retain your information for as long as your account is active or it is reasonably needed for the purposes set out in How We Use Your Personal Data and Why, unless you request that we remove your Personal Data. We will only retain your Personal Data for so long as we reasonably need to use it for these purposes unless a longer retention period is required by law (for example for regulatory purposes).
Uploaded resume files are used for extraction and security checks and are not intended to be retained as downloadable profile files after processing. We may retain extracted profile data that you choose to keep, AI request/response metadata, and upload audit logs for security, fraud prevention, troubleshooting, accounting, and compliance purposes.
For auto-generated portfolios that have not been claimed by the data subject, the hard retention period is thirty (30) days from indexing, after which all personal data, including the email address, are permanently deleted and an irreversible hash of the identifier is added to our do-not-re-index registry.
This may include keeping your Personal Data after you have deactivated your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Deactivated accounts are permanently deleted after one hundred and eighty (180) days of inactivity, with an email warning sent seven (7) days before the deletion. A deactivated account owner may also request an expedited erasure, which is executed after a three (3) day grace period during which it can be cancelled.
When Personal Data is deleted from our production systems, residual copies may persist in encrypted backups for up to thirty (30) days, after which they are automatically and irreversibly purged through the backup rotation cycle. Backup copies are never used to restore deleted accounts.
Personal Data that you provide us may be stored, processed and accessed by us, our staff, sub-contractors and third parties with whom we share Personal Data for the purposes described in this policy. We may also store Personal Data in locations outside the direct control of Alion (for instance, on servers or databases co-located with hosting providers).
Although we welcome users from all over the world, by accessing the Services and providing us with your Personal Data, you consent to and authorize the storage and use of Personal Data as specified in this Privacy Policy. Note the laws of the country where your data is stored might not be as comprehensive or protective as laws in the country where you live.
Alion uses industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality. We periodically review our policies and procedures to evaluate their effectiveness and ensure that they remain up to date.
We cannot, however, ensure or warrant the security of any information you transmit to Alion or guarantee that your information on the Services may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, managerial, or technical safeguards.
We have put in place procedures to respond to any actual or suspected Personal Data breach. In the event that personal information is compromised as a result of such a breach of security, Alion may promptly notify those persons whose personal information has been compromised by posting a notice on the Site, via the functionality of the Services, or by sending an e-mail to you.
Alion cannot ensure that your Personal Data will be protected, controlled or otherwise managed pursuant to this Privacy Policy if you share your login and password information with any third party, including any third party operating a website or providing other services.
Protecting the privacy of young children is especially important. The Services are not intended for children below 16 and Alion does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register with the Services. If you are under the age of 16, please do not submit any personal information through the Site.
We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy Policy by instructing their children never to provide personal information on this Site. If we become aware that we have collected personal information from a child under age 16, we will take steps to remove that information.
This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by Alion. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us.
Please remember that when you use a link to go from the Services to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our Site, is subject to that website's own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.
If you choose to use third-party apps, websites, or other services that use, or are integrated with, our Services, those third parties can receive information about your activity within those apps, as well as information on your public profile on our Site. If you decide to enable, access, or use third-party apps linked through the Services, your enablement, access, and use of these third-party apps is governed solely by the terms and conditions of privacy policies of these third-party apps.
We reserve the right, in our sole discretion, to change, modify, add, or remove portions of this Privacy Policy at any time. Any changes or updates will be effective immediately upon posting to this page. You should review this Privacy Policy regularly for changes. You can determine if changes have been made by checking the Effective Date below.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.