Privacy Policy

1. Introduction

getfolio.dev ("we", "us", "our") is operated by Sébastien Doom, an individual based in France. We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and applicable French data protection laws.

This policy explains what data we collect, why we collect it, and your rights regarding that data.

2. Data Controller

• Name: Sébastien Doom
• Email: legal@getfolio.dev
• Country: France

3. Data We Collect

3.1 Account Data

When you sign up, we collect information from your GitHub account via OAuth:

• GitHub username and display name
• Email address
• Profile picture URL
• Repository information (names, descriptions, stars, languages). By default, only public repositories are accessed. Pro plan users may grant additional access to private repository metadata — this is opt-in and requires explicit authorization.

3.2 Profile Data

You may voluntarily provide additional information for your portfolio:

• Bio, headline, and about section
• Social links (Twitter/X, LinkedIn, etc.)
• Blog posts (synced from external platforms or written in-app)
• Testimonials from third parties

3.3 Payment Data

Payments are processed by Stripe. We do not store your credit card number or bank details. We receive only your Stripe customer ID, subscription status, and payment history.

3.4 Analytics Data

We collect anonymous page view counts on portfolio pages to provide analytics to portfolio owners. This data does not include personally identifiable information about visitors.

3.5 Technical Data

Our hosting provider (Vercel) may collect standard server logs including IP addresses, browser type, and request timestamps. These logs are used for security and performance purposes only.

4. Legal Basis for Processing

• Contract: Processing your account and profile data is necessary to provide our service.
• Consent: You choose to connect your GitHub account and provide profile information.
• Legitimate interest: Analytics and security monitoring to improve and protect the service.

5. Third-Party Services

We use the following third-party services that may process your data:

• Firebase (Google) — Authentication and database. Data may be stored in the US. Privacy policy
• Vercel — Hosting and deployment. Data may be stored in the US. Privacy policy
• Stripe — Payment processing. Privacy policy
• GitHub — OAuth authentication and repository data. Privacy policy

6. Data Retention

Your data is retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., payment records for tax purposes).

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access — Request a copy of your personal data
• Rectification — Correct inaccurate data
• Erasure — Request deletion of your data ("right to be forgotten")
• Portability — Receive your data in a structured, machine-readable format
• Restriction — Request limited processing of your data
• Objection — Object to processing based on legitimate interest

To exercise any of these rights, contact us at legal@getfolio.dev. We will respond within 30 days.

You also have the right to lodge a complaint with the French data protection authority (CNIL) at cnil.fr.

8. Cookies

We use the following cookies:

• Session cookies — Strictly necessary to keep you logged in. These do not require consent under GDPR.

We do not use third-party tracking cookies or advertising cookies.

9. International Data Transfers

Some of our third-party service providers (Firebase, Vercel, Stripe) are based in the United States. These transfers are covered by the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) as applicable.

10. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "last updated" date. For significant changes, we will notify registered users by email.