Privacy Policy

1. Introduction

Welcome to Profilo ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered job application assistant service, including our website and Chrome extension.

Important: We do not sell, trade, rent, or commercialize your personal information to any third parties. Your data is used exclusively to provide our services and is protected with the highest security standards.

2. Information We Collect

2.1 Personal Information We Collect

We collect the following categories of personal information only for the purposes of generating tailored resumes and cover letters:

• Contact Information: Name, email address, phone number (used only for document generation and service communications)
• Professional Information: Resume data, work experience, education, skills, career objectives
• LinkedIn Profile Data: When you choose to import your LinkedIn profile
• Job Application History: Your saved job applications and preferences
• Account Credentials: Authentication information for secure account access

2.2 Information Collected Through Google Analytics

We use Google Analytics 4 to understand how our website is used and to improve our services. Google Analytics collects the following information automatically:

• Device Information: Browser type, operating system, screen resolution
• Approximate Location: Based on masked IP address (not precise enough to identify specific locations)
• Website Activity: Pages viewed, time spent on pages, events triggered
• Referral Information: How you arrived at our website

Note: Google Analytics 4 uses masked IP addresses and does not store complete IP addresses. We do not directly collect browser information, operating system details, IP addresses, or specific page visit data ourselves.

2.3 Information We Do NOT Collect

We do not directly collect:

• Browser type and version
• Operating system information
• Complete IP addresses
• Specific page visit tracking
• Time and date of visits (except through Google Analytics)
• Referring website addresses (except through Google Analytics)

3. How We Use Your Information

We use your personal information exclusively for the following legitimate business purposes:

• Primary Purpose: Generate tailored resumes and cover letters for your job applications
• Analyze job compatibility and provide personalized recommendations
• Maintain your account and provide customer support
• Send essential service updates and notifications
• Improve our AI algorithms and service quality
• Comply with legal obligations and enforce our terms of service
• Prevent fraud and enhance platform security

4. Information Sharing and Disclosure

We do not sell, trade, rent, or commercialize your personal information to any third parties. We may only share your information in these limited circumstances:

• With your explicit written consent
• To comply with valid legal requirements, court orders, or regulatory requests
• To protect our rights, property, safety, or that of our users
• With essential service providers (e.g., cloud hosting, payment processing) under strict data processing agreements
• In connection with a business transfer, merger, or acquisition (with notice)

4.1 Third-Party Service Providers

We work with the following categories of service providers:

• Google Analytics: Website analytics and performance monitoring
• Cloud Infrastructure: Secure data hosting and processing
• AI Processing Services: Document generation and analysis

5. Cookies and Tracking Technologies

We use cookies and similar technologies for specific, legitimate purposes only:

5.1 Essential Cookies

• User Authentication: To identify logged-in users securely
• Session Management: To maintain your session across page visits
• Extension Integration: To identify users when using our Chrome extension
• Security: To prevent fraud and protect against attacks

5.2 Analytics Cookies

• Google Analytics: To understand website usage and improve our service

5.3 What We Do NOT Use Cookies For

• Tracking users across other websites
• Building advertising profiles
• Selling data to advertising networks
• Cross-site behavioral tracking

You can control cookie settings through your browser preferences. Note that disabling essential cookies may affect the functionality of our service.

6. Your Privacy Rights

6.1 Rights Under GDPR (EU Residents)

• Right to Access: Request a copy of your personal information
• Right to Rectification: Request correction of inaccurate information
• Right to Erasure: Request deletion of your personal information
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to certain processing of your information
• Right to Restrict Processing: Request limitation of processing activities
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent

6.2 Rights Under CCPA/CPRA (California Residents)

• Right to Know: Request information about data collection, use, and sharing
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information
• Right to Limit Sensitive Data: Limit use of sensitive personal information
• Right to Non-Discrimination: Not be discriminated against for exercising rights

6.3 How to Exercise Your Rights

To exercise any of these rights, contact us at: [email protected]

We will respond to your request within 45 days (CCPA) or 30 days (GDPR). We may require verification of your identity before processing your request.

6.4 Global Privacy Control (GPC)

We support Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a request to opt out of data sales and sharing (where applicable).

7. Data Security and Protection

We implement industry-standard security measures to protect your personal information:

• Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and vulnerability testing
• Staff Training: Employee training on data protection practices
• Secure Infrastructure: Cloud hosting with enterprise-grade security
• Data Minimization: We collect only what's necessary for our services

8. Data Retention

We retain your personal information based on:

• Account Data: Retained while your account is active plus 3 years
• Document Generation Data: Retained for 2 years after last use
• Analytics Data: Google Analytics retains data for 26 months
• Legal Requirements: As required by applicable laws
• User Deletion Requests: Deleted within 30 days of verified request

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. We ensure all transfers comply with applicable data protection laws and implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions where available
• Binding Corporate Rules for service providers
• Additional safeguards as required by law

10. Categories of Personal Information (CCPA)

In the last 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, account usernames
• Professional Information: Resume data, work history, education
• Commercial Information: Service usage, subscription status
• Internet Activity: Website interaction data (via Google Analytics)
• Geolocation Data: Approximate location (via Google Analytics)
• Inferences: Job compatibility scores, skill assessments

Sources: Directly from you, from your devices, from third parties (LinkedIn when you import)

Business Purposes: Service provision, customer support, security, legal compliance

Third-Party Sharing: We do not sell or share personal information with third parties for commercial purposes.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately at [email protected], and we will promptly delete such information.

12. Changes to This Privacy Policy

We will update this Privacy Policy at least annually or when there are material changes to our practices. We will notify you of significant changes by:

• Posting the updated policy on our website with a new effective date
• Sending email notifications to registered users for material changes
• Displaying prominent notices within our application
• For EU users: Obtaining consent for changes that require it under GDPR

13. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

14. Opt-Out Links (California Residents)

Note: We do not currently sell or share personal information or use sensitive personal information beyond service provision, but these links are provided for compliance.