Privacy Policy

1. Introduction

Ratemy, Inc. ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform (the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly, including:

• Account Information: Name, email address, password, profile photo, bio, job title, company
• Review Content: Reviews, ratings, comments, uploaded documents (proof of employment/experience)
• Professional Information: Work history, specialties, certifications, years of experience
• Payment Information: Credit card details (processed securely by Stripe), billing address
• Communications: Messages sent to support, feedback, survey responses
• Verification Documents: LinkedIn profile, employment verification, professional licenses

2.2 Automatically Collected Information

• Log Data: IP address, browser type, device information, operating system, pages visited, time spent on pages
• Cookies & Similar Technologies: Session cookies, analytics cookies, preference cookies (see Cookie Policy below)
• Usage Data: Features used, search queries, clicks, AI Coach session data (voice recordings, feedback, scores)
• Location Data: Approximate location based on IP address (city/country level, not precise GPS)

2.3 Information from Third Parties

• LinkedIn OAuth: Profile information, work history, email (only if you choose to connect)
• Payment Processors (Stripe): Payment confirmation, transaction IDs
• Public Records: Publicly available professional information (e.g., company websites, LinkedIn)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Provide & Improve the Service

• Create and maintain your account
• Display your reviews and professional profile
• Process payments and subscriptions
• Provide AI Leadership Coach sessions (voice processing, feedback generation)
• Send transactional emails (review notifications, account updates)
• Improve platform features and user experience
• Detect and prevent fraud, abuse, and security threats

3.2 Communication

• Respond to your inquiries and support requests
• Send administrative emails (password resets, billing confirmations)
• Send marketing emails (product updates, feature announcements) - you can opt out
• Send weekly practice reports (AI Coach)

3.3 Analytics & Research

• Analyze platform usage to improve features
• Generate aggregate statistics (e.g., average manager ratings by industry)
• Conduct research to develop new products and services

3.4 Legal & Safety

• Comply with legal obligations (subpoenas, court orders)
• Enforce our Terms of Service
• Protect against fraud, spam, and malicious activity
• Investigate disputes and violations

3.5 AI Moderation

• Screen reviews for PII, toxicity, spam, and violations
• Process AI Coach voice recordings for speech-to-text and coaching analysis
• AI Coach recordings are not stored permanently - transcripts are retained, audio is deleted after processing

4. Legal Basis for Processing (GDPR)

If you are located in the EU/EEA, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service (e.g., creating your account, processing payments)
• Consent: You have given explicit consent (e.g., marketing emails, cookie consent)
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving the Service, fraud prevention) that do not override your rights
• Legal Obligation: Processing required to comply with laws (e.g., responding to legal requests)

5. Data Sharing & Disclosure

We do not sell your personal information. We share your information only in the following circumstances:

5.1 Public Information

• Reviews: Your reviews and ratings are publicly visible (unless anonymous)
• Professional Profiles: Professional profiles are publicly accessible
• User Profiles: Your display name, photo, and bio may be publicly visible

5.2 Service Providers

We share data with third-party vendors who help us operate the Service:

• Stripe: Payment processing (PCI-DSS compliant)
• SendGrid: Email delivery
• AWS S3/Cloudinary: File storage (photos, documents)
• OpenAI: AI moderation, AI Coach functionality
• Upstash Redis: Caching and rate limiting
• Vercel: Hosting and infrastructure

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Subpoenas, court orders, or legal processes
• Government or regulatory requests
• Emergencies involving danger to life or property

5.4 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred to the new owner. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Account Data: Retained while your account is active, plus 90 days after deletion (for recovery)
• Reviews: Retained indefinitely unless you delete them or we remove them
• Payment Records: Retained for 7 years (tax compliance)
• AI Coach Audio: Deleted immediately after transcription (transcripts retained for 1 year)
• Logs & Analytics: Retained for 90 days
• Backups: May contain deleted data for up to 30 days

7. Your Privacy Rights

7.1 GDPR Rights (EU/EEA Residents)

If you are in the EU/EEA, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing (e.g., marketing emails)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, visit your Privacy Settings or email privacy@www.ratingapp.net.

7.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under CCPA:

• Right to Know: Request disclosure of personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out of Sale: We do not sell your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, visit Privacy Settings or call 1-800-RATEMY-1.

7.3 All Users

• Update Account Info: Edit your profile in Settings
• Delete Account: Request account deletion in Privacy Settings
• Opt-Out of Marketing: Click "Unsubscribe" in any marketing email or update Notification Settings
• Download Your Data: Export all your data from Privacy Settings

8. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for the Service to function (login sessions, security)
• Analytics Cookies: Measure usage and improve the Service (Google Analytics, Mixpanel)
• Preference Cookies: Remember your settings (language, theme)

You can manage cookie preferences through our Cookie Consent Banner or your browser settings. Disabling cookies may affect Service functionality.

9. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted over HTTPS (TLS/SSL)
• Password Hashing: Passwords are hashed using bcrypt (never stored in plain text)
• Secure Storage: Data stored in encrypted databases (AWS RDS, Supabase)
• Access Controls: Limited employee access with role-based permissions
• Regular Audits: Security reviews and penetration testing
• AI Moderation: Automatic screening for PII before content is published

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we will notify you of any data breaches as required by law.

10. International Data Transfers

Ratemy is based in the United States. If you are accessing the Service from outside the US, your information may be transferred to, stored, and processed in the US or other countries.

For EU/EEA residents, we comply with GDPR requirements for international transfers through:

• Standard Contractual Clauses (SCCs) with our service providers
• Adequacy decisions by the European Commission where applicable
• Ensuring appropriate safeguards are in place

11. Children's Privacy (COPPA Compliance)

11.1 Minimum Age Requirement

The Service is intended for users who are at least 13 years old. We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13 years of age.

11.2 Age Verification

During registration, all users are required to provide their date of birth. We verify that users are at least 13 years old before allowing them to create an account. Users who are under 13 are not permitted to register for the Service.

11.3 What We Do If We Learn a Child Under 13 Has Registered

If we learn or have reason to believe that a user is under 13 years of age, we will:

• Immediately terminate the account
• Delete all personal information associated with that account from our systems
• Notify the email address associated with the account (if verifiable as a parent/guardian)
• Remove all user-generated content (reviews, comments, etc.) posted by that user

11.4 For Parents and Guardians

If you are a parent or guardian and you believe your child under 13 has created an account on our Service without your permission, please contact us immediately:

We will delete the account within 48 hours of receiving a verified request from a parent or guardian.

11.5 How We Protect Children's Information

• Age gates: We require date of birth during registration and verify age before account creation
• Automated monitoring: We use automated systems to detect suspicious age patterns
• Reporting mechanism: Users can report suspected underage accounts
• No targeted collection: We do not knowingly direct content or marketing to children under 13
• Immediate deletion: Any data collected from a child under 13 (if discovered) is immediately deleted

11.6 Information We Collect from Users 13+

For users aged 13-17, we collect only the information necessary to provide the Service:

• Email address and password (for account authentication)
• Date of birth (for age verification only - not displayed publicly)
• Display name (optional)
• Reviews and ratings (subject to parental consent for those under 18 in certain jurisdictions)

We do not require users aged 13-17 to provide more personal information than is reasonably necessary to participate in the Service.

12. Third-Party Links

The Service may contain links to third-party websites (e.g., LinkedIn, company websites). We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification (to your registered email address)
• Prominent notice on the Service
• Updating the "Last Updated" date at the top of this page

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us: