Privacy Policy
Last updated: July 16, 2026
1. Data Controller
Each portfolio owner (registered user) is the data controller for their own profile content — the professional information they publish publicly.
Rolefolio operates as the data processor for platform services (hosting, AI chat, email delivery). Contact information for the platform is available at [email protected].
2. What Data We Collect
We collect and process the following data:
- Account data: username, email address, first name, last name (provided during registration)
- Profile data: address, phone number, current position, profile image, professional descriptions
- Content data: projects, skills, work experience, education history
- Chat data: messages sent to the AI chatbot (processed via Groq API, not stored permanently)
- Technical data: IP address, browser type, session cookies
3. Legal Basis for Processing (GDPR Art. 6)
- Contract: Processing necessary for the performance of our service (account creation, portfolio display)
- Consent: For optional profile fields and marketing communications
- Legitimate interests: Website security, fraud prevention, service improvement
4. How We Use Your Data
- To provide and maintain the portfolio service
- To display your public profile to visitors
- To provide AI-powered chat assistance (messages are sent to Groq API)
- To send transactional emails (password reset, account notifications)
- To ensure website security and prevent abuse
5. Data Sharing
We do not sell your personal data. Data may be shared with the following third-party processors:
- Groq / OpenAI / Anthropic (AI chat): Chat messages are sent to whichever provider is active — Groq by default, or OpenAI / Anthropic if you configure a BYOK key. Messages are processed in real-time and not stored permanently by us. See the respective provider's privacy policy for their data handling.
- Resend (email delivery): Used to send transactional emails (password reset, account notifications). See Resend Privacy Policy.
- Hosting provider (VPS): Your data is stored on a privately operated server located in the EU.
- Legal obligations: When required by law or court order.
6. Data Retention
- Account data: retained until account deletion
- Chat messages: not stored permanently, processed in real-time
- Session cookies: expire when browser is closed or after 2 weeks
- Backup data: retained for up to 30 days
7. Your Rights (GDPR)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure ("right to be forgotten"): Request deletion of your data
- Restriction: Limit how we process your data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: At any time for processing based on consent
To exercise the right to portability or erasure, use the self-service tools in your dashboard under Account Settings — Export my data (JSON download) and Delete my account. For other requests, contact us at [email protected].
8. Cookies
We use essential cookies for:
- Session management (django session cookie)
- CSRF protection (security token)
- User authentication status
We do not use tracking or advertising cookies.
9. Security
We implement appropriate technical measures including:
- CSRF tokens on all forms
- Password hashing (PBKDF2)
- HTTPS (TLS 1.2+) for all connections
- Regular backups
10. Children's Privacy
This service is not intended for users under 16 years of age. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this policy. Changes will be posted on this page with an updated "Last updated" date.
12. Contact
For privacy-related inquiries, please contact the portfolio owner through the contact information on their profile page.