Privacy Policy

1. Introduction

Welcome to Profolio ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the Singapore Personal Data Protection Act 2012 ("PDPA") and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our resume building platform and related services (collectively, the "Services"). By using Profolio, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect personal data that you voluntarily provide when you:

• Create an Account: Name, email address, and password (securely hashed). If you sign in with Google, we receive your name, email, and profile picture from Google.
• Build Your Profile: Professional information including your full name, contact details (phone number, location), work experience, education history, skills, projects, certifications, awards, and any personal or professional summary you choose to provide.
• Create Resumes: Job descriptions you target, resume content customizations, and template preferences.
• Upload Documents: If you import an existing resume, we process the document to extract relevant career information.
• Contact Us: Bug reports, feedback, support inquiries, and any other communications you send to us.

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

• Usage Data: Features you use, pages visited, actions taken within the application, and timestamps of activity.
• Device Information: Browser type, operating system, and device identifiers.
• Session Data: Authentication tokens and session information necessary to keep you logged in securely.

2.3 Payment Information

If you subscribe to our paid plans, payment processing is handled entirely by Stripe, our third-party payment processor. We do not store or have access to your full credit card number, CVV, or other sensitive payment credentials. We only receive confirmation of successful transactions, subscription status, and a reference ID linked to your Stripe customer account. For information on how Stripe handles your data, please see Stripe's Privacy Policy.

3. How We Use Your Information

We use the information we collect to:

• Provide Our Services: Create and manage your account, store your career profile, generate tailored resumes, and enable document exports.
• Power AI Features: Our AI-powered features (resume audits, content tailoring, bullet point refinement, and career advice) use your profile and resume content to provide personalized suggestions. Your content is processed by our AI systems to analyze and improve your resume materials.
• Improve Our Services: Understand how users interact with our platform to enhance functionality, fix issues, and develop new features.
• Manage Subscriptions: Process payments, track usage limits, and provide access to premium features.
• Communicate With You: Respond to inquiries, provide customer support, and send service-related notifications.
• Ensure Security: Detect and prevent fraud, unauthorized access, and other security threats.

4. AI-Powered Features

Profolio incorporates artificial intelligence to enhance your resume-building experience. When you use AI features such as:

• Resume auditing and scoring
• Content tailoring for specific job descriptions
• Bullet point refinement and improvement
• Personalized career advice

Your resume content and relevant profile information are processed by our AI systems to generate suggestions and improvements. This processing is done to provide you with the service you've requested. We do not use your personal data to train general AI models. The AI analysis is specific to your request and is used solely to provide you with personalized recommendations.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We may share your information only in the following circumstances:

• Service Providers: We work with trusted third-party providers who assist in operating our Services:
  • Authentication: Google (for OAuth sign-in, if you choose this method)
  • Payment Processing: Stripe (for subscription payments)
  • Hosting and Infrastructure: Cloud service providers for data storage and application hosting
  • AI Processing: AI service providers for powering our intelligent features
  These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Legal Requirements: We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change and your options regarding your data.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit using TLS/SSL
• Secure password hashing using industry-standard algorithms
• Access controls and authentication measures
• Regular security assessments

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our Services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, accounting, or compliance purposes.

Usage logs and analytics data may be retained in aggregated, anonymized form for longer periods to help us improve our Services.

8. Your Rights Under the PDPA

As a user in Singapore or if your data is processed in Singapore, you have the following rights under the Personal Data Protection Act 2012:

• Access: You may request access to your personal data that we hold. You can view and download most of your data directly from your account settings.
• Correction: You may request correction of any inaccurate or incomplete personal data. You can update most information directly in your profile.
• Withdrawal of Consent: You may withdraw consent for the collection, use, or disclosure of your personal data at any time by deleting your account. Note that withdrawal may affect our ability to provide certain Services to you.
• Data Portability: You may request a copy of your personal data in a commonly used electronic format.

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request within a reasonable timeframe as required by applicable law.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside of Singapore where our service providers operate. When we transfer your data internationally, we ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

10. Cookies and Similar Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, security, and basic functionality of our Services.
• Preference Cookies: Remember your settings and preferences (e.g., theme selection).

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings, but disabling essential cookies may affect your ability to use our Services.

11. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete such information.

12. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For access, correction, or other data-related requests, please include sufficient information to verify your identity and specify the nature of your request.

15. Complaints

If you are not satisfied with our response to your privacy concerns, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at www.pdpc.gov.sg.