Privacy policy

What we collect

When you join Guild.cv we collect: your name, contact methods (email and/or phone, used for sign-in), professional details you choose to publish (current role, venue, city, work history, certifications, languages, specialties), and any external links you add (website, LinkedIn).

We also collect the IP address and user agent of inbound contact requests sent through the relay form, for abuse prevention only. We do not share this with the recipient.

What's public

Your profile at guild.cv/{slug} is publicly indexable by default. The fields shown there — name, current role, venue, city, bio, work history, certifications, accepted references, recent updates — are all visible to anyone.

Your sign-in contact methods (email, phone), pending reference requests, and contact-relay messages are not public. They're visible only to you (and, in the case of relay messages, to the recipient).

How sign-in works

We don't store passwords. Sign-in is via one-time codes sent to your email or phone. Codes are stored hashed (sha256 with a secret pepper), expire in 10 minutes, and are single-use. We don't store the plaintext code.

How references work

When you request a reference, we email the colleague a token-bound link. They can accept or decline. Their email address is stored against the request so we can dedupe and resend; it's not shown on your profile.

Your rights

You can export, edit, or delete your profile at any time from Settings → Account. Deleting your profile removes your public page, your work history and certifications, and anonymises (rather than deletes) the references you've received — your colleagues' words don't disappear, but they're no longer attached to you.

Where data is stored

We host on Supabase + Vercel in ap-southeast-2 (Sydney). Email is delivered via Resend; SMS via Twilio. We don't sell or share your data with anyone else.

Contact

Questions about this policy: privacy@guild.cv.