Privacy Policy

What we collect and why

When you sign in with LinkedIn, we receive the following information from LinkedIn's OpenID Connect service:

• Your name and profile photo
• Your primary email address
• A unique LinkedIn identifier (not your LinkedIn URL or connection data)

We store this information in our database to create and maintain your member account. We use it to identify you when you return, display your profile in the directory if you have opted in, and associate your participation in discussions with your identity.

We do not collect your LinkedIn connections, your LinkedIn messages, your employment history, or any data beyond what is listed above.

The member directory and your visibility

By default, your profile is not visible in the member directory. You control whether your name, title, and company appear to other members.

If you choose to make your profile visible:

• Your name, title, and company will be visible to other logged-in members
• Your email address is never displayed to other members
• Your profile photo from LinkedIn may be displayed

You can change your directory visibility at any time by contacting us at jon@complianceworxs.com. Profile removal from the directory takes effect within 48 hours.

Vendors and third-party access

Vendors who are approved for access to this platform may view the profiles of members who have opted into Professional-tier visibility. Vendors cannot access the profiles of members who have not opted in.

Vendors are approved manually. We review applications before granting access. However, we cannot guarantee vendor behavior once access is granted. We do not sell member data to vendors or any third party.

Vendor access is limited to viewing opted-in profiles. Vendors cannot contact members through this platform, access member email addresses, or export member data.

Cookies and session data

We use a single session cookie to keep you logged in. This cookie is HttpOnly (not accessible to JavaScript), Secure (HTTPS only), and expires after 30 days. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

We use Vercel Analytics to collect anonymous aggregate data about page views. This data is not linked to individual users and does not include personal information.

Data storage and security

Member data is stored in Supabase, a cloud database hosted in the United States. We use industry-standard security practices including encrypted connections, access controls, and row-level security policies that restrict data access by role.

No security system is impenetrable. We cannot guarantee absolute security of your data. If a breach occurs that affects your personal information, we will notify affected members by email within a reasonable time.

Your rights

You may request deletion of your account and all associated data at any time. Send a deletion request to jon@complianceworxs.com. We will delete your record from our database within 7 days. Data that was visible to other members before deletion cannot be recalled from their memory or notes.

You may request a copy of the data we hold about you at any time via the same email address.

Changes to this policy

If we make material changes to this policy, we will note the updated date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy. We will not materially reduce your privacy protections without notice.