Privacy Policy

Porichoy (পরিচয়) is operated by Porichoy Technologies, a software company registered in Bangladesh. Our platform is located at porichoy.com and our registered contact address is [email protected].

We are committed to protecting your privacy. This policy explains what personal information we collect, how we use it, and what rights you have over your data.

2.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Phone number (+880 format, if provided)
• Password (stored as a bcrypt hash — we never store the plain-text password)
• Google account identifier (if you sign in with Google)

2.2 Document Content

CV and biodata content you enter in the builder — including education, employment history, skills, physical attributes, religious information, and family details — is stored in our database to power the builder, preview, and PDF generation features. This content is private by default and is never shared with anyone without your explicit action.

2.3 Usage Data

We collect standard server-side logs including:

• Pages visited and features used (to improve the product)
• Document view events (linked to your shared links — visible to you in your dashboard)
• Payment transaction IDs and statuses (not full card numbers)

2.4 Share Link View Logs

When someone opens a link you shared, we log the timestamp, device type (user agent), and an irreversibly hashed version of their IP address. The raw IP address is never stored. Approximate location (city-level, derived at logging time) may be stored. These logs are visible only to you, the document owner.

2.5 Cookies & Local Storage

We use:

• HttpOnly refresh token cookie — for keeping you logged in (7-day expiry). This cookie is not accessible to JavaScript.
• Language preference — stored in localStorage on your device.

We do not use third-party advertising cookies or cross-site tracking cookies.

We use the information we collect to:

• Provide and operate the Porichoy platform
• Generate PDF and DOCX exports of your documents
• Deliver AI scoring and writing suggestions via OpenAI (your CV content is sent to OpenAI's API — see Section 5)
• Send transactional emails (account verification, payment receipts, link expiry warnings)
• Send SMS OTP for phone verification via SSL Wireless
• Process payments via bKash, Nagad, Rocket, and SSL Commerz
• Show you view analytics for documents you share
• Improve the product through aggregated, anonymized usage statistics

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

No one except you, unless you explicitly share a document.

• Private documents — visible only to you when logged in.
• Shared links — visible to anyone with the link, within the expiry period you set. You can revoke access at any time. Sensitive fields (phone, guardian contact) remain hidden unless you approve a reveal request.
• Discoverable CVs — if you enable discoverability, your CV headline and anonymized profile become visible to verified employers in our search. Your full name and contact details remain hidden until you approve an employer's access request.
• Admin access — Porichoy staff may access document content only to resolve a verified support request, investigate abuse, or comply with a legal order. All such access is logged internally.

We have data processing agreements in place with each of these providers. Your data is only transferred to countries with adequate protections or under standard contractual clauses.

• Account and document data — retained for as long as your account is active, plus 30 days after deletion to allow recovery if the deletion was accidental.
• Audit logs — retained for 12 months, then permanently deleted.
• Payment records — retained for 7 years to comply with Bangladesh tax and accounting regulations.
• Hashed IP logs — retained for 12 months, then purged.

You have the right to:

• Access — download all your personal data from Account Settings → Export Data.
• Correction — update any inaccurate information directly in your account or by contacting support.
• Erasure — permanently delete your account and all associated data from Account Settings → Delete Account. Deletion is irreversible after the 30-day recovery window.
• Portability — export your documents as PDF or DOCX at any time.
• Objection — opt out of non-essential communications from Notification Settings.

To exercise any of these rights, email [email protected] with the subject line "Privacy Request — [Your Email]". We will respond within 30 days.

We protect your data with:

• All data encrypted at rest (AES-256 via AWS RDS encryption)
• All data encrypted in transit (TLS 1.3)
• Passwords hashed with bcrypt (cost factor 12)
• Shared link tokens generated with a cryptographically secure random 32-byte generator — not guessable or sequential
• IP addresses in view logs are SHA-256 hashed with a per-instance salt — the raw IP is never stored
• JWT access tokens expire after 15 minutes; refresh tokens after 7 days

Despite these measures, no system is 100% secure. If you discover a vulnerability, please report it responsibly to [email protected].

Porichoy is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, please contact us and we will delete the account promptly.

This policy is designed to comply with Bangladesh's Digital Security Act 2018 and the forthcoming Personal Data Protection Act (PDPA). As the PDPA is finalized and enacted, we will update this policy to remain in full compliance. Our primary data infrastructure is located in AWS ap-southeast-1 (Singapore), the closest high-availability region to Bangladesh.

We may update this privacy policy from time to time. When we make material changes, we will notify you by email (at the address associated with your account) and display a banner in the application at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the most recent version.

For any privacy-related questions or requests:

• Email: [email protected]
• General support: [email protected]