Privacy Policy

Last updated: May 2026

StarPlan ("we", "us") helps companies discover AI engineers through code-first benchmarks. This page explains what personal information we collect, why we collect it, and the controls you have over it. If you have questions, write to hello@starplan.ai.

1. Information we collect

  • Candidate profile data — name, email, current role, years of experience, location, summary, links (LinkedIn, GitHub), self-declared skills and industries, and an uploaded resume file.
  • Benchmark submissions — the code you submit, the generated results, host-measured OpenAI usage (tokens, model, cost), and the final score and report.
  • Company / enterprise data — company name, contact details, plan choice, invitation lists, and authentication credentials.
  • Operational logs — IP address, user agent, request paths, and timestamps used for debugging, abuse prevention, and billing.

2. Why we use it

  • To run benchmark submissions in an isolated sandbox and produce a score.
  • To display public candidate profiles in the talent pool so companies can discover engineers.
  • To invoice enterprise customers and meter sandbox / OpenAI usage.
  • To respond to support and sales inquiries.
  • To detect fraud, abuse, and benchmark cheating.

3. Who can see your information

  • Public profiles. If you create a candidate profile, your name, role, summary, skills, industries, years of experience, and best benchmark scores are visible to anyone browsing the talent pool.
  • Resume. Your resume file is shown to a company only after that company has unlocked your profile (paid unlock). It is not indexed publicly.
  • Email and phone. Your email is shown to a company only after they unlock your profile. We never sell contact data.
  • Enterprise (private) submissions. Submissions made with a company invitation code are visible only to that company and never appear in the public talent pool.

4. Data we share with third parties

  • OpenAI — the prompts, embeddings, and inputs that your benchmark code sends to the OpenAI API are forwarded to OpenAI through our metered proxy. We do not send your profile data to OpenAI.
  • E2B — your submission code runs inside an isolated E2B sandbox during evaluation. The sandbox is destroyed after each run.
  • Stripe — payments for resume unlocks and enterprise plans are processed by Stripe. We never see your full card number.
  • Google — if you sign in with Google, Google receives a sign-in event and shares your basic profile (name, email, photo) with us.

We do not sell your personal information. We do not share it with advertisers.

5. Retention

We keep candidate profiles and benchmark submissions for as long as your account is active. Sales / contact inquiries are kept for up to 24 months so we can follow up. Operational logs are kept for up to 90 days.

6. Your rights

Depending on where you live (EU, UK, California, and others) you may have the right to access, correct, export, or delete your personal information, and to object to certain processing. To make a request, email hello@starplan.ai. We will respond within 30 days.

7. Security

Submissions run inside isolated sandboxes with no access to other candidates' data. OpenAI keys never leave our servers — candidate code receives a one-time per-submission token instead. Passwords are hashed. No system is perfectly secure; if you discover a vulnerability please report it to hello@starplan.ai.

8. Children

StarPlan is not directed at people under 16. If you believe a minor has submitted personal information, contact us and we will delete it.

9. Changes

We may update this policy as the product evolves. The "Last updated" date at the top reflects the most recent change. Material changes will be announced on the homepage.

Questions? Contact us.