Privacy Policy · crackedin.io

1. Introduction

CrackedIn Labs (“CrackedIn”, “we”, “us”, or “our”) operates the CrackedIn web application at crackedin.io and the CrackedIn Browser Extension (collectively, the “Service”).

This Privacy Policy explains what data we collect, why we collect it, how we process and protect it, and your rights regarding your personal information. We are committed to transparency and to giving you full control over your data.

By creating an account or installing the CrackedIn Extension, you acknowledge that you have read and understood this Privacy Policy.

2. Data We Collect

2.1 Account Information

When you create a CrackedIn account, we collect:

Email address (used for authentication, account recovery, and essential communications)
Display name (shown in your profile)
Authentication provider metadata (Google, GitHub, or email/password)
Profile avatar URL (fetched from your OAuth provider)

2.2 Connected Platform Data (via Extension)

When you connect a coding platform (e.g., LeetCode) through our browser extension, we collect the following data with your explicit consent:

Platform username and public profile URL
Submission metadata: problem title, identifier, verdict (Accepted, Wrong Answer, TLE, etc.), programming language, and timestamp
Submission source code: the code you submitted to the platform
Performance metrics: runtime, memory usage, and relative percentile rankings
Test case details for non-accepted submissions (last failed input, expected vs. actual output, error messages)

We nevercollect, store, or transmit your LeetCode password, session cookies, or authentication tokens to our servers. The extension operates entirely within your browser, using your existing authenticated session to read data from LeetCode's API. Authentication details never leave your device.

2.3 Usage & Analytics Data

Pages and features you interact with within CrackedIn
AI chat messages you send (used solely to generate responses for you)
Browser type, operating system, and extension version
Anonymized performance metrics (page load times, error rates)

2.4 Data We Do NOT Collect

Browsing activity outside of CrackedIn and explicitly connected platforms
Files, documents, or any data on your local machine
Content from other browser tabs, extensions, or applications
Passwords or session tokens from any third-party service
Financial or payment information
Precise geolocation data

3. How We Use Your Data

We process your data exclusively to provide and improve the Service:

Personalized preparation: Generate AI-powered interview recommendations tailored to your strengths, weaknesses, and goals
Progress tracking: Visualize your coding activity, identify patterns, and measure improvement over time
AI analysis: Provide intelligent feedback on your problem-solving approaches and code quality
Sync continuity: Maintain state across devices so your data is always up to date
Service improvement: Understand usage patterns to build better features (using aggregated, anonymized data only)

We do not sell, rent, or trade your personal data to any third party. We do not use your code submissions or chat conversations to train AI models. Your data is used solely to deliver services directly to you.

4. Data Storage & Security

We implement industry-standard security measures to protect your data:

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
Encryption at rest: Databases are encrypted using AES-256 at the storage layer
Infrastructure: Data is stored in PostgreSQL databases hosted on Supabase (AWS ap-south-1 region) with automated backups
Access control: Database access is restricted to authenticated application services via connection pooling with role-based permissions
Token security: Authentication tokens are JWTs with short expiry, stored in browser local storage, and transmitted exclusively over HTTPS
No plaintext secrets: All sensitive configuration values are managed via environment variables, never committed to source code

5. Data Sharing

We share your data only with the following categories of service providers, and only to the extent necessary to operate the Service:

Provider	Purpose	Data Shared
Supabase (AWS)	Database hosting	All stored data (encrypted)
Vercel	Web app hosting	HTTP request metadata
Anthropic / OpenAI	AI response generation	Chat messages (not raw code)
Google OAuth	Authentication	Email, name, avatar URL

AI model providers (Anthropic, OpenAI) process your chat queries to generate responses. Per their enterprise API terms, they do not use API inputs/outputs for model training.

We may also disclose data if required by law, valid legal process, or to protect the safety of our users or the public.

6. Your Rights & Data Controls

You have full ownership and control over your data:

Delete synced data

Permanently delete all your LeetCode submissions, code, and problem history from our servers. Available in Settings > Data Controls.

Export your data

Request a complete JSON export of all data we hold about you, including chat history, submissions, and profile information.

Disconnect platforms

Remove the extension or disconnect a platform at any time. This immediately stops all further data collection from that platform.

Delete your account

Permanently delete your account and all associated data. Contact us or use the Delete Account option in Settings.

Restrict AI processing

Opt out of anonymized data usage for service improvement. Your data will only be used to serve you directly.

To exercise any of these rights, use the in-app controls or contact us at privacy@crackedin.io. We respond to all data requests within 30 days.

7. Browser Extension Permissions

The CrackedIn Chrome Extension requests only the minimum permissions necessary to function. Here is a complete explanation of each:

Host access (leetcode.com)

Read your submission data from LeetCode's GraphQL API using your existing browser session. We only access specific API endpoints — never arbitrary page content.

cookies (leetcode.com)

Read the CSRF token required for authenticated LeetCode API calls. We never read, store, or transmit session cookies or login credentials to our servers.

storage

Persist sync progress and extension state locally in your browser so it survives restarts and tab closures.

alarms

Schedule background sync continuation. Chrome MV3 service workers terminate after 30 seconds of inactivity — alarms allow reliable long-running sync operations.

8. Data Retention

Active accounts: Data is retained for the lifetime of your account
Deleted data: When you delete submissions or your account, data is removed from active systems immediately and from backup rotations within 30 days
Inactive accounts: Accounts with no activity for 24 months may be flagged for deletion with 30 days advance notice via email
Aggregated analytics: Anonymous, non-identifiable usage statistics (e.g., total user count, feature popularity) may be retained indefinitely

9. Children's Privacy

CrackedIn is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@crackedin.io and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. For material changes, we will:

Update the “Last updated” date at the top of this page
Notify registered users via email at least 14 days before the changes take effect
Display a notice within the application

Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or need to report a privacy concern:

CrackedIn Labs

Email: privacy@crackedin.io

Response time: Within 30 days of receiving your request