profilo← Back to home

Privacy Policy

As of: June 2026

This is a translation provided for convenience. Only the German version is legally binding. View the German version →

1. Controller

The controller responsible for data processing on this website is:

Merlin Kreuzkam
c/o Online-Impressum.de #5433
Europaring 90
53757 Sankt Augustin
Germany
Email: hello@profilo.so

2. Hosting

This website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). When the site is accessed, technically necessary server log data (including IP address, time, page accessed, browser type) is processed to ensure the delivery and security of the website (Art. 6(1)(f) GDPR). A data processing agreement is in place with Vercel; any transfer of data to the USA is safeguarded on the basis of the EU Standard Contractual Clauses.

3. Processors (database, login, storage)

For database, authentication and file storage we use Supabase (Supabase Inc., USA). Account and profile data as well as uploaded images are stored there. A data processing agreement is in place; transfers to third countries are safeguarded via Standard Contractual Clauses.

4. What data we process

5. Cookies & local storage

6. Legal bases

7. Fonts

Fonts are embedded for display purposes (including via Google Fonts / a font CDN). In doing so, the IP address may be transmitted to the respective provider. Note for review: for strict GDPR compliance, fonts should be self-hosted or placed behind consent.

8. Google Analytics

With your consent we use Google Analytics 4, a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics sets cookies or uses similar technologies to analyse the use of the website (e.g. pages accessed, time spent, approximate origin). Data may be transferred to Google – also to the USA – (safeguarded via EU Standard Contractual Clauses); the IP address is processed in truncated form in Google Analytics 4. The legal basis is your consent (Art. 6(1)(a) GDPR), which you give in the cookie banner and can revoke at any time with effect for the future. By default, analytics storage is disabled (Google Consent Mode) – analytics cookies are only set and usage data only collected after your consent.

9. CV import / AI processing (Anthropic)

If you use the optional "CV import" feature, the PDF you upload is transmitted to and processed by our AI provider Anthropic PBC (548 Market Street, PMB 90375, San Francisco, CA 94104, USA) acting as a processor, in order to automatically extract content (e.g. work experience, education, skills, languages). A CV may contain personal data and possibly special categories of personal data (Art. 9 GDPR). The transfer takes place solely on the basis of your explicit consent, which you give before uploading (Art. 6(1)(a), and where applicable Art. 9(2)(a) GDPR) and which you can revoke at any time with effect for the future. The PDF is processed only transiently for the analysis and is not stored; the extracted content is shown to you for review before it is applied. A data processing agreement is in place with Anthropic; the transfer to the USA is safeguarded via the EU Standard Contractual Clauses. Anthropic does not use data submitted via the API to train its models. Use is voluntary – you can also fill in your profile entirely manually.

10. Retention period

We store account and profile data for as long as your account exists. After your account is deleted, your data and profile content are removed. Statistics data is anonymous and aggregated.

11. Your rights

You have the right to access, rectification, erasure, restriction of processing, data portability and objection. You can revoke any consent given at any time with effect for the future. You can delete your account yourself at any time in the settings. You also have the right to lodge a complaint with a data protection supervisory authority. Requests to: hello@profilo.so.

12. Contact

For questions about data protection you can reach us at hello@profilo.so.