Back to Home

Privacy Policy

Datenschutzerklärung

This Privacy Policy explains how Skill Graph ("we", "us", or "our") collects, uses, and protects your personal data when you use our website and services. This policy complies with the Swiss Federal Act on Data Protection (revFADP/revDSG, in force since September 1, 2023) and, where applicable, the EU General Data Protection Regulation (GDPR).

Last updated: January 31, 2026

Data Controller

Skill Graph
Julian Thorsten Winking
Klosbachstrasse 6
8032 Zürich
Switzerland

E-Mail: support@skill-graph.com

Information We Collect

Information You Provide

  • Account Information: Name, email address, and profile picture provided during registration through our authentication provider.
  • User Content: CVs, resumes, skill assessments, career goals, and any content you create within the Service.
  • Communications: Chat messages with our AI career coach and support inquiries.
  • Payment Information: Billing details processed by our payment provider Lemon Squeezy. We do not store payment card data.

Information Collected Automatically

  • Usage Data: Pages visited, features used, and interaction patterns.
  • Device Information: Browser type, operating system, and IP address.
  • Cookies: Session cookies and authentication tokens.

Purpose of Processing

We process your data to:

  • Provide and improve the Skill Graph platform and AI career coaching features
  • Personalize recommendations and learning paths
  • Manage your account and process transactions
  • Communicate service updates and respond to inquiries
  • Analyze usage to improve functionality
  • Comply with legal obligations

Legal Basis for Processing

Under Swiss law (revFADP) and GDPR, we process your data based on:

  • Contract Performance: Processing necessary to provide the Service you requested.
  • Legitimate Interests: Improving the Service, ensuring security, and preventing fraud, provided these interests are not overridden by your interests or rights.
  • Consent: Where you have given explicit consent for specific activities.
  • Legal Obligation: Processing required to comply with applicable laws.

Third-Party Processors

We share data with trusted service providers who assist in operating our platform. Data transfers to countries outside Switzerland are protected through Standard Contractual Clauses (SCCs) or equivalent safeguards:

  • Clerk, Inc. (USA) — Authentication and identity management
  • Vercel, Inc. (USA/Global) — Web application hosting
  • Neon, Inc. (USA) — Database hosting
  • Google LLC (USA) — AI model inference (Gemini API)
  • Langfuse GmbH (EU) — LLM observability and tracing
  • Lemon Squeezy — Payment processing
  • Resend, Inc. (USA) — Transactional email delivery
  • PostHog, Inc. (USA) — Product analytics

We do not sell your personal data to third parties.

International Data Transfers

Your data may be transferred to countries outside Switzerland and the EEA, including the United States. We implement appropriate safeguards including Standard Contractual Clauses and rely on adequacy decisions where applicable.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account deletion, we delete or anonymize your data within 30 days, except where retention is required by law.

Your Rights

Under the Swiss revFADP and GDPR, you have the right to:

  • Access (Art. 25 revFADP): Request information about whether and which personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data.
  • Data Portability (Art. 28 revFADP): Request a machine-readable copy of your data.
  • Restriction: Request that we limit processing in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at support@skill-graph.com. We will respond within 30 days. You may also lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC):

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB)
Feldeggweg 1
3003 Bern
Switzerland
www.edoeb.admin.ch

Cookies

We use the following cookie/storage categories based on the tools active in our codebase:

Strictly Necessary

Required for authentication, secure sessions, referral attribution during auth handoff, and storing your privacy preferences.

Provider Register

Skill Graph (first-party)

First-party
Purpose
Referral attribution during auth handoff
Legal Basis
GDPR Art. 6(1)(f) (legitimate interests)
Identifier(s)
skillmap_referral_code
Storage
Cookie + localStorage fallback
Duration
Up to 30 days
Data Transfer
Processed by Skill Graph in Switzerland; no third-party transfer for this identifier

Clerk

Third-party processor
Purpose
Authentication and secure session management
Legal Basis
GDPR Art. 6(1)(b) (contract performance)
Identifier(s)
__session, __clerk_db_jwt, __client_uat
Storage
Cookies
Duration
Session cookie plus provider-managed auth token cookies (rotated and expiry-controlled by Clerk)
Data Transfer
Service infrastructure may process in the EU, UK, and US; SCCs / equivalent safeguards where required
Provider Policy
https://clerk.com/privacy

c15t

Third-party processor
Purpose
Store and manage this consent banner preferences
Legal Basis
GDPR Art. 6(1)(c) and Art. 6(1)(f)
Identifier(s)
c15t, privacy-consent-storage (legacy)
Storage
localStorage + cookie
Duration
Cookie default up to 365 days; localStorage entries persist until cleared by user or browser data reset
Data Transfer
Primary processing in provider systems; third-country transfers possible with SCCs / equivalent safeguards
Provider Policy
https://c15t.com/privacy-policy

Analytics

Used only after your opt-in to measure usage, product performance, and service quality.

Provider Register

PostHog

Third-party processor
Purpose
Product analytics and performance measurement (opt-in only)
Legal Basis
GDPR Art. 6(1)(a) (consent)
Identifier(s)
ph_*_posthog
Storage
localStorage + cookie
Duration
Cookie default up to 365 days; localStorage entries persist until cleared by user or browser data reset
Data Transfer
Configured ingestion host is eu.i.posthog.com (EU region); operational access may involve UK/US with SCCs / equivalent safeguards
Provider Policy
https://posthog.com/privacy

You can manage cookie preferences at any time through the Change Privacy Settings link in the footer, or through your browser settings.

Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS), secure authentication, and regular security assessments.

Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance.

Contact

For questions about this Privacy Policy or your data, please contact:
E-Mail: support@skill-graph.com

For full provider identification, please see our Legal Notice (Impressum).