This policy explains what MyDigiFolio collects, why, and how we protect it. Applies to GDPR (EU/UK) and UAE PDPL subjects.
Data we collect
- Account: name, email, password hash, optional phone, profile photo.
- Profile content: bio, experience, education, skills, projects — you control what you add.
- Usage: profile views (IP hashed with daily salt + geo-looked-up country/city), contact messages sent to you, resume downloads (email of downloader), reports.
- Payments: handled by Stripe — we store your Stripe customer/subscription ID, not card numbers.
How we use it
- Generate your public profile and four outputs (resume, vCard, portfolio, signatures).
- Power the directory and search.
- Send you transactional emails (contact notifications, resume requests) and, if you opt in, digests and nudges.
- Improve the product and combat abuse.
Privacy defaults
Your phone and email are never rendered publicly. Public pages, .vcf downloads, resume PDFs shared with visitors, and schema.org markup never contain phone or email.
Third-party processors
- Stripe — payments
- OpenAI — content generation (we send the minimum context needed; no persistent training usage)
- CloudFlare / hosting provider — caching and DDoS protection
- ip-api.com — geo lookup from hashed IPs
- Google reCAPTCHA — bot detection on public forms
Your rights
You can export your data (settings → data export), change notification preferences, or delete your account (30-day recovery window, then permanent deletion).
Retention
Profile views keep IPs hashed and expire after analytic windows. Contact messages are retained until you delete them. Soft-deleted accounts are hard-deleted after 30 days.
Contact & complaints
Email privacy@mydigifolio.com.