Select purposes you consent to. Strictly Necessary cannot be disabled. Legal basis: GDPR Art.6(1)(a) .
Authentication sessions, security tokens, fraud prevention, and core platform functionality.
Session ID Auth Tokens Security Hashes
⏰ Session / 1 year
Page views, feature usage, portfolio completion rates, error tracking, session recordings, heatmaps, and funnel analysis.
Page Views Click Events Session Recordings IP (anon) Device Type
► Show vendors Google Analytics 4, Hotjar, Microsoft Clarity, Mixpanel, Segment, PostHog, Sentry, LogRocket
⏰ 14 months
NapAI career recommendations, skill-gap analysis, and adaptive UI based on your career level and tool usage.
Career Profile Skills Data Tool Activity Job Preferences
► Show vendors NapAI (proprietary), OpenAI API, Anthropic API, AWS Personalise, Algolia, LinkedIn API
⏰ Until account deletion
Targeted ads, custom audiences, conversion tracking, and email campaigns based on usage behaviour.
Email Ad Click IDs UTM Params Remarketing Lists
► Show vendors Google Ads, Meta Pixel, LinkedIn Insight Tag, TikTok Pixel, Twitter/X Ads, Mailchimp, HubSpot, Intercom, Clearbit, Apollo.io, Customer.io
⏰ 13 months
Anonymised portfolio data and NapAI interaction logs used to train ML models. Data is de-identified before training.
Anonymised Portfolio AI Chat Logs (anon) Skill Progression
⏰ 36 months
Share activity data with connected platforms (GitHub, Kaggle, Figma, Notion + 25 others) to pull verified project data.
OAuth Tokens GitHub Repos Figma Projects Kaggle Notebooks
► Show vendors GitHub, GitLab, Kaggle, Google Analytics, Figma, Notion, Jira, Slack, YouTube, Webflow, Shopify, Stripe, AWS, GCP, Vercel, npm
⏰ Until disconnected
Experiment groups for testing features, UI layouts, pricing, and AI recommendation variations.
Experiment Group ID Feature Flags Variant Assignment
► Show vendors Optimizely, LaunchDarkly, GrowthBook, PostHog Feature Flags
⏰ 90 days
Link activity across devices. Probabilistic device fingerprinting may be used when logged out.
Device Fingerprint IP Address Browser Metadata Geolocation
► Show vendors Segment Personas, Amplitude Identity, Clearbit Reveal
⏰ 24 months
⚖ Legitimate Interest (Art.6(1)(f)): You may object at any time using the toggles below.
Monitor fraudulent activity, bot traffic and abuse. Log security events for incident response.
IP Address Login Logs Request Frequency
⏰ 12 months
Account confirmations, password resets, billing receipts, and critical product updates.
Email Address Name Account Status
⏰ Account + 7 years
Aggregated, anonymised reports on skills trends and hiring benchmarks. Individuals are never identifiable.
Aggregated Skills Industry Category Tool Popularity
⏰ Indefinite (anonymised)
Make your verified portfolio discoverable to recruiters via the Nap OS CRM. Control visibility in your profile settings.
Public Portfolio Verified Skills Availability Status
⏰ Until set to private
All data Nap OS collects and with whom it is shared. International transfers use Standard Contractual Clauses per GDPR Chapter V .
Data Category Purpose Recipients Safeguard Identity Data Name, email, photo Account, auth, comms Auth0, SendGrid, AWS SCCs Career Profile Skills, experience, tools Portfolio, AI, CRM OpenAI, Algolia, Clearbit SCCs+DPAs Integration Data GitHub repos, GA, Figma Portfolio verification GitHub, Google, Figma OAuth/SCCs Usage Data Clicks, sessions, features Analytics, A/B, AI training Mixpanel, Hotjar, PostHog SCCs Device Data IP, browser, fingerprint Security, cross-device Cloudflare, Sentry, Segment SCCs Marketing Data Ad clicks, UTMs Advertising, CRM Google Ads, Meta, LinkedIn SCCs+DPAs Financial Data Plan, subscription Subscription management Stripe (PCI DSS L1) SCCs AI Interactions NapAI prompts, responses AI improvement OpenAI, Anthropic (anon) SCCs+DPA
Controller: Napblog Limited, UK · DPO: privacy@napblog.com · Authority: UK ICO
Under UK & EU GDPR you have the following rights. Contact privacy@napblog.com . We respond within 30 days .
👁 Right to Access Request a full copy of all personal data including your career profile and processing history.
✏ Right to Rectification Correct inaccurate data. Update your profile and contact details at any time.
🗑 Right to Erasure Request deletion. Account deletion removes your portfolio within 30 days.
⏸ Right to Restriction Request we restrict processing while a dispute is being resolved.
📦 Right to Portability Export portfolio, skills, and project history in JSON or CSV from your account settings.
🚫 Right to Object Object to legitimate interest processing via the toggles in the Legitimate Interest tab.
🤖 Automated Decision Rights Request human review of any NapAI recommendation that significantly affects you.
↩ Withdraw Consent Withdraw consent at any time via the Privacy Settings widget. Does not affect prior lawful processing.
Complaints: UK ICO or local EU authority. Contact us first at privacy@napblog.com .
