Privacy Policy · Prodiges Talent

1. Who we are

Prodiges Talent (“we”, “our”, “us”) is the data controller for personal data collected via this platform, in accordance with the EU General Data Protection Regulation (GDPR, 2016/679). For any privacy-related enquiries please contact: privacy@prodiges-talent.com.

2. Data we collect

Account data: email address, hashed password (bcrypt), display name, OAuth provider identifier (Google).
Profile data: resume content, career history, skills, job preferences.
Usage data: pages visited, features used, AI interactions (stored for service improvement).
Payment data: processed exclusively by Stripe; we store only the subscription status and tier.
AI-generated content: resume improvements, cover letters, and interview feedback generated on your behalf.

3. Legal basis

We process your data under Art. 6(1)(b) GDPR (performance of a contract) for account and service delivery; Art. 6(1)(f) for product analytics (legitimate interest); Art. 6(1)(a) for optional analytics cookies (consent); and Art. 6(1)(c) for statutory obligations (financial records).

4. How we use your data

To authenticate you and maintain your session.
To provide AI-powered job matching, resume, and cover letter services.
To process subscription payments via Stripe.
To send transactional emails (account verification, password reset).
To detect and prevent fraud and abuse.
To improve the platform through aggregated, anonymised analytics.

5. Third-party services

Google (OAuth / Gemini AI): Google Privacy Policy
Stripe (payments): Stripe Privacy Policy
MongoDB Atlas / Google Cloud Storage (data hosting): EU-based infrastructure; sub-processor agreements in place.

6. Data retention

Your account and associated data are deleted within 30 days of an account deletion request. Financial records (invoices) are retained for 7 years as required by French accounting law.

7. Your rights (GDPR Art. 15–21)

You have the right to:

Access your personal data (Art. 15)
Rectify inaccurate data (Art. 16)
Erasure / “right to be forgotten” (Art. 17)
Data portability — export your data in JSON (Art. 20)
Object to processing (Art. 21)
Restriction of processing (Art. 18)

Exercise these rights via your profile settings or by emailing privacy@prodiges-talent.com. You may also lodge a complaint with the CNIL (French supervisory authority).

8. Cookies

We use essential cookies only (session authentication via an httpOnly cookie) by default. Optional analytics cookies require your explicit consent via the cookie banner. You may withdraw consent at any time.

9. Security

All data is transmitted over HTTPS/TLS. Passwords are hashed with bcrypt (cost factor 12). Sessions are managed via signed httpOnly cookies. Files are stored in Google Cloud Storage with access controls. In the event of a personal data breach we will notify affected users and the CNIL within 72 hours (Art. 33 GDPR).

10. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated by email or an in-app notice at least 14 days before they take effect.

See also: Terms of Service. Questions? privacy@prodiges-talent.com

2. Data we collect

Account data: email address, hashed password (bcrypt), display name, OAuth provider identifier (Google).

Profile data: resume content, career history, skills, job preferences.

Usage data: pages visited, features used, AI interactions (stored for service improvement).

Payment data: processed exclusively by Stripe; we store only the subscription status and tier.

AI-generated content: resume improvements, cover letters, and interview feedback generated on your behalf.

4. How we use your data

To authenticate you and maintain your session.

To provide AI-powered job matching, resume, and cover letter services.

To process subscription payments via Stripe.

To send transactional emails (account verification, password reset).

To detect and prevent fraud and abuse.

To improve the platform through aggregated, anonymised analytics.

7. Your rights (GDPR Art. 15–21)

You have the right to:

Access your personal data (Art. 15)

Rectify inaccurate data (Art. 16)

Erasure / “right to be forgotten” (Art. 17)

Data portability — export your data in JSON (Art. 20)

Object to processing (Art. 21)

Restriction of processing (Art. 18)

Exercise these rights via your profile settings or by emailing privacy@prodiges-talent.com. You may also lodge a complaint with the CNIL (French supervisory authority).

9. Security