Loading...
Loading...
We are committed to protecting your personal data and being transparent about how we collect, use, and safeguard your information.
Last updated: February 15, 2026
We never sell your personal data to third parties
Export or delete all your data at any time
We only collect what is needed to serve you
AES-256 encryption for all stored data
When you create an account or use Profio, you may provide us with personal information including your name, email address, phone number, professional experience, education history, skills, and any other content you include in your resume. This information is essential to delivering our resume building services.
When you use our services, we automatically collect certain technical information including your IP address, browser type and version, operating system, device type, referring URL, pages visited, time spent on pages, and interaction data. We collect this data through cookies and similar technologies as described in our Cookie Policy.
If you choose to sign in with a third-party service (such as Google or LinkedIn), we receive your name, email address, and profile picture from that service. If you use our LinkedIn import feature, we receive the professional data you authorize us to access. We never access data beyond what you explicitly authorize.
We use your information to create, store, and export your resumes and cover letters; to provide AI-powered content suggestions and ATS optimization; to process payments and manage your subscription; and to send transactional emails such as password resets and account notifications.
We analyze anonymized, aggregated usage data to understand how our features are used, identify areas for improvement, and develop new features. We may use your resume content (in anonymized form) to improve our AI models. You can opt out of AI training in your account settings.
We may send you product updates, feature announcements, and educational content related to resume writing and career development. You can unsubscribe from marketing communications at any time. We will always send essential service communications such as security alerts and billing notifications.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. This is a core principle at Profio, and we will never change this policy without explicit consent from our users.
We share limited data with trusted service providers who help us operate our business: cloud hosting (data storage and processing), payment processing (Stripe for secure transactions), email delivery (transactional and marketing emails), and analytics (anonymized usage data). All service providers are contractually required to protect your data and use it only for the purposes we specify.
We may disclose your information if required by law, regulation, legal process, or governmental request. We will notify you of such requests when legally permitted to do so. We may also disclose information to protect the rights, property, or safety of Profio, our users, or the public.
We implement robust technical measures to protect your data including AES-256 encryption at rest, TLS 1.3 encryption in transit, regular security audits and penetration testing, automated vulnerability scanning, and secure software development practices. Our infrastructure is hosted in SOC 2 Type II certified data centers.
Access to personal data is restricted to employees who need it to perform their job duties. All employees undergo background checks and complete annual security and privacy training. We maintain a comprehensive incident response plan and conduct regular tabletop exercises.
We retain your personal data for as long as your account is active and as needed to provide you with our services. Resume content, account details, and preferences are stored until you delete them or close your account.
When you delete your account, we permanently remove all your personal data, resume content, and associated files within 30 days. Backups containing your data are purged within 90 days. Anonymized, aggregated data that cannot be linked back to you may be retained indefinitely for analytics purposes.
We may retain certain information for longer periods when required by law, such as financial transaction records for tax purposes (typically 7 years) or data subject to a legal hold.
You have the right to access all personal data we hold about you. You can download a complete copy of your data in machine-readable format (JSON) at any time from your account settings. This includes all resume content, account details, and usage history.
You can update or correct your personal information at any time through your account settings. You have the right to request deletion of your account and all associated data. We process deletion requests within 30 days.
You have the right to object to the processing of your personal data for direct marketing purposes. You can restrict certain processing activities through your privacy settings, including opting out of AI model training and anonymized analytics.
Where we rely on consent as the legal basis for processing, you may withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.
We store data in the region closest to you. European users' data is stored in EU data centers. We implement appropriate safeguards for any cross-border transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission and supplementary technical measures.
Profio is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us at {CONTACT.emails.privacy}.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting a prominent notice on our website or sending you an email at least 30 days before the changes take effect. Your continued use of Profio after changes become effective constitutes your acceptance of the revised policy.
California residents have specific rights under the California Consumer Privacy Act (CCPA): Right to Know what personal data we collect and how we use it, Right to Delete your personal data (with some exceptions), Right to Opt-Out of data sales (we never sell your data), and Right to Non-Discrimination for exercising your rights. To exercise these rights, email {CONTACT.emails.privacy} with the subject 'CCPA Request' or use your account privacy settings. We will respond within 45 days.
We collect the following categories under CCPA: Identifiers (name, email, IP address, device ID), Professional Information (resume content, work history, education), Internet Activity (page views, clicks, browsing behavior), and Geolocation Data (city/region level from IP address). We do not sell any of these categories to third parties. We share data only with service providers who are contractually required to protect it.
You may designate an authorized agent to make CCPA requests on your behalf. The agent must provide written authorization signed by you, and we may require verification of your identity directly to protect your privacy.
We process your personal data under the following legal bases: Contract Performance (to provide our services to you), Legitimate Interests (to improve our services, prevent fraud, and ensure security), Consent (for marketing communications and optional features like AI training), and Legal Obligations (to comply with applicable laws). You have the right to object to processing based on legitimate interests.
Our Data Protection Officer oversees our GDPR compliance and is available to answer questions about your data rights. Contact: {CONTACT.emails.dpo}. You have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with GDPR. UK residents can contact the Information Commissioner's Office (ICO) at ico.org.uk.
We use Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers outside the EU/EEA. We implement supplementary measures including end-to-end encryption, access controls, and regular security audits to protect data in transit. EU customers' data is primarily stored in EU data centers (Frankfurt, Germany).
Resumes may contain sensitive personal data such as race, religion, health information, or political opinions. We recommend excluding unnecessary sensitive data from your resume unless it is relevant to the job application. If you choose to include such data, we process it only as necessary to provide our services, and you can always edit or delete sensitive information from your resume at any time.
We follow data minimization principles: we only collect data necessary for our service, we don't require unnecessary personal information, and you control what information to include in your resume. You can create multiple resumes with different levels of personal information for different purposes. We recommend using a professional email address and considering whether to include your full address or just city/state.
When you share your resume with employers or recruiters (via URL, email, or export), they become independent data controllers of your information. We are not responsible for how they use your data after you share it. We recommend reviewing their privacy policies before sharing. You can revoke shared URLs at any time in your account settings, and we log access to shared URLs for security purposes.
Our AI models analyze your resume content to provide suggestions for improved wording, keyword optimization for ATS compatibility, grammar and spelling corrections, and content recommendations. AI processing happens in real-time when you use AI features, and all suggestions are generated for your review. You can accept, modify, or reject all AI suggestions - we never make changes without your approval.
We may use anonymized, aggregated resume content to improve our AI models. Personal identifiers (name, email, phone, address) are removed, company names and personal details are redacted, and content is aggregated with thousands of other resumes so it cannot be linked back to you. This helps us improve suggestion quality, support new industries, and enhance ATS compatibility scoring.
You can opt out of AI model training at any time by going to Account Settings → Privacy → AI Training and toggling 'Use my data to improve AI models' to OFF. Opting out means you can still use all AI features (suggestions, scoring, optimization), your resume content will not be used for training, and your existing contributions are removed from training datasets. Opting out does not affect real-time AI processing for your own use.
In the unlikely event of a data breach affecting your personal data, we will notify you without undue delay. We will notify supervisory authorities within 72 hours (GDPR requirement) and notify affected users within 72 hours unless the breach is unlikely to result in high risk. We will immediately initiate incident response and containment procedures.
Our breach notification will include: the nature of the breach and what data was affected, categories of data involved (names, emails, resume content, etc.), approximate number of users affected, likely consequences and potential impact on your privacy, measures we have taken to address the breach, and recommended actions for you to protect yourself (such as changing passwords or monitoring accounts).
We will notify you via email to your registered email address, in-app notification when you log in, a prominent website banner, and a detailed blog post if applicable. If you receive a breach notification, you should change your password immediately, enable MFA if not already enabled, monitor your accounts for suspicious activity, and contact us at {CONTACT.emails.security} if you have questions.
Business and Enterprise customers act as Data Controllers, and Profio acts as a Data Processor. We have a comprehensive Data Processing Agreement (DPA) that complies with GDPR Article 28. The DPA covers data security measures, sub-processor disclosure and management, data subject rights assistance, data breach notification procedures (within 72 hours), audit rights and compliance mechanisms, and liability provisions.
Business and Enterprise customers can request a DPA by contacting sales@profio.dev, requesting via your account manager, or downloading from profio.dev/dpa. The DPA is provided in PDF and Word formats and can be customized for specific requirements. We maintain a public list of all sub-processors with 30-day advance notice for changes.
If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your information, our privacy team is here to help.
Privacy Email: privacy@profio.dev
Data Protection Officer: dpo@profio.dev
February 15, 2026
January 10, 2026
Initial GDPR compliance overhaul