Insiderly is currently in beta
This privacy policy is a working draft and may change over time as we continue to improve the experience based on your feedback. The core promises will not.
Section 1
What information we collect
We only collect what we need to run the platform. Here is what that includes:
- Account information — your name, email address, and password (stored as a secure hash, never in plain text).
- Profile information — anything you choose to add to your profile is optional: photo, tagline, about me, disciplines, experience level, target companies, work preferences, and links. Your profile will display a name or a handle: Your choice!
- Posts and replies — content you publish on the platform.
- Direct messages — messages sent between users. These are stored securely and are never shared with third parties. They are retained for moderation purposes even if deleted by both parties. This is disclosed here so there are no surprises. You may opt to turn direct messages off.
- Reactions and connects — hearts, handshakes, upvotes, and connection events.
- Session data — login sessions including approximate device type and a hashed (anonymized) version of your IP address. Used for security and to calculate platform usage metrics. Raw IP addresses are not stored.
- Search queries — search terms you enter, stored anonymously for analytics. Not linked to your account.
- Hire reports — if you choose to self-report a hiring outcome, that information is stored. Tagging another user in a hire report is optional.
Section 2
What we do with your information
We use your information to run Insiderly. Specifically:
- To create and manage your account.
- To display your profile and posts to other members.
- To send you transactional emails: account verification, password reset, and security notifications. We do not send marketing emails without your explicit opt-in.
- To calculate platform metrics and improve the site. All analytics are based on aggregated, anonymized data.
- To review reported content and enforce community guidelines.
- To protect the platform from spam, fraud, and abuse.
We do not sell your data. We do not share your personal information with advertisers, data brokers, or third parties for marketing purposes. Ever.
Section 3
What we will never do
Some things are worth stating plainly:
- We will never contact your employer or disclose your membership on this platform.
- We will never sell your personal data to any third party.
- We will never share your profile with your current employer, even if they are a company listed on the platform.
- We will never use your data to train AI models without your explicit consent.
- We will never show your real name publicly without your explicit choice to display it.
- We will never send you unsolicited marketing emails.
Section 4
Third-party services we use
Insiderly uses a small number of third-party services to operate. Here is what they are and what they receive:
- Resend — sends transactional emails on our behalf (verification, password reset). They receive your email address for delivery purposes only.
- Cloudflare R2 — stores profile photos you upload. Photos are stored securely and served directly to the platform.
- Clearbit Logo API — fetches company logos by domain name for display on posts and profiles. No personal data is sent to Clearbit.
- Ko-fi — processes optional donations. If you donate, you interact directly with Ko-fi under their own privacy policy. We receive only a notification that a donation was made and the amount.
- Vercel / Render — hosting providers for the frontend and backend. Standard infrastructure logging applies.
We do not use Google Analytics, Facebook Pixel, or any third-party advertising or tracking services.
Section 5
Your rights and controls
You are in control of your data. Here is what you can do at any time:
- Edit your profile — update or remove any information from your profile at any time.
- Delete your posts — delete any post you have made. Deleted posts are removed from public view immediately.
- Delete your account — delete your account from Settings. Your public profile and posts will be removed.
- Request a full data wipe — submit a data deletion request from Settings. We will wipe all personal data associated with your account within 30 days and confirm when it is done. Note: anonymized analytics data and moderation records may be retained as required.
- Control your visibility — choose what name is displayed, whether your years of experience is shown, and who can send you DMs.
- Block users — block any user from viewing your profile or contacting you.
Note on messages: Direct messages are retained server-side for moderation purposes even if deleted by both parties. This is standard practice for platforms that moderate user-generated content, and we are telling you upfront so it is not a surprise.
Section 6
Data security
We take reasonable steps to protect your data:
- Passwords are hashed using industry-standard methods. We never store plain text passwords.
- IP addresses are hashed before storage. We do not store raw IP addresses.
- All data is transmitted over HTTPS.
- Account lockout protections are in place after repeated failed login attempts.
- Access to the database and admin tools is restricted to the platform administrator.
No system is perfectly secure. If we ever become aware of a data breach that affects your personal information, we will notify affected users promptly.
Section 7
Children and age requirements
Insiderly is for adults only. You must be 18 years or older to create an account. We do not knowingly collect data from anyone under 18. If we become aware that an account belongs to someone under 18, it will be removed.
Section 8
Changes to this policy
If we make material changes to this privacy policy, we will notify registered users via a sitewide notice and update the "last updated" date at the top of this page. Continuing to use Insiderly after a policy change constitutes acceptance of the updated policy.