Privacy Policy

This portal is operated by the Profoliate team as a data fiduciary under the DPDP Act, 2023. We decide the purposes and means of processing your personal data. For any privacy question, contact our Grievance Officer (see §10).

• ◆Account data (when you sign in via Google or Microsoft): name, email, profile photo, OAuth provider id, consent timestamps and version.
• ◆Portal content (when you build your own portal): your CV text, asset uploads (photo, logos, cert PDFs), and edits you make.
• ◆Usage data: hashed IP address (SHA-256, never stored raw), persistent device cookie (pp_vid), questions you ask the AI assistant, answers returned, the mode (text/voice), and the chunks retrieved for grounding.
• ◆Engagement data: section view counts, time-on-section, scroll depth, JD-match queries.
• ◆Payment data (for paid portals): handled by Razorpay; we receive only a transaction reference, status, and amount. We do NOT store card numbers or UPI handles.
• ◆Cookies: pp_vid (rate-limiting; HttpOnly; 180-day) and NextAuth session cookies for authenticated areas. See our Cookie Policy.

We process your data only for these specific purposes:

• ◆To render your portal and respond to AI-assistant questions about it (legitimate use of your own data; consented when you build the portal).
• ◆To enforce per-visitor quotas and prevent abuse — legitimate interest.
• ◆To process payments for portal creation and refunds (contractual necessity).
• ◆To detect fraud and protect the service — legitimate interest.
• ◆To send transactional emails (sign-in, approval, refund) — contractual.
• ◆(Optional) To send marketing updates — only if you tick the marketing consent checkbox at sign-in. You can withdraw at any time.

• ◆Right to access a summary of personal data we hold about you, the processing activities, and the third parties with whom it is shared.
• ◆Right to correction & erasure of inaccurate or no-longer-needed data.
• ◆Right to grievance redressal through our Grievance Officer (§10) and onward to the Data Protection Board if unresolved.
• ◆Right to withdraw consent at any time, by emailing the address in §10. Withdrawal does not invalidate prior lawful processing.
• ◆Right to nominate another person to exercise these rights upon your death or incapacity.

We rely on the following data processors strictly to operate the service. Each processes your data only on documented instructions:

• ◆Vercel Inc. (USA) — hosting & global edge delivery.
• ◆Supabase Inc. (Singapore region) — database, storage, authentication.
• ◆Google LLC — Gemini AI for grounded answers + JD matching; Google OAuth for sign-in.
• ◆Microsoft Corporation — Microsoft Entra OAuth for sign-in (optional).
• ◆Razorpay Software Pvt. Ltd. (India) — payment processing.
• ◆Resend, Inc. (USA) — transactional email delivery for phone-reveal / CV-download notifications to the portal owner.

We do not sell, rent, or trade personal data. Where data is transferred outside India, the recipient is contractually bound to equivalent protection.

• ◆Account data: while your account is active and 30 days after deletion (for backups).
• ◆Portal content: while your portal is published; deleted within 30 days of suspension/un-publish.
• ◆Visitor-usage rows: 12 months from creation, for fraud-prevention and analytics.
• ◆AI query logs: 12 months from creation. Aggregated stats may be retained longer with all personal identifiers removed.
• ◆Payment records: 7 years (Indian tax & accounting compliance).

We use TLS in transit, encrypted-at-rest databases, hashed IP addresses (never raw), Row-Level Security on every database table, HttpOnly + SameSite cookies, and least-privilege service accounts. The AI assistant is system-prompt-hardened to refuse disclosing phone numbers, addresses, family details, financial data, or any other personal identifiers.

This service is not directed to anyone under 18. We do not knowingly process children's personal data; if you believe we have, contact the Grievance Officer below and we will delete it without undue delay.

The "Match a role" feature uses AI to score the fit between a Job Description you paste and the portal owner's profile. The output is an opinion, not a decision; no recruitment outcome is automated. The AI assistant ("Folio") answers questions strictly grounded in indexed profile data and refuses where information is not available.

We will update the version number above when this policy changes materially and prompt you to re-consent on your next sign-in.