Privacy Policy
Last updated: 2026-06-08
This Privacy Policy explains how [LEGAL_ENTITY_NAME] ("Connected", "we", "us") processes your personal data when you use the Connected platform. We are the data controller. Connected is built in the EU and hosts its primary database in the European Union (Frankfurt).
Contact for privacy matters: hello@get-connected.network. Data protection contact: hello@get-connected.network. Registered office: [REGISTERED_ADDRESS].
1. What we are about
We do not run advertising networks, we do not sell your personal data, and we do not use cross-site advertising trackers. We do, however, rely on a small number of technical service providers (subprocessors) to run the platform — see our Subprocessors page.
2. Data we process
- Account & profile data: name, email, headline, location, bio, summary, avatar, account type (professional/recruiter), onboarding state.
- Public profile: most profile fields, skills, publications, work/education sections, and your reputation are visible to other signed-in users and may be visible publicly.
- Identity & company verification: the method you choose (Didit Photo ID, LinkedIn, or work email). For Photo ID verification, your identity document and biometric/liveness data are collected and processed by our verification provider Didit; Connected stores only a verification session reference and the outcome (verdict), never your document or biometric data (see Subprocessors and Retention).
- Authority Score & reputational profiling: we compute a reputation score from your publications, endorsements, skills, verified employment and activity. This is automated profiling used to rank and surface profiles; it does not produce legal or similarly significant effects and you can object (see Your Rights).
- Posts, comments, messages: content you publish, your comments, and direct/recruiter messages you send.
- Job applications & recruiter notes: applications you submit (including cover letters), application stage, and notes recruiters add about candidates.
- Company reviews: ratings and text you submit about companies. Reviews are pseudonymous — your identity is hidden from other users but is known to us and linked to your account.
- Referrals: invites you send and click events on your referral links, including IP address and user-agent of the click for fraud/abuse prevention.
- Profile views: who viewed whose profile, to power the "who viewed you" feature.
- Push notifications: your browser push subscription endpoint and keys, if you opt in.
- Waitlist & feedback: email address (waitlist) and any feedback you send.
- Uploads: avatars, post images and videos, post attachments, and company logos.
- Technical data: a session cookie to keep you signed in, and minimal server logs.
3. AI processing
Some features send content to an AI provider (OpenAI) to function: AI-powered search, company profile audit, content moderation, topic classification of posts, profile import from CV/LinkedIn PDFs, and referral message generation. We send only what the feature needs and avoid transmitting unnecessary personal data. OpenAI acts as a processor/subprocessor and does not use this data to train its models under our API terms. See Subprocessors.
4. Legal bases (Art. 6 GDPR)
- Contract (6(1)(b)): creating and operating your account, profiles, messaging, applications.
- Legitimate interests (6(1)(f)): reputation scoring, fraud/abuse prevention (including referral-click IP logging), product security, moderation, and analytics that do not profile you for advertising.
- Consent (6(1)(a)): push notifications and optional identity/company verification via Didit. You can withdraw consent at any time.
- Legal obligation (6(1)(c)): where we must retain certain records.
5. Retention
- Identity/biometric data (verification): processed and held by Didit, retained by Didit for 6 months; Connected keeps only a verification session reference and verdict.
- Referral click IP / user-agent: retained 30–90 days for abuse prevention, then deleted or anonymised.
- Profile views: retained up to 90–180 days.
- Push subscriptions: deleted on unsubscribe or account deletion.
- Recruiter notes / applications: retained for the hiring relationship; deletable on request.
- Account data: deleted or anonymised when you delete your account (see Your Rights).
6. Recipients & subprocessors
We share data with technical service providers strictly to operate the platform — hosting & database, push delivery, AI processing, identity/company verification, and email. We never sell your data. The full list is on our Subprocessors page.
7. International transfers
Our primary database is in the EU. Some subprocessors (e.g. the AI provider) may process data outside the EEA. Where that happens, transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses. Details are listed per provider on the Subprocessors page.
8. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, and port your data, and to object to processing based on legitimate interests (including reputational profiling). You can export your data and delete your account from Your Data Rights or in Settings. For any other request, contact hello@get-connected.network.
9. Complaints
You can lodge a complaint with your local supervisory authority. Our lead supervisory authority is the Italian Data Protection Authority (Garante per la protezione dei dati personali).
10. Contact
Privacy questions: hello@get-connected.network · Data protection contact: hello@get-connected.network.