Legal

Privacy Policy

Last updated: February 12, 2026 · Effective immediately

1. Introduction

PathForge (“we,” “us,” or “our”) operates PathForge (pathforge.eu). Your privacy is fundamentally important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

As a company based in the Netherlands, we operate under the General Data Protection Regulation (GDPR) and treat all users — regardless of location — to the same high standard of data protection.

2. Data Controller

The data controller responsible for your personal data is:

PathForge

Netherlands

Email: hello@pathforge.eu

3. Data We Collect

3.1 Information You Provide

Account data: Name, email address when you create an account or join our waitlist.
Career documents: Resumes/CVs you upload for Career DNA™ analysis.
Profile information: Professional preferences and career goals you configure.
Communications: Messages you send to us via email or support channels.

3.2 Automatically Collected Data

Usage data: Pages visited, features used, and interaction patterns (anonymized).
Device data: Browser type, operating system, screen resolution.
Log data: IP address (anonymized), access timestamps, referral URLs.

3.3 Data We Do NOT Collect

We do not sell your data. Ever.
We do not track you across other websites.
We do not use your career documents for model training without explicit consent.

4. How We Use Your Data

Career intelligence: To analyze your career profile and provide personalized recommendations.
Service improvement: To understand usage patterns and improve the platform (aggregated, anonymized).
Communications: To send product updates you've opted into (you can unsubscribe anytime).
Security: To detect and prevent fraud, abuse, or security incidents.
Legal compliance: To meet regulatory requirements.

5. Legal Basis for Processing

Under GDPR, we process your data based on:

Consent: For waitlist sign-ups and marketing communications.
Contract performance: To provide the PathForge service you've requested.
Legitimate interest: For security, fraud prevention, and service improvement.
Legal obligation: When required by applicable EU/NL law.

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account data: Until you request deletion or 2 years after last activity.
Career documents: Until you delete them or request account deletion.
Usage analytics: 26 months (anonymized after 14 days).
Communication records: 5 years for legal compliance.

7. Your Rights (GDPR)

As a data subject, you have the right to:

Access: Request a copy of all personal data we hold about you.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion of your personal data (“right to be forgotten”).
Portability: Receive your data in a structured, machine-readable format.
Restriction: Request that we limit processing of your data.
Objection: Object to processing based on legitimate interest.
Withdraw consent: Withdraw previously given consent at any time.

To exercise any of these rights, contact us at hello@pathforge.eu. We respond within 30 days.

8. Data Security

We implement industry-standard security measures including:

TLS 1.3 encryption for all data in transit
AES-256 encryption for data at rest
Regular security audits and penetration testing
Strict access controls with principle of least privilege
EU-based data infrastructure

9. Third-Party Services

We may use third-party services that process data on our behalf. All third-party processors are GDPR-compliant and have signed Data Processing Agreements (DPAs):

Hosting: Vercel (EU region)
Analytics: Anonymized, privacy-first analytics (no cookies required)
Email: Transactional email service for account-related communications

10. International Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If any data is transferred outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) or other GDPR-approved mechanisms.

11. Children's Privacy

PathForge is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware of any such data, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email and update the “Last updated” date. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related inquiries or to exercise your data rights:

PathForge

Email: hello@pathforge.eu

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

See also: Terms of Service · Cookie Policy

Legal

Privacy Policy

Last updated: February 12, 2026 · Effective immediately

1. Introduction

As a company based in the Netherlands, we operate under the General Data Protection Regulation (GDPR) and treat all users — regardless of location — to the same high standard of data protection.

2. Data Controller

The data controller responsible for your personal data is:

PathForge

Netherlands

Email: hello@pathforge.eu

3. Data We Collect

3.1 Information You Provide

Account data: Name, email address when you create an account or join our waitlist.
Career documents: Resumes/CVs you upload for Career DNA™ analysis.
Profile information: Professional preferences and career goals you configure.
Communications: Messages you send to us via email or support channels.

3.2 Automatically Collected Data

Usage data: Pages visited, features used, and interaction patterns (anonymized).
Device data: Browser type, operating system, screen resolution.
Log data: IP address (anonymized), access timestamps, referral URLs.

3.3 Data We Do NOT Collect

We do not sell your data. Ever.
We do not track you across other websites.
We do not use your career documents for model training without explicit consent.

4. How We Use Your Data

Career intelligence: To analyze your career profile and provide personalized recommendations.
Service improvement: To understand usage patterns and improve the platform (aggregated, anonymized).
Communications: To send product updates you've opted into (you can unsubscribe anytime).
Security: To detect and prevent fraud, abuse, or security incidents.
Legal compliance: To meet regulatory requirements.

5. Legal Basis for Processing

Under GDPR, we process your data based on:

Consent: For waitlist sign-ups and marketing communications.
Contract performance: To provide the PathForge service you've requested.
Legitimate interest: For security, fraud prevention, and service improvement.
Legal obligation: When required by applicable EU/NL law.

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account data: Until you request deletion or 2 years after last activity.
Career documents: Until you delete them or request account deletion.
Usage analytics: 26 months (anonymized after 14 days).
Communication records: 5 years for legal compliance.

7. Your Rights (GDPR)

As a data subject, you have the right to:

Access: Request a copy of all personal data we hold about you.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion of your personal data (“right to be forgotten”).
Portability: Receive your data in a structured, machine-readable format.
Restriction: Request that we limit processing of your data.
Objection: Object to processing based on legitimate interest.
Withdraw consent: Withdraw previously given consent at any time.

To exercise any of these rights, contact us at hello@pathforge.eu. We respond within 30 days.

8. Data Security

We implement industry-standard security measures including:

TLS 1.3 encryption for all data in transit
AES-256 encryption for data at rest
Regular security audits and penetration testing
Strict access controls with principle of least privilege
EU-based data infrastructure

9. Third-Party Services

We may use third-party services that process data on our behalf. All third-party processors are GDPR-compliant and have signed Data Processing Agreements (DPAs):

Hosting: Vercel (EU region)
Analytics: Anonymized, privacy-first analytics (no cookies required)
Email: Transactional email service for account-related communications

10. International Transfers

11. Children's Privacy

PathForge is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware of any such data, we will delete it immediately.

12. Changes to This Policy

13. Contact Us

For privacy-related inquiries or to exercise your data rights:

PathForge

Email: hello@pathforge.eu

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

See also: Terms of Service · Cookie Policy