๐
Your privacy matters. We do not sell your data, serve ads, or share your information with third parties beyond what is strictly necessary to operate the platform. Candidate email addresses are never shared with employers.
This Privacy Policy explains what personal data XPROTALENT collects, how we use it, who we share it with, and your rights over it. By using XPROTALENT, you agree to the practices described here.
1. Data We Collect
| Category |
Who It Applies To |
What Is Collected |
| Account |
All users |
Email address, hashed password, account creation date, role (candidate / employer), paid status |
| Payment |
All users |
Payment reference number, amount, currency, status, and timestamp. Card numbers are never stored โ all card processing is handled by Paystack. |
| Session |
All users |
HMAC-signed session token stored in your browser's local storage. Not stored server-side. |
| Candidate profile |
Candidates |
Full name, phone (optional), country, city, date of birth (optional), gender (optional), professional headline, bio, qualification, years of experience, availability status, LinkedIn / GitHub / portfolio / website URLs (optional), profile photo URL (optional) |
| Skills |
Candidates |
Skill names and self-assessed proficiency levels selected by the candidate |
| Resume |
Candidates |
Structured resume JSON (experience, education, certifications, projects, languages) and auto-generated plain text resume |
| ATS scans |
Candidates |
Resume text submitted for analysis, job description (optional), score, section breakdown, and suggestions. Up to 20 historical scans retained. |
| Activity logs |
Candidates |
Profile view events (employer ID, timestamp โ deduplicated daily per employer) and resume download events (employer ID, timestamp) |
| Messages |
All users |
Message body, sender/recipient IDs, thread ID, timestamp, read status |
| Employer profile |
Employers |
Company name, industry, company size, country, city, website URL, logo URL (optional), company description, contact person name/title/phone (all optional) |
| Subscription |
Employers |
Plan type, amount, start/expiry dates, status |
| Notifications |
All users |
Notification type, title, body text, read status, timestamp |
2. How We Use Your Data
- Candidate profiles are stored and displayed in employer search results, subject to your visibility settings.
- Skills are indexed to power employer search โ this is the primary mechanism employers use to discover you.
- Resume data is delivered to employers who choose to download it and is used by the ATS scanner tool.
- Activity logs (profile views, resume downloads) are used to generate your in-portal notifications and stats. Employers are identified to you by company name only.
- Messages are delivered between employers and candidates through the built-in inbox. We do not read message content except where required by law or to investigate abuse reports.
- Payment data is used to verify and record transactions and manage subscription status.
- Session tokens are used to authenticate you on each page load without storing state server-side.
We do not sell your data. We do not use your data for advertising. We do not build advertising profiles on users.
3. What Employers Can and Cannot See
๐
Employers can see: your full name, headline, bio, profile photo, country/city, qualification, years of experience, availability, skills (with levels), and any links you have added (LinkedIn, GitHub, Portfolio, Website). If they download your resume, they receive the full text.
Employers cannot see: your email address, date of birth, phone number, gender, or any data you have not explicitly added to your public profile. All employer contact must go through the XPROTALENT messaging system โ your email is never exposed.
You receive a notification (identifying the employer by company name) each time your profile is viewed or your resume is downloaded.
4. Data Sharing
We share data with the following third parties strictly to operate the platform:
- Paystack โ receives your email address and payment amount to process transactions. Your card details go directly to Paystack and are never seen by XPROTALENT. Paystack's own Privacy Policy applies to data they hold.
- Cloudflare โ the platform runs on Cloudflare Workers (edge compute) and Cloudflare D1 (database). Cloudflare may process request metadata (IP addresses, user-agent strings) in accordance with their Privacy Policy.
No other third parties receive your personal data. No advertisers, data brokers, recruiters, or analytics platforms have access to any user data.
5. Data Retention
- Active accounts: all data is retained while your account is open.
- ATS scan history: last 20 scans retained per candidate. Older scans are automatically removed.
- Activity logs: profile view and resume download records are retained for the lifetime of the account.
- Deleted accounts: profile, resume, skills, ATS history, and messages are removed within 30 days of deletion. Payment records are retained for 7 years as required by financial regulations.
- Expired employer subscriptions: company profile data is retained while the account exists; it is only deleted if the account is closed.
6. Security Measures
- Passwords are hashed using PBKDF2-SHA256 with a unique salt per account. Plain-text passwords are never stored.
- Session tokens are HMAC-signed with a server-side secret. They cannot be forged. They are stored only in your browser's local storage.
- All connections are encrypted via HTTPS/TLS. There is no unencrypted HTTP access.
- Payment processing is handled entirely by Paystack. XPROTALENT never receives or stores card numbers, CVVs, or PINs.
- Database is hosted on Cloudflare D1, a geographically distributed SQLite platform with automatic backups.
7. Your Rights
๐ Access
You can view all data you have entered through your portal at any time. You may request a full data export by contacting support.
โ๏ธ Correction
Update your profile, resume, and skills directly from your portal. Changes take effect immediately and are visible to employers within seconds.
๐๏ธ Deletion
Request account deletion through your portal settings or by contacting support. We will remove your data within 30 days. Payment records are exempt for legal compliance.
๐ Visibility Control
Candidates can hide their profile from all employer searches at any time from the Settings section of their portal. Hiding takes effect immediately.
๐ Portability
Your resume is always downloadable as plain text from your portal. You can copy or export it at any time.
๐ซ Objection
If you believe your data is being processed inappropriately, contact us. We will review your concern and respond within 5 business days.
8. Cookies and Local Storage
XPROTALENT does not use tracking cookies, advertising cookies, or analytics cookies. We use browser local storage (not cookies) to store:
- Your session token (to keep you logged in)
- A cached copy of your user data (for instant page loads)
- Your preferred API base URL (for developer testing only)
You can clear local storage at any time via your browser's developer tools or settings. Doing so will sign you out. No tracking data is stored.
9. Children's Privacy
XPROTALENT is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has registered an account, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy as the platform evolves. When we make material changes, we will communicate them through the platform (e.g. a notification in your portal). The "Last updated" date at the top of this page will always reflect the current version.
11. Contact
For privacy questions, data requests, or concerns, reach us through the support channel in your portal, or via the contact details provided at registration. We aim to respond to all privacy-related enquiries within 5 business days.