Nishtha Patel   •   12 days ago

Code Integrity Clarity

The competition requires us to build and operate a real, revenue-generating business — which is exciting. But it also requires submitting a full source code repository for judging, either public or private (shared with the judging team).

For anyone running a live product with real customers, this feels like an unaddressed tension. Sharing your codebase — even privately — exposes proprietary business logic, competitive advantages, and potentially security vulnerabilities of a production system. The rules cover IP ownership well, but say nothing about confidentiality obligations on the judges' or Devpost's end once they have access to your code.

A few questions I'd love to get clarity on, and curious if others are thinking about this too:
- Are judges bound by any NDA or confidentiality agreement when accessing submitted repositories?
- Is a private repo considered sufficient protection for a live business, or is there a stronger option?
- Is there any way to flag portions of a submission as commercially sensitive?

Would be great to hear how others are approaching this — and whether it's worth pushing the organizers for clearer protections before we do the submission.

• 5 comments

  Email me when new comments are added
• 

  Ikechukwu Ezekiel   •   12 days ago

  I totally agree with this and would love some clarity on this topic.

• 

  Aleksander W. Wishman   •   11 days ago

  Personally I'm thinking all of the judges and involved parties are multi-millionaires who are honest about their intentions for this "competition" to be for societal benefit. I have NO qualms about them getting to see our codebases. I don't believe for one second that they would exploit their positions to steal any of it. I think we can rest assured about their integrities! Call me naive, but I truly believe that.

• 

  Nishtha Patel   •   11 days ago

  I really appreciate the positive outlook, and I genuinely hope you're right! That said, I went through the official rules carefully and a few things stood out to me — not to alarm anyone, but because I think it's worth everyone being informed before submitting. What the rules actually say:

  * No confidentiality protection (Section 9, Entry Conditions and Release) — The rules explicitly state: "The relationship between you, the Entrant, and the Sponsor and Administrator, is not a confidential, fiduciary, or other special relationship." There is formally no duty of secrecy on their end once they have access to your code.

  * Judges are anonymous by design (Section 6, Judges & Criteria) — The rules state judges "may or may not be listed individually on the Hackathon Website, and may change before or during the Judging Period." We may never know who is actually reviewing our submissions.

  * Customer personal data can be requested (Section 4, Submission Requirements) — During the review process, organizers may request "customer contact information (name, email, phone)" from submitters. These are real people's personal details.

  * Detailed financials required (Section 4, Submission Requirements) — Submissions must include total revenue, month-by-month revenue breakdown, cost breakdowns, and corporate ID — significant business intelligence handed over as part of entry.

  The issue isn't sharing — sharing is completely normal and expected in a competition like this. The concern is accountability. Sharing your codebase, customer data, and financial records with parties who have formally disclaimed any confidentiality or fiduciary obligation is a meaningful gap worth addressing.
  It would be great to hear from the organizers on whether any additional protections exist outside of what's written in the current rules.

  Happy to be proven wrong, and I truly hope the organizers can provide clarity on this. As someone early in this journey, I just want to make sure my team's work, our customers' data, and the effort we've put in are properly protected before we hit submit.

• 

  Marcos del Cristo   •   9 days ago

  Thank you for sharing this, Nishtha, and for digging into the official rules. I completely agree that these issues need to be addressed immediately. No serious business person or technical founder should be expected to hand over sensitive IP, proprietary business logic, and actual customer PII without explicit confidentiality guarantees. Sharing code is normal for a weekend hackathon; exposing the live backend and financials of a revenue-generating entity to anonymous, legally unbound parties is a massive liability.

  Unfortunately, this lack of protection seems to be part of a broader pattern of radio silence and unaddressed structural issues from the organizers:

  * Critical Infrastructure Failures: The $100 Google AI Ultra Bonus overage mechanism is failing platform-wide. With the May 25th redemption deadline arriving today, participants are hitting their baseline quotas and getting completely locked out of their workspaces. People are dead in the water, and there has been zero official technical support or acknowledgment.

  * Zero Clarity on Eligibility: The community is still entirely in the dark about how to actually claim these credits in the Antigravity app, or if unlocking them requires purchasing a paid Ultra subscription first.

  * The Marketing Catch-22: We are being judged on our ability to "Sell, Market, and Grow" real revenue, yet zero resources or credits have been allocated for user acquisition. Expecting developers to out-of-pocket significant marketing budgets—which can easily consume 30-50% of revenue during aggressive growth phases—just to participate creates a highly uneven playing field.

  We are putting in the work to build production-grade, agentic systems, but it is hard to build with confidence under these conditions. We urgently need official clarification on the NDA structure, an immediate fix and deadline extension for the workspace credits, and clear communication from the XPRIZE team. The more we raise these issues, the better for the integrity of the competition.

• 

  Michelle Brain Manager   •   35 minutes ago

  Thanks all! Judges adhere to confidentiality and nondisclosure of project submissions. Please only share the Private repos with testing@devpost.com and judging@hacker.fund to ensure sufficient protections during the judging process.

  As for credits, Google Cloud includes getting started resources directly through their websites at https://cloud.google.com/free. We’ll be sharing more details about additional resource packages in the coming weeks — stay tuned.

  We are reviewing all questions and answering as we go. Working on speeding things up. Thank you all!

Log in or sign up for Devpost to join the conversation.