PRIVACY POLICY

1.1. Information You Provide: • Account information (name, email, username, password) • Profile information (professional title, bio, location) • Portfolio content (skills, experience, projects, education) • Payment information (processed securely by third-party providers) • Communications with us (support messages, feedback) 1.2. Automatically Collected Information: • Usage data (features used, pages visited, time spent) • Device information (browser type, operating system, IP address) • Cookies and similar technologies (see Section 7) • Job search queries and application tracking • AI service usage (tokens consumed, features used) 1.3. Information from Third Parties: • OAuth login data (if you sign in with Google/GitHub) • Public job listings from third-party platforms

We use your information to: 2.1. Provide and Improve Services: • Create and manage your account • Power AI features (job search, proposals, interview practice) • Display your published portfolio • Process payments and manage subscriptions • Track your applications and career progress 2.2. Communications: • Send transactional emails (confirmations, password resets) • Provide customer support • Send important service updates • Notify you about new features (you can opt out) 2.3. Analytics and Optimization: • Understand how users interact with our platform • Improve our algorithms and recommendations • Detect and prevent fraud or abuse • Ensure platform security and performance

3.1. Information We DO NOT Sell: We never sell your personal information to third parties. Ever. 3.2. Public Information: • Published portfolios are publicly accessible • You control what information to include in your portfolio • Unpublished portfolios remain private 3.3. Service Providers: We share data with trusted partners who help us operate: • Payment processors (Stripe) • Email services (Resend) • Cloud hosting (Vercel, AWS) • Analytics tools (privacy-focused) These providers are contractually required to protect your data. 3.4. Legal Requirements: We may disclose information if required by law, court order, or to: • Comply with legal processes • Protect our rights and property • Prevent fraud or security issues • Protect user safety

4.1. Security Measures: • Industry-standard encryption (HTTPS, TLS) • Secure password hashing (bcrypt) • Regular security audits • Restricted employee access • Secure cloud infrastructure 4.2. Your Responsibility: • Use strong, unique passwords • Enable two-factor authentication (when available) • Keep your login credentials confidential • Report suspicious activity immediately 4.3. No System is Perfect: While we implement strong security measures, no online platform can guarantee 100% security. You use the service at your own risk.

5.1. Access and Portability: • View all personal data we have about you • Download your data in portable format • Request a copy of your information 5.2. Correction and Updates: • Update your profile information anytime • Correct inaccurate data • Modify your portfolio content 5.3. Deletion ("Right to be Forgotten"): • Delete your account at any time • We'll erase your data within 30 days • Some data may be retained for legal compliance 5.4. Opt-Out Rights: • Unsubscribe from marketing emails • Disable non-essential cookies • Limit data collection (may affect functionality) 5.5. How to Exercise Rights: Email [email protected] with your request. We'll respond within 30 days.

6.1. Active Accounts: We retain your data as long as your account is active. 6.2. Deleted Accounts: • Data deleted within 30 days of account deletion • Backups may retain data for up to 90 days • Legal compliance may require longer retention 6.3. Usage Analytics: Anonymized analytics may be retained indefinitely.

7.1. Essential Cookies: Required for basic functionality (login, session management). Cannot be disabled. 7.2. Analytics Cookies: Help us understand how users interact with our platform. You can opt out through cookie settings. 7.3. Preference Cookies: Remember your settings and preferences. Optional but recommended for best experience. 7.4. Third-Party Cookies: OAuth providers (Google, GitHub) may set cookies. Subject to their privacy policies. 7.5. Managing Cookies: Use your browser settings to control cookies. Note: Disabling essential cookies will break functionality.

GigForge is not intended for users under 13 years old. • We do not knowingly collect data from children under 13 • If we discover a child's account, we'll delete it immediately • Parents: Contact us if you believe your child has created an account

9.1. Global Service: GigForge operates globally. Your data may be processed in: • United States • European Union • Other countries where our service providers operate 9.2. Data Protection: We ensure adequate protection through: • Standard contractual clauses • Privacy Shield frameworks (where applicable) • Encryption in transit and at rest

10.1. AI-Powered Features: We use AI to power: • Job search and matching • Proposal generation • Resume optimization • Interview practice and feedback 10.2. How AI Uses Your Data: • Your queries are processed to generate responses • We do not train our AI models on your personal data • AI-generated content is provided to you for your use 10.3. Human Review: • We recommend reviewing all AI-generated content • Our support team may review AI interactions for quality assurance • You can request human review of any AI decision

11.1. External Links: Our platform may link to third-party websites and job platforms. We are not responsible for their privacy practices. 11.2. Job Platforms: When you apply to jobs through our platform: • You may be redirected to external sites (Upwork, LinkedIn, etc.) • Each platform has its own privacy policy • Read their policies before applying 11.3. OAuth Providers: If you sign in with Google/GitHub: • We only receive basic profile information • You can revoke access anytime through their settings • Their privacy policies apply to data they collect

California residents have additional rights: 12.1. Right to Know: Request details about personal information collected, used, or shared. 12.2. Right to Delete: Request deletion of personal information (with exceptions). 12.3. Right to Opt-Out: Opt out of sale of personal information (we don't sell data anyway). 12.4. Non-Discrimination: We won't discriminate against you for exercising your rights. 12.5. Authorized Agents: You may use an authorized agent to submit requests. To exercise these rights, email [email protected]

EU/EEA residents have rights under GDPR: 13.1. Legal Basis for Processing: • Contract performance (account services) • Legitimate interests (analytics, security) • Consent (marketing communications) 13.2. Additional Rights: • Right to rectification • Right to restriction of processing • Right to data portability • Right to object to processing • Right to withdraw consent 13.3. Data Protection Officer: For GDPR inquiries, contact: [email protected] 13.4. Supervisory Authority: You can file a complaint with your local data protection authority.

14.1. Updates: We may update this policy to reflect: • Changes in our practices • New features or services • Legal requirements 14.2. Notification: • Material changes: Email notification + prominent notice • Minor changes: Updated policy posted with new date • Continued use after changes = acceptance 14.3. Review Regularly: Check this page periodically for updates.