PRIVACY POLICY

(Ultimate Global Compliance Edition – Fully Compliant with GDPR, KVKK, CPRA, LGPD and International Data Protection Standards)

Effective Date: [●]

Last Updated: [●]

Profylee (“Company”, “Platform”, “we”, “us”) processes, stores, and protects users’ personal data in accordance with the highest international privacy and data protection standards. This Privacy Policy explains in detail how your personal data is collected, processed, transferred, and protected when you use the Platform, create an account, share content, or access any module of Profylee.

This Privacy Policy has been prepared in accordance with GDPR (EU 2016/679), KVKK, CPRA/CCPA, LGPD, OECD Privacy Principles, and ISO/IEC 27701, and represents Profylee’s commitment to transparent data processing.

By using the Platform, registering, signing in, or accessing any feature, you acknowledge that you have read and understood this Privacy Policy.

1. SCOPE AND APPLICATION

This Privacy Policy applies to all digital services provided by Profylee, including:

1. AI-powered digital identity creation
2. 
   
3. Advanced search engine
4. 
   
5. Works (Freelance service & job proposal system)
6. 
   
7. Flow & Pool (Recruitment pipeline and candidate database)
8. 
   
9. Showcase (Company profile & portfolio pages)
10. 
    
11. Publish (Article and content posting)
12. 
    
13. Wall (Posts, announcements, public content)
14. 
    
15. Insight (Feedback & evaluation module)
16. 
    
17. Analytics (Performance and visibility analytics)
18. 
    
19. Wallet (Credit, balance & payment operations)
20. 
    
21. Message (Messaging module)
22. 
    
23. Calendar (Google Calendar API integration)
24. 
    

This policy covers all individual users, employers, and businesses registered on the Platform.

2. DATA CATEGORIES COLLECTED & PROCESSED

Personal data categories collected by Profylee are detailed in the Privacy Notice & Consent document. This Privacy Policy complements that notice.

The primary categories include:

1. Identity Data
2. 
   
3. Contact Data
4. 
   
5. Profile & CV Data
6. 
   
7. Content Data (Publish, Showcase, Works, Wall)
8. 
   
9. Messaging Data
10. 
    
11. Wallet & Payment Data
12. 
    
13. Technical & Analytics Data
14. 
    
15. AI Processing Data
16. 
    
17. Calendar (Google API) Data
18. 
    

• Credit card information is never stored by Profylee.

• AI processing is performed using anonymized data.

3. DATA PROCESSING PRINCIPLES

Profylee strictly adheres to the following principles:

3.1. Lawfulness, fairness, and transparency

3.2. Accuracy and keeping data up to date

3.3. Purpose limitation

3.4. Data minimization (processing only what is necessary)

3.5. Storage limitation

3.6. Strong protection against unauthorized access

3.7. Accountability

3.8. Respect for user rights

4. PURPOSES OF PROCESSING PERSONAL DATA

Profylee processes personal data for the following purposes:

1. Creating digital CVs and profiles
2. 
   
3. Job matching and recommendation algorithms
4. 
   
5. AI-powered analysis and scoring
6. 
   
7. Job posting, application, offer and hiring processes
8. 
   
9. Freelancer–employer interactions
10. 
    
11. Content sharing (Publish, Showcase, Wall)
12. 
    
13. Managing candidate pipelines (Flow & Pool)
14. 
    
15. Platform security and fraud prevention
16. 
    
17. Wallet and payment operations
18. 
    
19. Calendar-based meeting scheduling
20. 
    
21. Performance and behavioral analytics (Analytics & Insight)
22. 
    
23. Customer support
24. 
    
25. Compliance with legal obligations
26. 
    
27. Improving the quality of the services
28. 
    

5. SHARING PERSONAL DATA WITH THIRD PARTIES

Profylee shares personal data only under the following circumstances:

5.1. Service Providers

1. OpenAI (with anonymized data)
2. 
   
3. PayTR, Paddle (payment processing)
4. 
   
5. Google Calendar API
6. 
   
7. Cloud hosting & server infrastructure
8. 
   
9. Security service providers
10. 
    

All service providers are bound by Data Processing Agreements (DPA).

5.2. Employers and Recruitment Companies

Your profile may be viewed by global employers with your consent.

Profylee strictly prohibits the sale of candidate data.

5.3. Government Authorities

Only when legally required.

5.4. International Data Transfers

Data may be transferred outside the EU only under:

1. SCC (Standard Contractual Clauses)
2. 
   
3. Anonymization
4. 
   
5. Secure transfer mechanisms
6. 
   

6. DATA SECURITY & SAFEGUARDS

Profylee implements the following measures to ensure data protection:

1. ISO/IEC 27001 & 27701–aligned infrastructure
2. 
   
3. SSL/TLS encryption
4. 
   
5. Two-Factor Authentication (2FA)
6. 
   
7. Role-Based Access Control (RBAC)
8. 
   
9. Data minimization
10. 
    
11. Monitoring and reviewing access logs
12. 
    
13. Secure server architecture
14. 
    
15. Encrypted data transmission
16. 
    
17. Anonymization of data used in AI models
18. 
    
19. Full compliance with Google Calendar Restricted Scopes
20. 
    

Profylee employs technical and administrative safeguards against unauthorized access, data loss, or data breaches.

7. CHILDREN'S PERSONAL DATA

Profylee does not accept users under the age of 16.

Personal data of individuals below this age is not knowingly collected.

8. COOKIES AND TRACKING TECHNOLOGIES

Profylee uses essential, analytical, and performance cookies.

Details are provided in the Profylee Cookie Policy.

Users may:

1. Reject cookies
2. 
   
3. Select categories
4. 
   
5. Change their preferences at any time
6. 
   

9. USER RIGHTS (GDPR, KVKK, CPRA, LGPD)

Users have the following rights:

1. Learn whether data is processed
2. 
   
3. Access their data
4. 
   
5. Request correction
6. 
   
7. Request deletion / right to be forgotten
8. 
   
9. Restrict processing
10. 
    
11. Data portability
12. 
    
13. Object to profiling
14. 
    
15. Withdraw consent
16. 
    
17. File complaints with data protection authorities
18. 
    

Requests may be submitted to:

📩 [contact@example.com]

10. DATA RETENTION PERIODS

Data is retained for the following durations:

1. CV & profile data → Active account + 1 year
2. 
   
3. Wallet transactions → As required by financial regulations
4. 
   
5. Log data → 15 days
6. 
   
7. Flow / Pool data → 1 year
8. 
   
9. Message content → Until account deletion
10. 
    
11. Calendar data → Until the user requests deletion
12. 
    
13. Content data → Until removed by the user
14. 
    

Data is securely destroyed at the end of retention periods.

11. UPDATES TO THIS POLICY

Profylee may update this Privacy Policy from time to time.

Significant changes will be communicated to users.

12. CONTACT

For any privacy-related inquiries:

📩 [contact@example.com]