Privacy Policy

42NextScope is a student-built analytics dashboard for the 42 Istanbul Campus. It is not affiliated with or officially endorsed by Association 42. The application is available exclusively to current 42 Network students and alumni.

When you sign in via 42 OAuth, we receive the following data from the 42 API:

• Login Your 42 username (e.g. jdoe)
• Display name Your full name as registered on the Intranet
• Email Your 42 student email address
• Avatar Your Intranet profile photo URL
• Level Your current cursus level
• Wallet & Correction Points Your current balances
• Coalition Your coalition name, colour and logo
• Campus Your enrolled campus

We also display data about other students (peer profiles, evaluation comments, coalition rankings) fetched live from the 42 API. This data is displayed but never stored permanently on our servers.

• To authenticate you via 42 OAuth 2.0 and maintain your login session
• To display your profile information in the sidebar and dashboard
• To personalise your experience (e.g. theme preference)
• We do not sell, share, or transfer your data to any third party
• We do not use your data for advertising or marketing

Session data (your token and profile) is stored in a secure, server-side encrypted cookie for the duration of your authenticated session only. It is deleted automatically when you sign out or when the session expires.

Device storage: Only your theme preference (light / dark) and your consent record are saved to your browser's localStorage. No personal data is written to your device.

Server-side caching: Some API responses — such as project feedback listings — are cached on our server for up to 1 hour to reduce load on the 42 API and improve performance for all users. Cached responses may include anonymised evaluation metadata (marks, flags, comments). This cache is not linked to your identity and expires automatically.

We do not maintain a persistent database. All personal data is discarded when your session ends. Server-side caches expire automatically (maximum 1 hour). If you wish to delete your consent record stored on your device, you may clear your browser's localStorage for this site at any time.

Under GDPR and the 42 API Terms, you have the right to:

• Access — know what data we hold about you (answer: only your active session)
• Deletion — sign out to immediately delete all session data
• Withdrawal of consent — stop using the app at any time; no residual data remains
• Portability — your data originates from the 42 API; request a copy directly from 42

All communication between your browser and our server is encrypted via HTTPS (TLS). OAuth tokens are stored server-side only and are never exposed to the client browser. The 42 API UID and Secret are stored as server-side environment variables and are rotated monthly in accordance with the 42 API Terms.

This application operates in compliance with the 42 API General Terms of Use and the 42 API User Charter. Data obtained via the API remains strictly within the 42 Network and is not shared outside it (Article 3 of the GTU).

If you have questions about this Privacy Policy or wish to exercise your rights, please contact the app developer or report concerns to [email protected] for API-related security issues.