We take your code, your data, and the integrity of every battle, classroom, and assessment seriously. Here is a plain, honest account of how we protect it — and where we still have work to do.
Last updated: June 13, 2026
The safeguards below are standard for our stack. We describe only what is actually true today.
Every connection to AlgoArena is served over HTTPS/TLS. Our app and APIs run on Vercel, and traffic between your browser and our infrastructure is encrypted in transit by default.
Sign-in is handled by Firebase Authentication. Passwords are hashed and managed by Firebase — we never see or store your raw password. You can also sign in with Google or GitHub via OAuth, or with enterprise SSO (SAML/OIDC) for assessment company accounts.
Data access is governed by Firebase Security Rules and server-side checks, so your account data and submissions are scoped to you (or, for classroom and assessment data, to the host or hiring organization that created the session).
We build on established cloud providers — Google Cloud / Firebase for our database and storage, Vercel for hosting — rather than running our own servers. We rely on the security practices and physical safeguards those providers maintain.
We apply rate limiting, automated image moderation on uploads, and optional CAPTCHA (Cloudflare Turnstile) on sensitive flows to reduce abuse and protect the integrity of competitive and assessment data.
We are an early-stage company. We follow sensible, industry-standard defaults for our stack, but we do not yet hold formal third-party security certifications. We would rather tell you exactly where we stand than overclaim.
We collect what we need to run the product, keep competition fair, and improve learning. For the full legal detail, see our Privacy Policy.
Email, username and display name, your skill level at signup, user type (student, educator, or recruiter), and optional profile details such as a picture, bio, location, and social links.
Your code submissions, test results, battle and tournament history, ELO, practice activity, and classroom answers — the data that powers competition, progress, and learning.
During coding sessions (battles, practice, interviews, classroom, and assessments) we capture timing and typing-pattern data and periodic code snapshots. This supports replay, anti-cheat, and analytics. We disclose this here because it is not always obvious mid-session.
For online assessments, hiring organizations may enable proctoring: an optional identity photo, periodic webcam snapshots (still images, capped per session — not continuous video), and an optional spoken-explanation recording that we transcribe to text.
When you use Rena and other AI features, your prompts and relevant code or session context are sent to AI providers for inference. Rena's assessment copilot chat is ephemeral and not stored in our database.
Subscription billing is handled by Stripe. Card details go directly to Stripe — we store only a customer ID, your tier, and billing metadata.
Page views and performance metrics (Firebase and Vercel Analytics), plus technical signals such as IP address (used for rate limiting and abuse prevention), browser, and device type. Non-essential analytics are gated behind our cookie consent banner.
To run AlgoArena we share specific data with the trusted service providers below. Each is used for a defined purpose and receives only the data needed for that purpose.
| Provider | Purpose | Data shared |
|---|---|---|
| Firebase / Google Cloud | Authentication, database, storage, messaging, and analytics | Account data, the application database, files (avatars, OA videos), analytics events |
| Vercel | Application hosting and usage analytics | Requests over HTTPS, page views, performance metrics |
| Stripe | Subscription payment processing and billing | Email, name, payment details (held by Stripe), customer & subscription metadata |
| SendGrid (Twilio) | Transactional email, verification codes, and newsletters | Email addresses, names, message content, subscription preferences |
| OpenAI | AI chat, transcription (Whisper), and speech synthesis | Prompts, code, recorded audio for transcription, chat text |
| Anthropic (Claude) | AI chat and rubric-based grading on selected models | Prompts, code, rubric and assessment context |
| DeepSeek | Code analysis, tutoring, quiz generation, and auto-grading | Prompts, code submissions, problem and test context |
| Google Gemini | AI chat and explain-video transcription on selected models | Prompts, code, uploaded explain-video references, transcripts |
| AWS (Bedrock & Rekognition) | AI inference routing and image moderation | Prompts and code for inference; images submitted for moderation |
| Cartesia | Text-to-speech for the AI interviewer voice | Interviewer line text and voice IDs |
| OneCompiler (via RapidAPI) | Sandboxed execution of user-submitted code | Submitted code, input, expected output, language |
| Google Vision & Sightengine | Automated image moderation for uploaded content | Images submitted for safety analysis |
| Redis (managed cloud) | Low-latency matchmaking queues and ephemeral state | User IDs, matchmaking state, queue positions |
| GitHub OAuth | Optional sign-in and 'Push to GitHub' code export | OAuth authorization, access token, repository access for pushing code |
| WorkOS | Enterprise SSO (SAML/OIDC) for assessment company users | SSO credentials, company identity and connection metadata |
| Cloudflare Turnstile | Bot / CAPTCHA verification on invitation flows | Verification tokens and IP addresses |
Purpose: Authentication, database, storage, messaging, and analytics
Data shared: Account data, the application database, files (avatars, OA videos), analytics events
Purpose: Application hosting and usage analytics
Data shared: Requests over HTTPS, page views, performance metrics
Purpose: Subscription payment processing and billing
Data shared: Email, name, payment details (held by Stripe), customer & subscription metadata
Purpose: Transactional email, verification codes, and newsletters
Data shared: Email addresses, names, message content, subscription preferences
Purpose: AI chat, transcription (Whisper), and speech synthesis
Data shared: Prompts, code, recorded audio for transcription, chat text
Purpose: AI chat and rubric-based grading on selected models
Data shared: Prompts, code, rubric and assessment context
Purpose: Code analysis, tutoring, quiz generation, and auto-grading
Data shared: Prompts, code submissions, problem and test context
Purpose: AI chat and explain-video transcription on selected models
Data shared: Prompts, code, uploaded explain-video references, transcripts
Purpose: AI inference routing and image moderation
Data shared: Prompts and code for inference; images submitted for moderation
Purpose: Text-to-speech for the AI interviewer voice
Data shared: Interviewer line text and voice IDs
Purpose: Sandboxed execution of user-submitted code
Data shared: Submitted code, input, expected output, language
Purpose: Automated image moderation for uploaded content
Data shared: Images submitted for safety analysis
Purpose: Low-latency matchmaking queues and ephemeral state
Data shared: User IDs, matchmaking state, queue positions
Purpose: Optional sign-in and 'Push to GitHub' code export
Data shared: OAuth authorization, access token, repository access for pushing code
Purpose: Enterprise SSO (SAML/OIDC) for assessment company users
Data shared: SSO credentials, company identity and connection metadata
Purpose: Bot / CAPTCHA verification on invitation flows
Data shared: Verification tokens and IP addresses
This list reflects the providers in active use and may change as our product evolves. If a school or company requires a data-processing addendum, contact us at contact@algoarena.net.
We keep your account and activity data for as long as your account is active.
You can delete your account from your settings, which removes your profile and authentication record. If you would like help, or want us to action a deletion on your behalf, email contact@algoarena.net and we will honor it.
Some data is transient by design: challenge and invitation links expire automatically (typically within 24 hours), and AI copilot chat in assessments is ephemeral and not stored.
Classroom sessions are retained on the host's account until the host deletes them. Assessment sessions, transcripts, and proctoring snapshots are retained according to the hiring organization or institution's policy. To be candid: we do not yet enforce automated time-based deletion across every category, and some operational and anti-cheat data may be retained longer for security. We are actively working to formalize retention windows.
Want a copy of your data, a correction, or a deletion? Email contact@algoarena.net and we will respond. We honor GDPR- and CCPA-style access and deletion requests by email.
We welcome reports from security researchers. If you believe you have found a vulnerability, please email us with the details and steps to reproduce, and give us a reasonable window to investigate and remediate before any public disclosure. We will not pursue good-faith research that respects user privacy and avoids service disruption or data destruction.
We are honest about where we are on the compliance journey.
We are not SOC 2 certified yet. Building toward a formal security program and certifications such as SOC 2 is on our roadmap. We will publish updates here as we reach those milestones — we will not claim a certification we do not hold.
We honor GDPR- and CCPA-style access and deletion requests by email. Your data may be processed in countries other than your own via our cloud and AI providers, and we rely on the standard cross-border safeguards those providers offer.
Educators using Classroom Mode are responsible for obtaining appropriate consent for students in their jurisdiction (for example, COPPA in the United States) and for complying with applicable student-record laws such as FERPA. We are happy to support a data-processing addendum on request.
Security, privacy, or compliance questions are always welcome. Reach us at contact@algoarena.net, or read the full Privacy Policy and Terms of Service.