Privacy Policy

1. Information We Collect & Consent

We collect personal identification data (name, email, professional titles, social handles) when you register for MeFolio, as well as portfolio artifacts, proof documentation, and project details submitted during verification.

By explicitly checking the EULA and Privacy Policy checkbox during registration, you provide your informed consent to the storage, processing, and display of these professional artifacts as part of your public portfolio registry.

2. Analytics Tracking & Profile Activity

MeFolio tracks anonymized page views, unique visitor counts, profile engagement, and resume downloads to generate performance insights for your dashboard. We utilize this analytics data strictly to show you your portfolio's audience reach. We do not sell, rent, or monetize visitor tracking data to advertisers.

3. Recruiter Lead Collection & Spam Prevention

When recruiters submit inquiries through your profile's modals, we collect their company details, budget proposals, and contact information. This data is securely stored and forwarded directly to your MeFolio lead inbox. We implement active cryptographic and signature checks to prevent automated lead spam and data harvesting.

4. Stripe Payment Processing & Financial Data Security

Premium billing and transactional services are handled exclusively by **Stripe Inc.**. All financial transactions, card details, and payment histories are processed securely on Stripe's encrypted infrastructure. MeFolio **never stores, reads, or has access** to your full credit card details or bank account information. Stripe’s privacy policy governs their secure payment services.

5. Data Storage & Security (RLS Enforcement)

Your account credentials, verification proof documents, and project media are stored in encrypted PostgreSQL databases and secure cloud storage buckets. We utilize Row Level Security (RLS) policies to enforce strict, user-isolated access controls on the database.

6. Third-Party Infrastructure Services

To maintain high availability, secure authentication, and performance monitoring, we integrate with industry-leading infrastructure providers:

• Supabase: Provides secure authentication, PostgreSQL database hosting, and RLS cloud storage buckets.
• Vercel: Hosts our high-performance Next.js serverless runtime and global edge CDN.
• Sentry: Monitors application runtime exceptions and logs critical error events for engineering triage.

7. GDPR & CCPA Data Rights

We are committed to absolute data transparency. You have the right to request a complete copy of your personal data, modify your profile artifacts at any time, or permanently delete your account and associated storage assets by contacting support. We will fulfill all deletion and data export requests in accordance with GDPR and CCPA guidelines.