Privacy Policy

How we handle your data on ProfileTo and when you visit a profile. Last updated: May 2026

← Back to ProfileTo

This Privacy Policy applies to (1) the ProfileTo main website and services, operated by Innocode Ventures (“we”, “our”, “us”), and (2) your visit to any profile microsite we host (e.g. profileto.com/username). When you visit a profile, you interact with both the profile owner (the person or business who created the profile) and Innocode Ventures (operating as ProfileTo). This policy explains how we collect, use, and protect data in both contexts.

Who this policy is for

  • Account holders: People who sign up and create profiles on ProfileTo.
  • Visitors to profiles: People who open a profile link (e.g. profileto.com/username), view content, use “Contact me”, save a contact, or click links. As a visitor, you are subject to this policy and to the profile owner's use of the data they receive through the profile (e.g. lead form submissions).

Data we collect

On the main site (account holders): Account data (email, name, profile content you provide), usage data (e.g. login, profile edits), and billing data if you subscribe. We use this to provide the service, support, and compliance.

When you visit a profile microsite: We may collect technical data (IP, browser, device) and usage data (e.g. that you visited a page, submitted the lead form). If you use “Contact me” or “Save contact”, we process the information you submit so the profile owner can receive it; the profile owner is a data controller for that data for their own purposes. Innocode Ventures acts as processor for them and as controller for our own operational and security use of the data.

How we use data

We use data to operate and secure the service, improve the product, comply with law, and as described at the point of collection. Innocode Ventures does not sell your personal data. We may share data with service providers (hosting, analytics, payment) under contracts that protect your data.

Username and profile URL are publicly visible by design. Innocode Ventures may review usernames to enforce its acceptable use policy.

Google user data

ProfileTo uses Google OAuth so you can sign in with Google and, if you choose, connect Google Calendar for appointment booking. This section describes how we access, use, store, and share information received from Google APIs. It applies only when you use those Google features.

What Google data we access

  • Sign in with Google: When you sign in or create an account with Google, we receive basic profile information from your Google account, such as your name, email address, and profile picture. We use this to create and authenticate your ProfileTo account.
  • Google Calendar (optional): If you connect Google Calendar from your dashboard, we request permission to read calendar availability and to create calendar events. We use calendar read access to check busy times so visitors cannot book slots when you are unavailable. We use calendar events access to create a calendar entry when someone books a meeting with you, including details such as the meeting title, time, attendee email, and an optional Google Meet link.

We request only the Google permissions needed for these features. Calendar access is optional and is not required to use ProfileTo.

How we use Google user data

We use Google user data only to provide and improve user-facing ProfileTo features, including:

  • Creating, signing in to, and securing your ProfileTo account
  • Pre-filling your profile with name and photo when you sign up with Google
  • Showing accurate booking availability on your public booking page
  • Creating and updating calendar events for confirmed bookings
  • Operating, maintaining, and troubleshooting the booking and calendar sync features

We do not use Google user data for advertising, interest-based profiling, selling data, creditworthiness decisions, or training generalized artificial intelligence or machine learning models.

How we store Google user data

Account information from Google sign-in is stored in your ProfileTo account record. If you connect Google Calendar, OAuth access and refresh tokens are stored in encrypted form in our database so we can sync availability and create events on your behalf until you revoke access. We may also store the Google Calendar event ID linked to a booking so we can reference the event created for that appointment.

Sharing and disclosure of Google user data

We do not sell Google user data. We do not share Google user data with third parties for their own advertising, marketing, or unrelated purposes.

We may disclose Google user data only to infrastructure and service providers that help us run ProfileTo (for example, hosting and database services), and only under contracts that require them to protect the data and use it solely to provide services to us. We may also disclose data if required by law or to protect the security and rights of ProfileTo, our users, or others.

When a visitor books time with you, meeting details you choose to include (such as attendee name and email) may be sent to Google as part of creating the calendar event. That sharing is limited to providing the booking feature you enabled.

Google Limited Use disclosure

ProfileTo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Retention of Google user data

We retain Google sign-in account data for as long as your ProfileTo account is active. Calendar connection tokens and related booking metadata are retained while your calendar remains connected or while needed to operate an existing booking. If you delete your ProfileTo account or revoke Google access, we delete or de-identify associated Google OAuth tokens and stop accessing your Google Calendar, subject to any retention required by law or legitimate business records such as billing or security logs.

How to revoke Google access

You can stop ProfileTo from accessing your Google account or Google Calendar at any time:

  • In your Google Account, go to Security → Third-party apps with account access, select ProfileTo, and remove access.
  • Email us at [email protected] to request deletion of your account or removal of stored Google connection data.

After you revoke access, calendar sync and automatic event creation will stop. Existing calendar events already created in your Google Calendar are not deleted automatically by ProfileTo.

Referral & affiliate tracking

ProfileTo operates a user referral programme. When you arrive via a referral or affiliate link (any link carrying a ?via= parameter; found on profile pages, emails, social media posts, or any other promotional material published by ProfileTo or its users), Innocode Ventures sets a first-party cookie named ptvia on your device. This cookie stores the referrer's code for up to 30 days. If you create a ProfileTo account within that window, your sign-up is attributed to the referrer and they receive referral credits. The cookie does not track your activity on other websites and is not shared with advertisers. Full details are in our Cookie Policy.

We disclose this tracking in accordance with applicable advertising and consumer protection laws, including FTC Endorsement Guides (USA), ASA CAP Code (UK), and equivalent regulations in other jurisdictions. Any content published by ProfileTo that contains a referral link (including the “Powered by ProfileTo” footer on profile pages, affiliate banners, email signatures, and promotional blog posts) should be understood to contain an affiliate or referral link.

Legal bases and your rights (GDPR, CCPA, DPDP, and others)

Innocode Ventures respects applicable data protection laws, including:

  • EU/EEA (GDPR): We process based on contract, consent, or legitimate interest as appropriate. You have rights to access, rectify, erase, restrict, port, and object, and to lodge a complaint with a supervisory authority.
  • California (CCPA/CPRA): We do not sell or share personal information for cross-context behavioural advertising. You have rights to know, delete, correct, and opt out of “sale”/“sharing”; we do not sell as defined under CCPA.
  • India (DPDP and other applicable law): We process in accordance with the Digital Personal Data Protection Act and applicable rules. You have rights as prescribed there, including access, correction, erasure, and grievance redressal.
  • Other regions: Where other laws apply (e.g. UK GDPR, Brazil LGPD), we comply with local requirements and honour rights they provide.

To exercise your rights, contact us using the details on our website. We will respond within the timeframes required by law.

Data retention and security

We retain data only as long as needed for the purposes above or as required by law. Innocode Ventures uses reasonable technical and organisational measures to protect your data. Data may be processed in regions where we or our providers operate; we ensure appropriate safeguards where required.

Profile owner responsibility

Profile owners are responsible for their own privacy practices (e.g. what they do with lead form data). If you have concerns about a specific profile owner's use of your data, contact them first; you may also contact us for matters relating to our processing.

User-generated content & platform disclaimer

ProfileTo is a technology platform operated by Innocode Ventures that enables individual users to create and publish professional profile pages. All content on user profiles is created and submitted solely by the Profile Owner. Innocode Ventures does not create, edit, verify, moderate, endorse, or validate any content published on user profiles. Innocode Ventures cannot and does not guarantee the accuracy, truthfulness, legality, or appropriateness of user-generated content. You rely on any information on a profile entirely at your own risk.

To the fullest extent permitted by law, Innocode Ventures expressly disclaims all liability for any harm, loss, damage, or legal dispute arising from or related to the content of any user profile hosted on its platform. The Profile Owner is solely and exclusively responsible for their profile content and any consequences thereof.

User binding agreement

By registering an account on ProfileTo and publishing a profile, each user irrevocably agrees to and is bound by the ProfileTo Terms of Service, Privacy Policy, Cookie Policy, Disclaimer, and all other policies published by Innocode Ventures at profileto.com/app/terms. By publishing a profile, the Profile Owner additionally acknowledges that visitors to their profile are subject to the profile-level Privacy Policy and Terms of Use displayed on that profile, and the Profile Owner accepts sole responsibility for ensuring their profile complies with all applicable laws.

Report abusive content

If you find any profile on ProfileTo to be abusive, illegal, misleading, or harmful, please report it immediately to [email protected]. Include the profile URL and a brief description of your concern. Innocode Ventures will review all reports and take appropriate action, which may include content removal or account suspension.

Updates

Innocode Ventures may update this Privacy Policy. The “Last updated” date will be revised. Continued use after changes constitutes acceptance. For material changes, we may provide additional notice where required by law.

Contact

For privacy requests or questions about Google user data, contact [email protected] or [email protected]. You may also use the contact options on our website. For EU/EEA: you may contact our representative or your local supervisory authority. For India: you may contact our grievance officer if we publish one.

Operating company: Innocode Ventures (operating as ProfileTo).

See also our Terms of Use, Cookie Policy, and Disclaimer.