Last updated February 2026
Privacy Policy
We built Paddleout on the premise that your identity and your code belong to you. This policy explains exactly what we collect, what we do with it, and what we never do — in plain language.
1. What we collect
GitHub data (read-only)
When you connect GitHub, we request read-only access to your public activity. We analyze:
- —Commit frequency and timing patterns
- —Programming language distribution across public repositories
- —Repository activity over rolling time windows
- —General contribution cadence (velocity)
We never access: your source code, private repositories, commit messages, issue content, pull request details, or any proprietary intellectual property. We analyze patterns, not content.
Contact information
We collect your email address when you submit a waitlist form. This is used only to notify you about platform access and launch updates. We use Tally to process form submissions — their privacy policy applies to form data in transit.
Your handle and identity
You choose your Builder handle during signup. Your real name and employer are never collected as part of your public-facing profile — that's the point of the Blinded Identity Model.
2. How we use your data
To generate your Builder Pass
Your GitHub activity powers your Stack Radar, velocity score, and signal stats. This is the core of the product — your pass updates automatically as you ship.
To match you with founders
Founders search The Lineup by stack and signal. They see your anonymized handle and data — never your identity — until you accept their request.
To communicate with you
We'll email you when the platform launches, when a founder requests an intro, or when there's a meaningful update to your account. We don't send marketing spam.
To improve the platform
Aggregate, anonymized patterns help us understand how the product is being used. We don't sell or share this data.
3. Who sees your data
Verified founders
Founders on The Lineup see your handle, Stack Radar, signal stats, and peer vouches. They never see your name, GitHub username, employer, or any identifying information unless you explicitly accept their intro request.
Recruiters
Recruiters have no access to Paddleout. Not now, not ever. It's not a policy — it's a product constraint built into how access is granted.
Third parties
We do not sell, rent, or share your personal data with any third party for marketing or commercial purposes. Full stop.
4. GitHub access and revocation
We connect to GitHub using OAuth with read-only scope. You can revoke our access at any time from your GitHub settings under Settings → Applications → Authorized OAuth Apps. Revoking access removes our ability to refresh your Builder Pass data — your existing pass will remain until you request deletion.
We do not store your GitHub credentials. Authentication is handled entirely through GitHub's OAuth flow.
5. Data retention and deletion
You can request deletion of your account and all associated data at any time by emailing info@paddleout.io. We will process deletion requests within 14 days.
Email addresses collected via waitlist forms are retained until the platform launches or until you unsubscribe. We don't hold onto data we don't need.
6. Cookies and analytics
We use minimal, privacy-respecting analytics to understand how the site is used — page views, referral sources, and basic engagement. We don't use tracking cookies for advertising or sell behavioral data.
7. Questions
If you have any questions about this policy, how your data is handled, or want to request deletion, reach us at info@paddleout.io. We're a small team and we read everything.