inContact
Sign in

Free to read  ·  Free to subscribe  ·  Free to join

Policy

Privacy Policy

Last updated: 28 March 2026

1. Who we are

inContact (“we”, “us”, “our”) operates the incontact.pro platform. We are the data controller for personal data collected through this service.

Contact: privacy@incontact.pro

2. What data we collect and why

Email address

Account creation, sign-in, verification emails

Lawful basis: Contract

Name, profile photo

Public profile display

Lawful basis: Contract

Professional & education history

Profile content you choose to share

Lawful basis: Consent

Openness signals

Career interest visibility to scouts (opt-in)

Lawful basis: Consent

Posts, comments, resources

Platform content you publish

Lawful basis: Contract

Direct messages

Private communication between users

Lawful basis: Contract

Feed & profile view events

Creator analytics (views, readers)

Lawful basis: Legitimate interest

Payment information

Course purchases (processed by Stripe)

Lawful basis: Contract

OAuth tokens

Sign-in via Google, Microsoft, GitHub

Lawful basis: Contract

3. Data processors
  • Vercel — hosting, serverless functions, blob storage (USA)
  • Neon — PostgreSQL database (USA)
  • Stripe — payment processing (USA/EU)
  • Resend — transactional email delivery (USA)

All processors operate under Data Processing Agreements. Data may be transferred to the United States under Standard Contractual Clauses.

4. Data retention
  • Account data: retained while your account is active
  • Posts and comments: retained until deleted by you or account closure
  • Direct messages: retained until deleted or account closure
  • Analytics events: retained for 2 years
  • Audit logs: retained for 2 years (ISO 27001 requirement)
  • Payment records: retained for 7 years (legal obligation)
  • After account deletion: 30-day grace period, then permanent erasure of all PII
5. Your rights (GDPR Articles 15-22)
  • Access — download all your data from Settings > Privacy
  • Rectification — edit your profile and content at any time
  • Erasure — request account deletion from Settings > Privacy (30-day grace period)
  • Portability — export your data as JSON
  • Object — opt out of analytics tracking in Settings > Privacy
  • Restrict processing — contact us to restrict specific processing

To exercise any right, visit Settings > Privacy or email privacy@incontact.pro.

6. Cookies and local storage

We use only essential storage. See our Cookie Policy for full details.

7. AI content moderation

Posts and comments are assessed by an automated system that estimates the probability of AI-generated content. This produces a score used to flag content for review. No personal data is shared with third-party AI providers for this purpose — scoring uses a local heuristic model.

8. Security

We implement appropriate technical measures including encryption in transit (TLS), encrypted database storage at rest (AES-256 via Neon), security headers (CSP, HSTS, X-Frame-Options), input sanitisation, and audit logging.

9. International transfers

Your data may be processed in the United States by our infrastructure providers (Vercel, Neon). These transfers are protected by Standard Contractual Clauses as approved by the European Commission.

10. Changes to this policy

We will notify you of material changes via email or an in-app notice at least 30 days before they take effect.

11. Complaints

You have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.