Privacy Policy

1. Introduction

Welcome to Profolio ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the Singapore Personal Data Protection Act 2012 ("PDPA") and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our resume building platform and related services (collectively, the "Services"). By using Profolio, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information You Provide

We collect and store the following categories of personal information that you voluntarily provide when using our Services:

Account Information

• Full name
• Email address
• Password (stored as an encrypted hash - we never store passwords in plain text)
• Profile picture (if you sign in with Google)
• Account preferences and settings

Career Profile Information

Your career profile is the foundation of our service. The information you provide may include:

• Contact and Personal Details: Name, professional title, phone number, email, location, and links to your professional profiles (LinkedIn, portfolio, personal website)
• Professional Experience: Work history including company names, job titles, dates, responsibilities, and accomplishments
• Education: Schools attended, degrees earned, fields of study, graduation dates, and academic achievements
• Skills and Expertise: Technical and soft skills, languages, proficiency levels, and certifications
• Projects and Portfolio: Project details, technologies used, your contributions, and links to your work
• Additional Career Information: Awards, publications, volunteer work, professional affiliations, and any other career-related content you choose to add

Resume Content

• Job descriptions and tailoring preferences
• Resume customizations and multiple versions
• Template and formatting choices

Uploaded Documents

• Resume files you import (temporarily processed to extract information)

Communications

• Support inquiries, bug reports, and feedback

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain technical and usage information:

• Usage Data: How you interact with our platform, including features used, pages visited, and activity timestamps
• Device and Browser Information: Browser type, operating system, device type, and anonymized IP address
• Session Information: Login sessions and authentication data to keep you securely signed in
• Performance Data: Technical metrics to help us identify and fix issues

2.3 Payment and Subscription Information

If you subscribe to our paid plans, payment processing is handled entirely by Stripe, our PCI-DSS compliant third-party payment processor. We do not collect, store, or have access to your full credit card numbers, CVV codes, or other sensitive payment credentials.

For complete information on how Stripe handles your payment data, please review Stripe's Privacy Policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Create, maintain, and secure your user account
• Store and manage your career profile information
• Generate, customize, and export resumes based on your profile
• Enable you to create multiple tailored resume versions
• Process resume imports and extract relevant information
• Provide access to different templates and formatting options

3.2 AI-Powered Features

• Analyze your resume content to provide quality scores and improvement suggestions
• Tailor your resume content to match specific job descriptions
• Refine and enhance bullet points for clarity and impact
• Generate personalized career advice and daily briefings
• Provide intelligent content recommendations based on your profile

3.3 Service Improvement and Development

• Analyze usage patterns to understand how users interact with our platform
• Identify and fix technical issues, bugs, and performance problems
• Develop new features and enhance existing functionality
• Improve the accuracy and relevance of our AI-powered suggestions
• Conduct research and analytics using aggregated, anonymized data
• Optimize user experience and interface design

3.4 Subscription Management

• Process subscription payments and manage billing
• Track usage limits for AI features and exports based on your plan tier
• Provide access to premium features for paid subscribers
• Send subscription-related notifications and receipts

3.5 Communication

• Respond to your inquiries, support requests, and bug reports
• Provide customer support and technical assistance
• Send important service-related notifications and updates
• Notify you of changes to our Terms of Service or Privacy Policy
• Send account security alerts when necessary

3.6 Security and Compliance

• Detect, prevent, and investigate fraud and unauthorized access
• Monitor for security threats and malicious activity
• Enforce our Terms of Service and acceptable use policies
• Comply with legal obligations and respond to lawful requests
• Protect our rights, property, and the safety of our users

4. AI Technology and Third-Party AI Services

4.1 How We Use AI in Our Application

Profolio integrates artificial intelligence throughout the platform to enhance your resume-building experience. Our AI-powered features are designed to help you create more effective, targeted, and professional resumes.

4.2 AI Features We Offer

• Resume Audit and Scoring: Our AI analyzes your resume content against industry best practices, scoring various aspects such as content quality, formatting consistency, keyword optimization, and overall effectiveness. The AI evaluates factors like bullet point structure, action verb usage, quantifiable achievements, and relevance to your target role.
• Intelligent Content Tailoring: When you provide a job description, our AI processes both your profile information and the job requirements to suggest tailored content. The AI identifies relevant skills, experiences, and achievements from your profile that align with the position, and recommends which elements to emphasize or modify.
• Bullet Point Refinement: Our AI helps improve individual bullet points by analyzing clarity, impact, specificity, and professional tone. It can suggest alternative phrasings, recommend adding quantifiable metrics, improve action verb choices, and enhance overall readability.
• Personalized Career Advice: Based on your career profile, industry, and career goals, our AI generates daily career tips, job search strategies, skill development recommendations, and personalized insights to support your professional growth.

4.3 Third-Party AI Service Providers

To provide our AI features, we utilize third-party AI service providers, including OpenAI. When you use AI-powered features:

• Your resume content, profile information, and job descriptions you provide are transmitted to these AI service providers for processing
• The AI service processes your data to generate suggestions, improvements, and recommendations specific to your request
• The AI-generated responses are returned to our platform and displayed to you

4.4 Important Information About AI Processing

• Purpose Limitation: Your data is sent to AI service providers solely to fulfill your specific requests and provide you with the AI features you've chosen to use
• No Training on Your Data: We have configured our AI service agreements to ensure that your personal information and career content are not used to train or improve general AI models. Your data remains yours
• Temporary Processing: AI processing of your data is transient - your information is used only for generating your specific results and is not retained by the AI service provider after processing
• Data Protection: Our AI service providers are contractually obligated to implement appropriate security measures and handle your data in accordance with their privacy policies and applicable data protection laws
• Optional Use: All AI features are optional. You can create and customize resumes manually without using any AI-powered tools if you prefer

5. When and With Whom We Share Your Personal Information

We respect your privacy and do not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share your information in the specific circumstances described below and with trusted parties who are obligated to protect your data.

5.1 Service Providers and Business Partners

We work with carefully selected third-party service providers who assist us in operating our platform and delivering our Services. These providers have access to your information only to perform specific tasks on our behalf and are contractually obligated to protect your data and use it only for the purposes we specify:

• Cloud Infrastructure and Hosting Providers: We use cloud service providers to host our application, store data, and maintain our server infrastructure. Your profile information, resumes, and account data are stored on their secure servers
• Database Services: We utilize managed database services to securely store and manage your personal information and career data
• Authentication Services: If you choose to sign in with Google, your authentication is handled through Google's OAuth service. Google provides us with your name, email address, and profile picture (if available) to create your account
• Payment Processing: Stripe processes all subscription payments on our behalf. We share your billing information with Stripe to facilitate payment transactions, manage subscriptions, and process refunds when applicable
• AI Service Providers: We transmit your resume content, profile information, and job descriptions to AI service providers (including OpenAI) when you use AI-powered features. These providers process your data to generate personalized suggestions and return the results to our platform
• Email Service Providers: We may use email service providers to send you transactional emails, account notifications, and service updates
• Content Delivery Networks: We may use CDN services to deliver application assets efficiently and improve performance

5.2 Legal Obligations and Protection

We may disclose your personal information if required to do so by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, subpoenas, or valid government requests
• Enforce our Terms of Service and investigate potential violations
• Detect, prevent, or address fraud, security issues, or technical problems
• Protect the rights, property, or safety of Profolio, our users, or the public as required or permitted by law
• Respond to claims that content violates the rights of third parties

5.3 Business Transfers and Corporate Transactions

In the event that Profolio is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your personal information may be transferred or disclosed as part of that transaction. We will:

• Notify you via email and/or a prominent notice on our platform before your information is transferred
• Inform you if your information becomes subject to a different privacy policy
• Provide you with options regarding your data if legally permissible

5.4 Aggregated and Anonymized Data

We may share aggregated or anonymized information that cannot reasonably be used to identify you. This may include:

• Usage statistics and platform metrics
• Industry trends and insights derived from aggregated user data
• Research and development findings

This aggregated data does not contain any personal information and cannot be traced back to individual users.

5.5 With Your Consent

We may share your information with other third parties when we have your explicit consent to do so. We will always request your permission before sharing your personal information for purposes not described in this Privacy Policy.

6. Data Security and Protection

6.1 How We Protect Your Information

We take the security of your personal information seriously and implement comprehensive technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

Technical Security Measures

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using industry-standard Transport Layer Security (TLS/SSL) protocols
• Encryption at Rest: Sensitive data stored in our databases is encrypted to protect against unauthorized access
• Secure Password Storage: User passwords are never stored in plain text. We use strong, one-way cryptographic hashing algorithms to protect your passwords
• Secure Authentication: We implement secure session management, token-based authentication, and CSRF (Cross-Site Request Forgery) protection to prevent unauthorized access to your account
• Access Controls: We employ role-based access controls to ensure that only authorized personnel can access systems containing personal data, and only to the extent necessary for their roles

6.2 Data Storage Locations

Your personal information is stored on secure servers operated by our cloud infrastructure providers. Currently, our primary servers and databases are located in the Asia Pacific region. However, please note that:

• Our infrastructure may be distributed across multiple data centers for redundancy, performance, and reliability
• We may migrate our infrastructure to different geographic regions as our business needs evolve and to optimize service delivery
• Data may be temporarily processed in other locations when transmitted to service providers (such as AI service providers or payment processors) who may operate in different regions
• While our servers are currently in Asia Pacific, your data may be transferred to, stored in, or processed in other countries where we or our service providers maintain facilities

Wherever your data is stored or processed, we ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

6.3 Limitations of Security

While we implement robust security measures, please be aware that:

• No method of electronic transmission or storage is 100% secure
• We cannot guarantee absolute security of your information
• You are responsible for maintaining the confidentiality of your account password
• You should use a strong, unique password and never share it with others
• You should log out of your account when using shared or public computers
• If you suspect unauthorized access to your account, please change your password immediately and contact us

6.4 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Investigate the incident promptly and take steps to mitigate harm
• Notify affected users via email without undue delay
• Comply with applicable data breach notification requirements under Singapore law and other applicable regulations
• Provide information about what data was affected and steps you can take to protect yourself

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our Services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, accounting, or compliance purposes.

Usage logs and analytics data may be retained in aggregated, anonymized form for longer periods to help us improve our Services.

8. Your Privacy Rights and Choices

We respect your rights to control your personal information. Depending on your location and applicable laws, you may have various rights regarding your data.

8.1 Rights Under Singapore's Personal Data Protection Act (PDPA)

If you are in Singapore or your data is processed in Singapore, you have certain rights under the Personal Data Protection Act 2012. For complete information about your rights under the PDPA, please visit the Personal Data Protection Commission website at www.pdpc.gov.sg.

8.2 Additional Rights for Users in Certain Jurisdictions

We respect the data protection rights of users in all jurisdictions. Depending on your location, additional data protection laws may apply to you, including but not limited to:

• European Union/EEA: The General Data Protection Regulation (GDPR)
• United Kingdom: The UK GDPR and Data Protection Act 2018
• California, USA: The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Other jurisdictions: Applicable local data protection laws where you reside

To exercise any of these rights, please contact us at support@profolioapp.net. We will respond to your request in accordance with applicable law.

8.3 Account Deletion

You may delete your account at any time through your account settings. When you delete your account:

• Your access to the Services will be immediately terminated
• Your personal data, career profile, and resumes will be permanently deleted from our active systems within 30 days
• Some information may be retained in backup systems for up to 90 days before being permanently purged
• Certain data may be retained longer if required for legal, accounting, audit, or compliance purposes
• Aggregated and anonymized data that cannot identify you may be retained indefinitely

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside of Singapore where our service providers operate. When we transfer your data internationally, we ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

10. Cookies and Similar Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, security, and basic functionality of our Services.
• Preference Cookies: Remember your settings and preferences (e.g., theme selection).

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings, but disabling essential cookies may affect your ability to use our Services.

11. Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect, solicit, or maintain personal information from children under 16, and we do not permit them to create accounts or use our Services. If we become aware that we have collected personal information from a child under 16, we will take steps to promptly delete that information and terminate the account.

12. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, we're here to help.