SkillThrive - AI-Powered Career Development

1. Introduction

Welcome to SkillThrive ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Services").

This policy applies to all users of our Services, including job seekers, companies, and visitors. By using our Services, you agree to the collection and use of information in accordance with this policy.

🔍 What's New in Version 3.0

• Enhanced disclosures for algorithmic job matching and automated decision-making
• Detailed email analytics and engagement tracking information
• Expanded payment processing and financial data collection details
• Updated third-party service integrations and data transfers
• New sections on skill assessment data and career progression tracking

2. Contact Information

Data Controller

SkillThrive Ltd.

Address:
[Your Business Address]
[City, State/Country, Postal Code]

Registration: [Company Registration Number]

Data Protection Officer

Email: dpo@skillthrive.com
General Privacy: privacy@skillthrive.com
Support: support@skillthrive.com

3. Information We Collect

We collect information you provide directly, information about your usage of our Services, and information from third parties. Here's a comprehensive overview:

👤 Account and Profile Information

Basic Account Data:

• Full name and display name
• Email address and phone number
• Profile photos and cover images
• Account preferences and settings
• Location and timezone information
• Language and accessibility preferences

Professional Information:

• Work experience and employment history
• Education background and qualifications
• Skills, expertise levels, and certifications
• Professional portfolio and work samples
• Career goals and aspirations
• Salary expectations and compensation data

🧠 Skill Assessment and Career Data

Assessment Data:

• Skill challenge attempts and solutions
• Assessment scores and completion times
• Code submissions and technical responses
• Performance analytics and progress tracking
• Learning path preferences and progress

Career Analytics:

• Career progression tracking and goals
• Job match scores and compatibility ratings
• Application success rates and patterns
• Skill development recommendations
• Market positioning and competitive analysis

💳 Payment and Financial Information

Payment Processing:

• PayPal order IDs and capture IDs
• Payment amounts, currency, and timestamps
• Billing addresses and contact information
• Payment method preferences
• Transaction status and history

Subscription Data:

• Plan types and billing cycles
• Subscription start, renewal, and cancellation dates
• Usage patterns and feature access
• Upgrade/downgrade history
• Financial records for compliance (7 years)

🔧 Technical and Usage Information

Device and Browser:

• IP addresses and geolocation data
• Device type, operating system, browser
• Screen resolution and device capabilities
• Unique device identifiers
• Network connection information

Platform Usage:

• Page views, clicks, and navigation patterns
• Session duration and frequency
• Feature usage and preferences
• Search queries and filters applied
• Error logs and performance metrics

4. How We Use Information

We use your information to provide, improve, and personalize our Services. Our use of data is based on the following legal grounds under GDPR:

📋 Service Delivery (Contract Performance)

• Account creation and management
• Job matching and recommendations
• Application processing and tracking
• Payment processing and billing
• Customer support and assistance
• Platform functionality and features

🎯 Personalization (Legitimate Interest)

• Customized job recommendations
• Skill development suggestions
• Content personalization
• User experience optimization
• Analytics and insights

📧 Communications (Consent/Contract)

• Transactional emails and notifications
• Marketing communications (with consent)
• Product updates and announcements
• Educational content and tips
• Survey and feedback requests

🛡️ Security and Compliance (Legal Obligation)

• Fraud prevention and detection
• Account security monitoring
• Legal compliance and reporting
• Data backup and recovery
• Audit and investigation support

📊 Analytics and Improvement (Legitimate Interest)

• Platform performance monitoring
• Feature usage analytics
• A/B testing and optimization
• Market research and insights
• Product development and innovation

⚡ Business Operations (Legitimate Interest)

• Internal reporting and analytics
• Quality assurance and training
• Business intelligence and planning
• Risk assessment and management
• Operational efficiency improvements

5. Algorithmic Processing and Automated Decision-Making

GDPR Article 22 Notice - Automated Decision-Making

We use automated systems to process your data for job matching and recommendations. You have the right to request human intervention, express your point of view, and contest these decisions.

🤖 Job Matching Algorithm

How It Works:

• Analyzes your skills, experience, and preferences
• Compares against job requirements and company culture
• Generates compatibility scores (0-100)
• Ranks opportunities based on multiple factors
• Updates recommendations based on your activity

Data Used:

• Profile information and skills data
• Past application patterns and outcomes
• Assessment results and performance
• Location and availability preferences
• Similar user behavior patterns (anonymized)

📈 Career Progression Analytics

Purpose:

• Identify skill gaps and development opportunities
• Suggest learning paths and certifications
• Predict career trajectory possibilities
• Benchmark against industry standards

Your Rights:

• Request explanation of recommendations
• Provide feedback to improve accuracy
• Opt out of automated recommendations
• Access raw data used for decisions

🎯 Personalization Engine

Our personalization algorithms customize your experience by:

Content Curation

• Relevant job listings
• Educational content
• Industry news
• Networking suggestions

Interface Optimization

• Dashboard layout
• Feature prioritization
• Notification timing
• Content formatting

Communication Timing

• Email send optimization
• Notification frequency
• Engagement predictions
• Content preferences

6. Information Sharing and Third-Party Services

We share your information in limited circumstances and with appropriate safeguards. Here are the specific situations when sharing occurs:

✅ With Your Explicit Consent

Job Applications:

• Profile data shared with employers when you apply
• Resume and portfolio materials
• Contact information for interview scheduling
• Application status and feedback (if provided)

Public Profile Features:

• Information you choose to make public
• Portfolio items and work samples
• Professional achievements and certifications
• Skills and endorsements (if enabled)

🔧 Essential Service Providers

We work with trusted third-party services to provide our platform. All processors are bound by data processing agreements and GDPR compliance requirements.

Service	Purpose	Data Shared	Location	Privacy Policy
Supabase	Database & Authentication	Profile, Usage, Preferences	EU (Primary), US (Backup)	View Policy
PayPal	Payment Processing	Billing Info, Transaction Data	Global (Varies by Region)	View Policy
Resend	Email Delivery	Email Addresses, Message Content	EU & US	View Policy
Vercel	Hosting & CDN	Log Data, Performance Metrics	Global Edge Locations	View Policy
Google Analytics	Website Analytics	Usage Data, Device Info	Global	View Policy

⚖️ Legal and Safety Requirements

Legal Compliance:

• Court orders and legal process
• Regulatory investigations
• Tax and financial reporting
• Employment law compliance

Safety and Security:

• Fraud prevention and investigation
• Terms of service enforcement
• Protecting user safety
• Preventing abuse and spam

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Here are our specific retention periods:

🕒 Quick Reference

Active Accounts: While active

Inactive Accounts: 3 years

Application Data: 2 years

Financial Records: 7 years

Marketing Data: Until withdrawn + 3 years

Support Tickets: 3 years

Analytics Data: 26 months

Security Logs: 2 years

Note: You can request early deletion of your data at any time, subject to legal and contractual obligations. See our detailed Data Retention Policy for complete information.

💼 Active Users

• Profile Data: Retained while account is active
• Usage Analytics: 26 months rolling
• Communication Logs: 3 years
• Assessment History: Permanently (unless deleted)

📤 Inactive/Deleted Accounts

• Profile Deletion: 3 years after last login
• Anonymized Analytics: Retained indefinitely
• Legal Hold Data: Until resolution
• Financial Records: 7 years (legal requirement)

8. Your Rights and Choices

Under GDPR, UK GDPR, CCPA, and other applicable laws, you have comprehensive rights regarding your personal data:

🔍 Access and Portability

• Request a copy of all your personal data
• Receive data in machine-readable format (JSON, CSV)
• Transfer data to another service provider
• Access algorithmic decision explanations

✏️ Correction and Updates

• Update or correct inaccurate information
• Complete incomplete personal data
• Dispute automated decision outcomes
• Update preferences and settings

🗑️ Deletion and Restriction

• Request complete account deletion ("right to be forgotten")
• Restrict processing for specific purposes
• Object to processing based on legitimate interests
• Delete individual data elements

⚙️ Consent and Preferences

• Withdraw consent for optional processing
• Opt out of marketing communications
• Manage cookie and tracking preferences
• Control automated decision-making participation

📞 How to Exercise Rights

• Online: Account Settings → Privacy Controls
• Email: privacy@skillthrive.com
• Form: Submit Privacy Request
• Phone: [Support Number]

Response Time: 30 days (may be extended to 60 days for complex requests)

📋 Request Requirements

• Identity verification (for security)
• Specific description of request
• Preferred delivery method
• Legal basis for objections (if applicable)

9. Data Security

We implement comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

🔐 Technical Safeguards

• End-to-end encryption (TLS 1.3, AES-256)
• Database encryption at rest
• Secure key management and rotation
• Multi-factor authentication (MFA)
• Regular security audits and penetration testing
• Automated vulnerability scanning

🏢 Organizational Measures

• Role-based access controls (RBAC)
• Regular staff security training
• Data minimization principles
• Incident response procedures
• Vendor security assessments
• Privacy impact assessments (PIAs)

🛡️ Infrastructure Security

• SOC 2 Type II compliant hosting (Supabase)
• Distributed denial-of-service (DDoS) protection
• Web application firewall (WAF)
• Continuous monitoring and alerting
• Automated backup and disaster recovery
• Geographic data replication

🚨 Incident Response

• 24/7 security monitoring
• Immediate breach containment procedures
• Regulatory notification (within 72 hours)
• User notification for high-risk breaches
• Forensic investigation capabilities
• Post-incident security improvements

🔒 Your Security Role

Help us protect your account by:

• Using strong, unique passwords
• Enabling two-factor authentication
• Keeping your browser and apps updated

• Logging out of shared devices
• Reporting suspicious activity immediately
• Being cautious with phishing emails

10. International Data Transfers

To provide our global services, we may transfer your personal data across borders. We ensure all transfers comply with applicable data protection laws through appropriate safeguards:

🌍 Transfer Mechanisms

EU/UK Adequacy Decisions:

• Transfers to countries with adequate protection
• Includes: Switzerland, Canada, Japan, South Korea
• No additional safeguards required

Standard Contractual Clauses (SCCs):

• EU Commission approved contracts
• Used for US and other third-country transfers
• Includes additional protective measures

📊 Our Data Flow Map

Service Provider	Data Location	Transfer Basis	Data Categories
Supabase (Primary)	EU (Ireland)	EU Processing	All user data, profiles, applications
Supabase (Backup)	US (Virginia)	SCCs + Addendum	Encrypted backup data
PayPal	Global (Various)	SCCs	Payment data, billing information
Resend	EU & US	SCCs	Email addresses, message content
Vercel CDN	Global Edge	Legitimate Interest	Performance logs, cached content

🛡️ Additional Safeguards

Technical Measures:

• End-to-end encryption during transfer
• Pseudonymization where possible
• Data minimization for cross-border transfers
• Regular security assessments of transfer methods

Legal Protections:

• Data processing agreements with all processors
• Regular compliance audits
• Government access transparency reports
• Legal challenge mechanisms for data requests

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. You have control over most cookies through your browser and our preference center.

🍪 Essential Cookies

Required for basic functionality (cannot be disabled)

• Authentication and session management
• Security tokens and CSRF protection
• Load balancing and performance
• Language and accessibility preferences

📊 Analytics Cookies

Help us understand site usage (consent required)

• Google Analytics (GA4) - anonymous tracking
• Page views and session duration
• Feature usage and conversion tracking
• Error monitoring and performance metrics

🎯 Personalization Cookies

Customize your experience (consent required)

• Job recommendation preferences
• Dashboard layout and settings
• Content personalization
• A/B testing participation

📱 Social Media Cookies

Enable social sharing features (consent required)

• LinkedIn share buttons
• Twitter integration
• Social login functionality
• Social proof and testimonials

🎛️ Cookie Management

Platform Controls:

• Cookie Banner: Manage consent for optional cookies
• Account Settings: Update tracking preferences
• Preference Center: Granular cookie controls
• Email Preferences: Control email tracking pixels

Browser Controls:

• Chrome: Settings → Privacy → Cookies
• Firefox: Options → Privacy → Cookies
• Safari: Preferences → Privacy
• Do Not Track: Honored where technically possible

Note: Disabling certain cookies may limit functionality. Essential cookies cannot be disabled. View our complete Cookie Policy for detailed information.

12. Email Communications and Tracking

We send various types of emails to communicate with you. This section explains what emails you'll receive, how we track engagement, and how to control your preferences.

📧 Transactional Emails

Essential service communications (cannot opt out)

• Account verification and password resets
• Application confirmations and status updates
• Payment receipts and billing notifications
• Security alerts and account changes
• Support ticket updates

📬 Marketing Emails

Promotional content (consent required - can opt out)

• Job recommendations and career opportunities
• Platform updates and new features
• Industry insights and career tips
• Educational content and webinars
• Special offers and promotions

🔔 Notification Emails

Activity-based alerts (can customize frequency)

• New job matches and recommendations
• Application status changes
• Messages from employers
• Assessment reminders
• Weekly activity summaries

📊 Email Analytics

We track email engagement for service improvement

• Delivery Status: Sent, delivered, bounced
• Open Tracking: Email open rates and timestamps
• Click Tracking: Link clicks and destinations
• Unsubscribe Events: Opt-out tracking
• Spam Reports: Complaint monitoring

🔍 Email Tracking Details

What We Track:

• Email opens (using 1x1 pixel images)
• Link clicks (through redirected URLs)
• Time spent reading emails (estimated)
• Device and email client information
• Geographic location (country/region level)

Why We Track:

• Improve email content and timing
• Measure campaign effectiveness
• Personalize future communications
• Ensure deliverability and compliance
• Detect and prevent email abuse

🛡️ Privacy Controls:

• Disable Tracking: Block images in your email client
• Unsubscribe: Use links in email footers
• Preferences: Manage email preferences
• Data Deletion: Request removal of email analytics data

📮 Email Service Providers

Resend (Transactional)

• Account-related and notification emails
• DKIM, SPF, and DMARC authentication
• EU and US data processing
• Webhook-based delivery tracking

Brevo (Marketing)

• Newsletter and promotional campaigns
• Advanced segmentation and automation
• GDPR-compliant consent management
• Detailed analytics and reporting

13. Children's Privacy

Age Restriction Policy

SkillThrive is designed for professional use and is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

🔞 Age Verification

• Users must confirm they are 16 or older during registration
• Age verification is part of account creation process
• Educational use requires parental/guardian consent
• School accounts must comply with student privacy laws

🛡️ If We Discover Underage Users

• Immediate suspension of account access
• Deletion of all personal information
• Notification to parents/guardians if identifiable
• Review of registration and verification processes

👨‍👩‍👧‍👦 Parental Rights and Notifications

If you believe your child under 16 has created an account or provided personal information to us, please contact us immediately at:

Email: privacy@skillthrive.com
Subject Line: "Underage User - Immediate Action Required"
Include: Child's name, suspected username/email, and your relationship to the child

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

📊 Categories of Personal Information We Collect

Category	Examples	Collected?	Shared?
Identifiers	Name, email, phone, username	✓ Yes	Service providers only
Protected Classifications	Age, gender (optional)	✓ Yes	No
Commercial Information	Purchase history, subscriptions	✓ Yes	Payment processors only
Internet Activity	Browsing history, searches	✓ Yes	Analytics providers only
Geolocation Data	Country, region, city	✓ Yes	Service providers only
Professional Information	Work experience, skills	✓ Yes	Employers (with consent)
Education Information	Schools, degrees, certifications	✓ Yes	Employers (with consent)
Inferences	Preferences, aptitudes, abilities	✓ Yes	No

🔍 Your CCPA Rights

• Right to Know: Request details about data collection
• Right to Delete: Request deletion of personal information
• Right to Correct: Fix inaccurate personal information
• Right to Opt-Out: Opt out of selling/sharing for ads
• Right to Limit: Limit use of sensitive information
• Non-Discrimination: Equal service regardless of privacy choices

📋 How to Exercise Rights

• Online Form: Submit CCPA Request
• Email: privacy@skillthrive.com
• Phone: [Toll-free number for CA residents]
• Authorized Agent: Provide written authorization
• Verification: Identity verification required
• Response Time: 45 days (extendable to 90)

💰 Sale and Sharing Disclosure

We DO NOT sell personal information for money

SkillThrive has never sold personal information for monetary consideration and has no plans to do so.

Limited data sharing for business purposes:

• Analytics providers (Google Analytics)
• Payment processors (PayPal)
• Email service providers (Resend, Brevo)
• Hosting and infrastructure providers

15. Policy Changes and Updates

📅 How We Handle Updates

Minor Changes:

• Clarifications and formatting updates
• Contact information changes
• Link updates and corrections
• Effective immediately upon posting

Material Changes:

• New data collection practices
• Changes to sharing or use of data
• 30 days advance notice via email
• Prominent notice on our website

🔔 Notification Methods

Email Notifications

• Sent to all registered users
• 30 days before effective date
• Plain language summary
• Links to full updated policy

Platform Notices

• Banner on website and app
• Dashboard notifications
• Pop-up alerts for major changes
• Version history available

Social Media

• Announcements on social channels
• Blog posts explaining changes
• FAQ updates
• Community forum discussions

📋 Version History and Archive

Version 3.0Current

December 29, 2025

Version 2.0View Archive

August 1, 2024

Version 1.0View Archive

January 15, 2024

16. Contact Information and Complaints

📧 Privacy Inquiries

🏢 Company Contact

Mailing Address:

SkillThrive Ltd.
[Street Address]
[City, State/Country, Postal Code]

Support:

support@skillthrive.com
[Phone Number]

⚖️ Regulatory Complaints

If you're not satisfied with our response to your privacy concerns, you have the right to file a complaint with the relevant data protection authority:

EU Residents

Your national data protection authority
Find your authority

UK Residents

Information Commissioner's Office (ICO)
ico.org.uk

CA Residents

California Attorney General
oag.ca.gov

Privacy Policy

📋 Table of Contents