Privacy Policy

Politique de confidentialité — Last updated: April 2026

1. Introduction

getfolio.dev ("we", "us", "our") is operated by Sébastien Doom, an individual based in France. We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and applicable French data protection laws.

This policy explains what data we collect, why we collect it, and your rights regarding that data.

2. Data Controller

  • Name: Sébastien Doom
  • Email: legal@getfolio.dev
  • Country: France

3. Data We Collect

3.1 Account Data

When you sign up, we collect information from your GitHub account via OAuth:

  • GitHub username and display name
  • Email address
  • Profile picture URL
  • Repository information (names, descriptions, stars, languages). By default, only public repositories are accessed. Pro plan users may grant additional access to private repository metadata — this is opt-in and requires explicit authorization.

3.2 Profile Data

You may voluntarily provide additional information for your portfolio:

  • Bio, headline, and about section
  • Contact email address and phone number (with per-field visibility controls — you choose whether each is publicly displayed on your portfolio)
  • Spoken languages
  • Social links (Twitter/X, LinkedIn, etc.)
  • Blog posts (synced from external platforms or written in-app)
  • Testimonials from third parties

3.3 Payment Data

Payments are processed by Stripe. We do not store your credit card number or bank details. We receive only your Stripe customer ID, subscription status, and payment history.

3.4 Analytics Data

We collect anonymous page view counts on portfolio pages to provide analytics to portfolio owners. This data does not include personally identifiable information about visitors.

With your consent, we also use:

  • PostHog— Product analytics (page views, navigation patterns). Data is sent to PostHog's EU servers.
  • Microsoft Clarity — Session recordings and heatmaps to understand how users interact with the application. For authenticated users, your user ID and display name are associated with your session to help us provide better support.

These analytics tools are only activated after you accept cookies via the consent banner. If you decline, no analytics cookies are set and no session recordings are made.

3.5 Technical Data

Our hosting provider (Vercel) may collect standard server logs including IP addresses, browser type, and request timestamps. These logs are used for security and performance purposes only.

4. Legal Basis for Processing

  • Contract: Processing your account and profile data is necessary to provide our service.
  • Consent: You choose to connect your GitHub account and provide profile information. Analytics cookies (PostHog, Microsoft Clarity) are only set after you explicitly accept them via the cookie consent banner.
  • Legitimate interest: Analytics and security monitoring to improve and protect the service.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Firebase (Google) — Authentication and database. Data may be stored in the US. Privacy policy
  • Vercel — Hosting and deployment. Data may be stored in the US. Privacy policy
  • Stripe — Payment processing. Privacy policy
  • GitHub — OAuth authentication and repository data. Privacy policy
  • PostHog — Product analytics (page views, usage patterns). Data is processed in the EU. Privacy policy
  • Microsoft Clarity — Session recordings and heatmaps. Data may be stored in the US. Privacy policy

6. Data Retention

Your data is retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., payment records for tax purposes).

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure— Request deletion of your data ("right to be forgotten")
  • Portability — Receive your data in a structured, machine-readable format
  • Restriction — Request limited processing of your data
  • Objection — Object to processing based on legitimate interest

To exercise any of these rights, contact us at legal@getfolio.dev. We will respond within 30 days.

You also have the right to lodge a complaint with the French data protection authority (CNIL) at cnil.fr.

8. Cookies

We use the following cookies:

  • Session cookies — Strictly necessary to keep you logged in. These do not require consent under GDPR.
  • PostHog cookies — Used for product analytics (anonymous device ID, session tracking). Set only after you accept the cookie consent banner.
  • Microsoft Clarity cookies (_clck, _clsk) — Used for session recordings and heatmaps. Set only after you accept the cookie consent banner.

You can manage your cookie preferences at any time by clearing your browser's local storage, which will reset the consent banner. We do not use advertising cookies.

9. International Data Transfers

Some of our third-party service providers (Firebase, Vercel, Stripe, Microsoft Clarity) are based in the United States. PostHog processes data in the EU. These transfers are covered by the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) as applicable.

10. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "last updated" date. For significant changes, we will notify registered users by email.