Privacy Policy

Last updated: April 5, 2025

1. Who We Are

Roadmapify is operated by Bahareh, located at Kieler Straße, Hamburg, Germany. We are an individual operator, not a registered company.

If you have any questions about this Privacy Policy, you can contact us at: privacy@roadmapify.xyz

2. What Data We Collect

We collect the following types of data:

  • Account data: Email address and password (hashed) when you create an account.
  • Profile data: Name, current role, target role, experience level, learning preferences, and weekly availability — provided during onboarding.
  • CV/Resume data: If you choose to paste your CV, we store and process it to personalize your roadmaps. This is entirely optional.
  • Usage data: Roadmaps you generate, progress you track, and AI coaching conversations.
  • Payment data: If you subscribe to Pro, payment is processed by Stripe. We do not store your card details.

3. How We Use Your Data

We use your data to:

  • Provide and improve the Roadmapify service
  • Personalize AI-generated roadmaps and coaching responses
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmation, billing receipts)
  • Respond to support requests and inquiries

We do not sell your data to third parties. We do not use your data for advertising.

4. AI Processing

Roadmapify uses OpenAI's API to generate roadmaps, coaching responses, and resource recommendations. When you use these features, your input (goals, CV text, chat messages) is sent to OpenAI for processing. OpenAI's privacy policy applies to this processing: openai.com/privacy

We do not use your data to train AI models.

5. Data Storage & Security

Your data is stored securely using Supabase (PostgreSQL), hosted on servers in the EU. We use industry-standard encryption for data in transit (HTTPS/TLS) and at rest.

Authentication is handled by Supabase Auth. Passwords are never stored in plain text.

6. Third-Party Services

We use the following third-party services:

  • Supabase — database and authentication
  • OpenAI — AI roadmap generation and coaching
  • Stripe — payment processing
  • Vercel — hosting and deployment

7. Your Rights (GDPR)

As a user based in the EU, you have the following rights under GDPR:

  • Right of access: Request a copy of your personal data.
  • Right to rectification: Correct inaccurate data.
  • Right to erasure: Request deletion of your account and all associated data.
  • Right to data portability: Export your data in a machine-readable format.
  • Right to object: Object to processing of your data.

To exercise any of these rights, email us at privacy@roadmapify.xyz. We will respond within 30 days.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., billing records for up to 7 years under German law).

9. Cookies

We use only essential cookies required for authentication (session cookies). We do not use tracking or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice in the app. Continued use of Roadmapify after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests:

Bahareh

Kieler Straße, Hamburg, Germany

Email: privacy@roadmapify.xyz