Security & Data Retention Policy

We employ a range of technical, administrative, and organizational measures to ensure your data remains protected at all times. These practices are in line with industry standards and applicable international data protection laws.

• All user data is transmitted over secure, encrypted connections using TLS/SSL protocols.
• We maintain firewalls, access control lists, and real-time monitoring to prevent unauthorized access to our systems.
• User authentication is secured through hashed credentials, multi-factor authentication (MFA) (if enabled), and strict session management.
• Server infrastructure is hosted by globally recognized providers with 24/7 monitoring and physical security controls.
• We perform regular penetration tests and vulnerability scans to ensure our platform is resistant to common threats.

Access to user data is restricted only to authorized personnel within CodePulse Innovations who require it for legitimate operational or support purposes. All team members are bound by strict confidentiality agreements and undergo periodic data protection training.

We do not sell, rent, or share personal data with third parties for advertising or commercial purposes without explicit user consent.

All sensitive data, including uploaded resumes, generated portfolios, and personal identifiers, are encrypted both in transit and at rest. Encryption standards meet or exceed AES-256 protocols.

We maintain secure, encrypted backups of operational data to ensure business continuity in case of unexpected failures. Backups are routinely verified and stored in geographically distributed, compliant data centers.

We retain user data for a limited duration based on the following policy:

• User-uploaded resumes and generated portfolios are retained for up to 7 days after creation unless manually deleted by the user.
• User profile data and account credentials are retained until the user deletes their account or requests account termination.
• Upon account deletion, all associated data is permanently and irreversibly deleted within 72 hours unless legally required to retain it.

Users can manage, export, or delete their data at any time through the My Profile section of their dashboard. Permanent account deletion results in the immediate removal of all associated content from our active databases and backups within the standard retention window.

In the event of a data breach that affects user data, CodePulse Innovations will notify affected individuals without undue delay and within the time frames required under applicable law. Notifications will include the nature of the breach, compromised data categories, and remedial steps being taken.

This policy is structured in compliance with relevant international data protection frameworks including:

• General Data Protection Regulation (GDPR) – for users in the European Economic Area
• Pakistan Electronic Crimes Act (PECA) 2016 – for users in Pakistan
• California Consumer Privacy Act (CCPA) – where applicable

We log user activity and server events strictly for security, diagnostic, and legal compliance purposes. Logs are retained for up to 30 days unless needed for investigation of a specific incident or mandated by law.

We may update this Security & Data Retention Policy from time to time to reflect technological advancements or regulatory updates. Material changes will be communicated via email and posted prominently on our website.

This policy is effective as of June 20, 2025. Continued use of PortfoliBuilder constitutes your agreement to the current version of this policy.