PrivacyPolicy
This Privacy Policy describes Alion's policies and procedures on the collection, use and disclosure of your information when you use the services, websites, and applications offered by Alion (the "Services") and tells you about your privacy rights and how the law protects you. We only process your personal data where we have a legal basis, including your consent where required under the GDPR.
Alion operates a discovery tool that helps developers showcase their public work. We invite developers to claim an auto-generated public portfolio that we build from artifacts they have already published publicly themselves. We do not score candidates for hiring purposes, we do not make automated decisions with legal or similarly significant effects on a person, and we do not resell personal data. Any suggestion surfaced by the Service is a non-binding hint; any hiring decision is taken by a human employer outside our platform.
We will not use or share your personal information with anyone except as described in this Privacy Policy. Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Terms of Service. For information on how we use cookies and similar tracking technologies, please review our separate Cookie Policy. For a deeper view of our compliance posture, see our public DPIA, LIA and RoPA pages, and our Data Subject Requests page.
With that in mind, this Privacy Policy is designed to describe:
- Who we are and how to contact us
- Your rights relating to your Personal Data
- Marketing communications preferences
- Indexing of publicly available developer artifacts and invitation flow
- What Personal Data we collect
- How we use your Personal Data and why
- Who we share your Personal Data with
- How long we store your Personal Data
- Where we store your Personal Data
- How we protect your Personal Data
- Our policy on children's privacy
- Links to other websites
- Changes to our Privacy Policy
This Privacy Policy is intended to meet our duties of transparency under relevant law, including the General Data Protection Regulation ("GDPR") and the California Consumer Protection Act ("CCPA"). We will post any modifications or changes to this Privacy Policy on this page.
Who we are
Alion is the Controller (for the purposes of the GDPR) of your Personal Data (referred to as either "Alion", "we", "us" or "our" in this Privacy Policy).
How to contact us
If you have any questions about our practices or this Privacy Policy, or if you wish to exercise any of your rights, please contact us using the contact details available on our Site or through our Data Subject Requests page. To delete data we have indexed about you from public sources, you can also use our public erasure endpoint at any time, without creating an account or authenticating.
Our EU Representative
As we do not have an establishment in the European Union ("EU"), we have appointed a representative based in the European Union, who you may address if you are located in the EU to raise any issues or queries you may have relating to our processing of your Personal Data.
You have the right under this Privacy Policy, and by law in certain jurisdictions, to:
- Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it.
- Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing.
- Request the restriction of processing of your Personal Data in certain scenarios (for example if you want us to establish its accuracy or the reason for processing it).
- Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format.
- Withdraw consent at any time where we are relying on consent to process your Personal Data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of our Site.
How to exercise your rights
If you want to exercise any of the rights described above, please contact us using the contact details in Who We Are and How to Contact Us. Typically, you will not have to pay a fee to access your Personal Data. We try to respond to all legitimate requests within one month.
Complaints
If you would like to submit a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us. We will reply to your complaint as soon as we can. If you feel that your complaint has not been adequately resolved and you are in the EU, the GDPR gives you the right to contact your local data protection supervisory authority.
This section does not cover the single transactional invitation we may send to an author of publicly available developer artifacts on the basis of legitimate interest. That single notification is not marketing and is described in detail in the section "Indexing of Publicly Available Developer Artifacts" below.
You can ask us to stop sending you marketing messages or modify your email preferences at any time through any of the following methods:
- by following the opt-out links on any marketing message sent to you;
- through your account notification settings;
- by contacting us at any time using the contact details in Who We Are and How to Contact Us.
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of emails relating to existing or pending hires, purchases or other transactions using the Services.
We index publicly available professional artifacts (public Git repositories, public package registries, public model hubs) from public developer platforms and use the email addresses that authors themselves have published in their public commits or profiles for one purpose only: to send a single transactional notification inviting the author to view, claim, or permanently delete the auto-generated public portfolio we have built from their public work. We do not use these email addresses for marketing, advertising, product promotion, or any communication other than this single invitation. If no action is taken within 30 days, all personal data, including the email address, is permanently deleted and cannot be re-collected (the contact is added to our do-not-re-index registry). Recipients can trigger immediate deletion at any time via a one-click link in the invitation or via our public erasure endpoint, with no authentication required.
Legal basis
The legal basis for indexing publicly available artifacts and for sending the single transactional invitation is legitimate interest (GDPR Article 6(1)(f)). Our legitimate interest is to help developers be discovered for professional and recruitment opportunities by building, from their already-public work, a portfolio they can claim and control. We have balanced this interest against your rights and freedoms in our public Legitimate Interest Assessment. Where applicable local laws require a stricter basis, we either do not index residents of that jurisdiction or rely on a different lawful basis specifically permitted by that law.
What we index
Public username, public display name (only if voluntarily published by the author), public commit email (only when published by the author in public commits), counts and metadata of public repositories, packages and model cards, declared languages and topics, public links to personal sites that the author has chosen to publish. The source of this data is always the author's own public profile and public contributions on the platform concerned. We never collect from private repositories, private packages, leaked databases or other non-public sources.
What we never do
We never produce, store or expose any score that ranks the value of a person as a candidate. We never share, resell, transfer or otherwise disclose indexed personal data to third parties for advertising, profiling or unrelated commercial purposes. We never send a second invitation: the invitation is a one-off transactional notification.
Public erasure endpoint and do-not-re-index registry
An unauthenticated public erasure endpoint is available on the Site. Submitting it deletes the corresponding record immediately and adds an irreversible hash of the identifier to our do-not-re-index registry, which prevents future re-collection from public sources. Recipients of an invitation can use the same mechanism via a one-click link inside the email.
Pre-registration shadow profiles
An auto-generated portfolio created from public artifacts is not published anywhere on the Site before the author claims it. It is reachable only via the unique one-time invitation link issued to the author. If the author does not act on the invitation within 30 days, the record is permanently deleted; deactivating or expiring the link alone is not sufficient - physical deletion is the default.
Alion uses Personal Data we collect to provide the Services, personalize content, remember information to help you efficiently access your account, analyze how the Services are used, diagnose service or technical problems, maintain security, monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns, and track user content and users as necessary to comply with applicable laws.
Information You Directly Provide to Us
The Personal Data we may collect from you includes the following categories:
- Identity Data: first name, surname, username or similar identifier, title, date of birth and gender, picture, and password.
- Contact Data: your home address, work address, billing address, email address and telephone numbers.
- Professional Background Data: educational and professional history, interests and accomplishments, job and salary preferences, projects completed, professional resumes and CVs, your interests in certain job openings, job applications, interviewing information, and hiring results.
- Resume Upload and Parsing Data: if you choose to upload a resume or CV, we may process the file name, file size, file format, extracted text, detected skills, work experience, languages, location, phone number, links, parsing status, security scan results, and audit metadata needed to operate, secure, and troubleshoot the upload feature.
- Online Presence Data: links to your public account pages at social media websites, links to personal websites, and other online materials related to you.
- Financial Data: your bank account and/or payment card details.
- Transaction Data: any details about payments to and from you and other details of subscriptions and services you have purchased from us.
- Content Data: any content you post to the Services, including your profiles, questions, preference settings, answers, messages, comments, and other contributions.
- Marketing and Communications Data: your preferences in receiving marketing from us and our third parties and your communication preferences.
- Behavioral Data: inferred or assumed information relating to your behavior and interests, based on your online activity.
- Technical Data: IP address, your login data, browser type and version, time zone setting and location, operating system and platform and other technology on the devices you use to access this website or use our services.
Personal Data from Third Party Sources
In addition to the Personal Data that we collect directly from you, we may also collect certain of your Personal Data from third party sources, such as credit reporting agencies, social media sites, our affiliates, analytics providers, advertisers, data brokers, and identity verification and compliance service providers.
Aggregated Data
We may also collect, use and share "Aggregated Data" such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute Personal Data for the purposes of the GDPR or CCPA as this data does not directly or indirectly reveal your identity.
No Special Categories of Personal Data
We do not collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We generally use Personal Data for the following: to deliver and improve our Services; to manage your account and provide you with customer support; to perform research and analysis about your use of the Services; to develop, display, and track Content and advertising tailored to your interests; for website or mobile application analytics; to diagnose or fix technology problems; to automatically update the Services on your device; to verify your identity and prevent fraud or other unauthorized or illegal activity; to enforce or exercise any rights in our Terms of Service.
The GDPR requires us to ensure that we have a legal basis for that use if you are within the EU. We collect and use your Personal Data only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- Processing of your Personal Data is necessary for the performance of a contract to which you are a party or to protect your vital interests or that of another person;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- We need to process your data to comply with a legal or regulatory obligation.
Relevant Purposes
- Providing, updating, and maintaining our Services - registering you as a user, managing your account and profile, surfacing relevant jobs, and effectively matching your skillset and interests with available opportunities.
- Resume scanning and profile enrichment - if you use the resume upload feature, extracting text from your file, checking the file for unsafe content, identifying professional information, and using automated tools to suggest or add profile fields, work experience, skills, languages, and summaries. You should not upload resumes containing information about other people unless you have the right to do so.
- Processing payments - to process payment for any purchases, subscriptions or sales made on our Site, to protect against fraudulent transactions, and otherwise as needed to manage our business.
- Research and development - to improve the Services and better understand our users and the markets in which we operate.
- Communicating with users - sending technical notices, product updates, security alerts, and administrative messages.
- Providing customer support - to resolve technical issues, to respond to your requests for assistance, and to repair and improve the Services.
- Enhancing security - verifying accounts and activity, monitoring and investigating suspicious or fraudulent activity, and identifying violations of our terms and policies.
- Marketing and promoting the Services - sending promotional communications that may be of specific interest to you.
- Legal compliance - complying with applicable law, legal process and regulations and protecting legitimate business interests.
Where we need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.
We may share your Personal Data with third parties in the ways that are described below. We consider this information to be a vital part of our relationship with you.
- Our Affiliates - may access your Personal Data to help us develop, maintain and provide our Services and help manage our customer relationships.
- Service Providers - provide us support for our Services, including website and application development, hosting, maintenance, backup, storage, payment processing, analysis, identity verification, and other services that may require them to access Personal Data about you.
- Professional Advisers - our lawyers, accountants, bankers, auditors and insurers may need to review your personal data to provide consultancy, compliance, legal, insurance, accounting and similar services.
- Legal and Taxing Authorities, Regulators - we may disclose your Personal Data if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, or to protect the safety of any person.
- Advertisers - certain users of the Services may have access to your Personal Data for the purpose of enabling them to interact with you and more effectively offer opportunities through the Site.
- Researchers - to enhance the public understanding of patterns and trends in the markets served by our Services, we may provide Personal Data to third parties under confidentiality obligations.
- API Users - a limited number of partners have API access to portions of the Site.
- AI Processing Providers - if you choose to use resume scanning, portions of the extracted resume text and related prompts may be sent to OpenAI, LLC or another designated AI provider to generate structured profile data. We send this data only for the resume analysis feature, use transport security for the request, do not send the original uploaded file when extracted text is sufficient, and do not authorize the provider to use the data for our own advertising purposes.
Resume scanning is optional. If you do not want resume contents to be transmitted to an AI provider, do not use the resume upload/scanning feature and enter profile information manually. AI-generated results may be inaccurate; you are responsible for reviewing and correcting your profile information.
In addition, Personal Data you choose to add to your profile will be available for public viewing on the Site. If you want your information to remain private, don't make it available to other users on our Site. If you are a Job Seeker, your information will generally be publicly available and employers may have access to your Personal Data to assist them in discovering, evaluating and tracking communications with prospective candidates.
As we develop our business, we may buy or sell businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, we may also transfer your Personal Data as part of the transferred assets without your consent or notice to you.
We will retain your information for as long as your account is active or it is reasonably needed for the purposes set out in How We Use Your Personal Data and Why, unless you request that we remove your Personal Data. We will only retain your Personal Data for so long as we reasonably need to use it for these purposes unless a longer retention period is required by law (for example for regulatory purposes).
Uploaded resume files are used for extraction and security checks and are not intended to be retained as downloadable profile files after processing. We may retain extracted profile data that you choose to keep, AI request/response metadata, and upload audit logs for security, fraud prevention, troubleshooting, accounting, and compliance purposes.
For auto-generated portfolios that have not been claimed by the data subject, the hard retention period is thirty (30) days from indexing, after which all personal data, including the email address, are permanently deleted and an irreversible hash of the identifier is added to our do-not-re-index registry.
This may include keeping your Personal Data after you have deactivated your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Deactivated accounts are permanently deleted after one hundred and eighty (180) days of inactivity, with an email warning sent seven (7) days before the deletion. A deactivated account owner may also request an expedited erasure, which is executed after a three (3) day grace period during which it can be cancelled.
When Personal Data is deleted from our production systems, residual copies may persist in encrypted backups for up to thirty (30) days, after which they are automatically and irreversibly purged through the backup rotation cycle. Backup copies are never used to restore deleted accounts.
Personal Data that you provide us may be stored, processed and accessed by us, our staff, sub-contractors and third parties with whom we share Personal Data for the purposes described in this policy. We may also store Personal Data in locations outside the direct control of Alion (for instance, on servers or databases co-located with hosting providers).
Although we welcome users from all over the world, by accessing the Services and providing us with your Personal Data, you consent to and authorize the storage and use of Personal Data as specified in this Privacy Policy. Note the laws of the country where your data is stored might not be as comprehensive or protective as laws in the country where you live.
Alion uses industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality. We periodically review our policies and procedures to evaluate their effectiveness and ensure that they remain up to date.
We cannot, however, ensure or warrant the security of any information you transmit to Alion or guarantee that your information on the Services may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, managerial, or technical safeguards.
We have put in place procedures to respond to any actual or suspected Personal Data breach. In the event that personal information is compromised as a result of such a breach of security, Alion may promptly notify those persons whose personal information has been compromised by posting a notice on the Site, via the functionality of the Services, or by sending an e-mail to you.
Alion cannot ensure that your Personal Data will be protected, controlled or otherwise managed pursuant to this Privacy Policy if you share your login and password information with any third party, including any third party operating a website or providing other services.
Protecting the privacy of young children is especially important. The Services are not intended for children below 16 and Alion does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register with the Services. If you are under the age of 16, please do not submit any personal information through the Site.
We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy Policy by instructing their children never to provide personal information on this Site. If we become aware that we have collected personal information from a child under age 16, we will take steps to remove that information.
This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by Alion. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us.
Please remember that when you use a link to go from the Services to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our Site, is subject to that website's own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.
Third-Party Applications
If you choose to use third-party apps, websites, or other services that use, or are integrated with, our Services, those third parties can receive information about your activity within those apps, as well as information on your public profile on our Site. If you decide to enable, access, or use third-party apps linked through the Services, your enablement, access, and use of these third-party apps is governed solely by the terms and conditions of privacy policies of these third-party apps.
We reserve the right, in our sole discretion, to change, modify, add, or remove portions of this Privacy Policy at any time. Any changes or updates will be effective immediately upon posting to this page. You should review this Privacy Policy regularly for changes. You can determine if changes have been made by checking the Effective Date below.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
