Home

Privacy Policy

Last updated: May 2026

Note: Fullexd is in pilot. This policy reflects our current practices and will be reviewed by counsel before broader launch. Material changes will be emailed to active users.

Who we are

Fullexd ("we", "us") provides verifiable career credentials. We act as a data controller for the information you provide and a data processor for the documents you upload to share with employers and referees.

What data we collect

  • Account: your email address (for sign-in via magic link), full name, username, headline, bio, skills, and optional profile photo.
  • Credentials: titles, organisations, dates, descriptions you add to badges.
  • Documents: files you choose to upload as evidence (PDF, image, Word). Stored privately, never indexed or made publicly accessible.
  • Referee details: name, email, role, relationship — supplied by you to invite a referee.
  • Activity logs: which actions you take in the platform (creating a badge, generating a share link, viewing a document) with hashed IP, user agent, and timestamp. We do not store raw IP addresses.
  • Share-link views: when a recipient opens your share link or a document, we log it (hashed IP and user agent) so you can see who has accessed your data.

What we do with it

  • Provide the service: rendering your profile, badges, share links, and resume export.
  • Verify credentials: sending invitation emails, OTP codes, and audit notifications.
  • Detect abuse: flagging credentials with suspicious content for admin review.
  • Deliverability: routing transactional email through Resend.

We do not sell your data. We do not share data with advertisers. We do not use your data to train AI models for third parties.

Where data is stored

Profile and credential data: Supabase (PostgreSQL), London region (eu-west-2). Documents: Supabase Storage, same region. Email delivery: Resend (Ireland region).

Document privacy

Documents you upload are stored in a private bucket. They are never publicly accessible. When you share via a share link, recipients view them through our watermarked viewer; the document bytes are proxied through our server with a 5-minute signed URL that we generate per-request. Watermarks include the recipient identifier and a hashed IP so leaks are traceable.

Your rights

You may at any time:

  • Access your data — visit /profile/edit or contact support@fullexd.com for a full export.
  • Correct your data — edit your profile and badges directly.
  • Delete your account and all associated data — available from /profile/edit. Deletion is permanent and irreversible.
  • Object to processing or restrict use — contact support@fullexd.com.
  • Lodge a complaint with your local data protection authority.

Retention

We keep your account data for as long as your account is active. Activity logs are retained for 12 months for security and audit purposes. Deleted accounts and their data are removed permanently within 30 days of the deletion request, except where law requires longer retention (typically billing records and legal holds).

Children

Fullexd is not intended for use by anyone under 18. Do not create an account if you are under 18.

Changes to this policy

We will email active users at least 14 days before any material change. The current version is always at fullexd.com/privacy.

Contact

Privacy questions: privacy@fullexd.com
General support: support@fullexd.com