Folio
Sign up

Privacy Notice

Last updated: April 1, 2026.

This Privacy Notice explains how Folio (“Folio”, “we”, “us”) collects, uses, and protects your personal data when you use our product. We aim to follow privacy and consent practices aligned with Malaysia’s Personal Data Protection Act (PDPA).

1. What we collect

Depending on how you use the service, we may collect the following categories of personal data:

  • Account dataEmail address, password (stored securely), display name, and basic profile information you provide.
  • Profile content you uploadCVs and supporting documents (e.g. PDF, DOCX, TXT, PPTX), plus any text you add to your profile.
  • Chat and interaction dataMessages sent to your avatar/chatbot, conversation history, and related interaction metadata (e.g. timestamps).
  • Sharing and engagement dataWhen you generate a shareable link/QR and when it is used (e.g. views/opens and usage counts), and recruiter-initiated conversations that occur through your public link.
  • Recruiter workflow dataIf you use recruiter features: job descriptions you upload, shortlists, and candidate comparison/evaluation outputs.
  • Device and technical dataIP address, browser/device information, security logs, and limited website usage signals (such as page interaction patterns) needed for abuse prevention, reliability, and product improvements.
  • Billing dataIf you subscribe: plan status and payment identifiers from our billing provider. We do not store full card details on our servers.

2. How we use your data

  • Provide and operate the serviceCreate accounts, authenticate users, store your documents, and generate your Folio profile and chatbot experience.
  • AI featuresExtract structured information from your uploads (e.g. skills/domain/experience), answer recruiter questions via your avatar, and power job-description matching and CV improvement features.
  • Sharing and engagementGenerate and operate share links/QR codes, and show you engagement signals and conversation history.
  • Safety and securityDetect abuse, prevent fraud/scraping, and keep the platform secure.
  • Support and communicationsRespond to inquiries and operational messages (e.g. important account notices). We do not use your uploaded content for marketing without your consent.

3. Legal bases / consent

Where required, we rely on your consent (for example, when you submit documents and use the chat features) and/or on our legitimate interests in operating and securing the service. You can withdraw consent where applicable, and you can delete your account (see “Your rights” below).

4. Sharing and visibility controls

Folio is designed to be shareable by you. When you create a share link/QR, anyone with that link may be able to view and chat with your Folio based on your settings and plan. You can update, disable, or regenerate your share link from within the app.

If you opt in to recruiter visibility features (where available), your profile may appear in recruiter search results. This opt-in is not enabled automatically.

5. Service providers

We use trusted service providers to run Folio. This may include hosting and database providers (e.g. Supabase), analytics/logging for reliability and product improvement (including Microsoft Clarity for website interaction analytics), and AI model providers used to generate answers and extract information from your content. We share data with providers only as needed to deliver the service.

Website analytics tools help us understand aggregate behavior (for example, which pages are hard to use). They are not used to read your private uploaded CV/document files.

6. Data retention

We keep personal data only for as long as needed to provide the service, meet legal obligations, resolve disputes, and enforce our agreements. You can delete documents and update or remove content from your profile through the app.

7. Security

We use reasonable administrative, technical, and organisational safeguards to protect personal data. No method of transmission or storage is 100% secure, but we work to maintain strong security practices.

8. Your rights

Subject to applicable laws, you may request:

  • access to your personal data
  • correction of inaccurate data
  • deletion of your account and associated data
  • withdrawal of consent (where applicable)

You can delete your account and data from your settings within the app. If you need help, contact us using the details below.

9. Changes

We may update this notice from time to time. If changes are significant, we will take reasonable steps to notify you (for example, by updating the date at the top of this page).

10. Contact

For privacy requests, questions, or complaints, contact us at [email protected].