Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide to us, including:

• Account Information: Name, email address, username, password, profile photo
• Resume Data: Work experience, education, skills, certifications, projects, contact information
• Portfolio Content: Personal stories, achievements, media files, custom HTML/CSS/JavaScript code
• Payment Information: Credit card details, billing address (processed by third-party payment processors)
• Communications: Messages sent through the platform, customer support inquiries, feedback
• Job Application Data: Cover letters, application responses, preferences
• Preferences: AI provider preferences, notification settings, theme choices

1.2 Automatically Collected Information

When you use our Service, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages viewed, features used, time spent, click patterns, navigation paths
• Location Data: General location based on IP address
• Cookies and Similar Technologies: Authentication tokens, session data, preferences
• Analytics Data: User behavior, feature adoption, performance metrics
• Error Logs: Technical errors, crashes, performance issues

1.3 Information from Third Parties

We may collect information about you from third-party services:

• Social Media: Profile information when you sign up using Google OAuth
• Payment Processors: Transaction details, payment status
• Analytics Providers: User behavior and demographics
• Public Sources: Publicly available professional information

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• Providing, operating, and maintaining the Service
• Creating and managing your account
• Processing your transactions and payments
• Enabling communication between users
• Generating and exporting documents
• Providing customer support

2.2 AI and Machine Learning

Your information, including resume content and usage patterns, may be used to:

• Train and improve our AI models and algorithms
• Generate personalized content suggestions and recommendations
• Analyze job descriptions and match candidates
• Develop new AI-powered features
• Process your content through third-party AI services (OpenAI, Google, Anthropic)

2.3 Product Improvement and Analytics

• Analyzing usage patterns and trends
• Conducting research and developing new features
• Testing and improving platform performance
• Understanding user preferences and behavior
• Creating anonymized and aggregated statistics

2.4 Marketing and Communications

We may use your information to:

• Send promotional emails and newsletters about our products and services
• Display personalized advertisements on our platform and third-party sites
• Send notifications about new features, updates, and special offers
• Conduct surveys and request feedback
• Create marketing materials using anonymized data and case studies

2.5 Legal and Security

• Detecting, preventing, and addressing fraud, security issues, and technical problems
• Enforcing our Terms of Service and other policies
• Complying with legal obligations and responding to lawful requests
• Protecting our rights, property, and safety
• Resolving disputes and investigating complaints

3. How We Share Your Information

We may share your information with third parties in the following circumstances:

3.1 Service Providers

We share information with third-party vendors and service providers who perform services on our behalf:

• Cloud Hosting: Vercel, AWS, Google Cloud (infrastructure and hosting)
• Database Services: MongoDB Atlas (data storage)
• AI Services: OpenAI, Google AI, Anthropic (content generation and analysis)
• Payment Processing: Stripe (payment processing)
• Email Services: SendGrid, Gmail SMTP (email delivery)
• Analytics: Google Analytics, Vercel Analytics (usage analytics)
• Customer Support: Support ticket systems and communication tools

3.2 Public Information

Information you choose to make public may be accessible to others:

• Public resumes and portfolios are viewable by anyone with the link
• Profile information marked as public
• Content shared on job applications (visible to employers)
• Public "About Me" pages are indexed by search engines

3.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

3.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Legal process (subpoenas, court orders, government requests)
• Law enforcement investigations
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

3.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with:

• Research partners and academic institutions
• Marketing and advertising partners
• Industry publications and media
• Business partners and investors
• General public (statistics, trends, insights)

3.6 With Your Consent

We may share your information for other purposes with your consent or at your direction.

4. Data Storage and Security

4.1 Data Storage

Your information is stored on secure servers provided by MongoDB Atlas and Vercel. Data may be processed and stored in the United States and other countries where our service providers operate.

4.2 Security Measures

We implement security measures including:

• Encryption of data in transit using HTTPS/TLS
• Password hashing using bcrypt
• Regular security audits and monitoring
• Access controls and authentication
• Secure payment processing through PCI-compliant providers

4.3 No Guarantee

However, no method of transmission or storage is 100% secure. We cannot guarantee the absolute security of your information. You use the Service at your own risk.

4.4 Data Retention

We retain your information for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal obligations and resolve disputes
• Improve our AI models and services (potentially indefinitely in anonymized form)
• Enforce our agreements and protect our rights

Even after account deletion, we may retain certain information as required by law or for legitimate business purposes, including backups and AI training data.

5. Cookies and Tracking Technologies

5.1 Cookies We Use

We use cookies and similar tracking technologies to:

• Essential Cookies: Authentication, session management, security
• Functional Cookies: Preferences, settings, language
• Analytics Cookies: Usage statistics, performance monitoring
• Marketing Cookies: Advertising, personalization, tracking conversions

5.2 Third-Party Cookies

Third-party services we use may set their own cookies, including:

• Google Analytics for website analytics
• Advertising networks for targeted ads
• Social media platforms for sharing features

5.3 Cookie Control

Most browsers allow you to control cookies through settings. However, disabling cookies may limit your ability to use certain features of the Service.

6. Your Rights and Choices

6.1 Access and Update

You can access and update most of your information through your account settings.

6.2 Account Deletion

You may delete your account through the settings page. Note that deletion may not be immediate, and some information may be retained as described in this policy.

6.3 Marketing Communications

You can opt out of promotional emails by clicking "unsubscribe" in any marketing email or adjusting your notification settings. You cannot opt out of service-related communications.

6.4 Data Portability

You can export your resume data in various formats (PDF, JSON) through the platform.

6.5 Do Not Track

Our Service does not respond to Do Not Track signals.

6.6 Regional Rights

Depending on your location, you may have additional rights:

• GDPR (EU/EEA): Right to access, rectification, erasure, restriction, portability, and objection
• CCPA (California): Right to know, delete, and opt-out of sale (we do not sell personal information)
• Other Jurisdictions: Rights as provided by applicable local laws

To exercise these rights, contact us at privacy@profilhq.com. We may require verification of your identity before processing requests.

7. Children's Privacy

Our Service is not intended for users under 16 years of age. We do not knowingly collect information from children under 16. If we become aware that we have collected information from a child under 16, we will take steps to delete such information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, which may have different data protection laws. By using the Service, you consent to such transfers.

9. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

10. AI Data Processing

10.1 Third-Party AI Providers

When you use AI features, your content is processed by third-party AI providers:

• OpenAI: Subject to OpenAI's privacy policy and data usage practices
• Google AI (Gemini): Subject to Google's privacy policy
• Anthropic (Claude): Subject to Anthropic's privacy policy

10.2 AI Training

Your content may be used to:

• Train our proprietary AI models
• Improve third-party AI models (subject to their policies)
• Develop new AI features and capabilities
• Create training datasets for machine learning

10.3 No Opt-Out

If you use AI features, you cannot opt out of AI processing. If you do not consent to AI processing of your content, do not use AI-powered features.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. However, we are not liable for any damages resulting from such breaches.

12. Changes to This Policy

We may update this Privacy Policy at any time without prior notice. Changes are effective immediately upon posting. Your continued use of the Service after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: