9. Account & privacy
This section is the catch-all for everything about your account itself — how visibility works, every setting on /settings/, every notification toggle, blocking, data export, and how to delete your account.
In this section
- 9.1 Profile visibility (public / unlisted / private)
- 9.2 The
/settings/page- 9.3 Notification preferences in detail
- 9.4 Blocking users
- 9.5 Data export
- 9.6 Deleting your account
- 9.7 What we keep after deletion
- 9.8 Email and SMS opt-outs
- 9.9 Switching between candidate and business contexts
- 9.10 Featured / premium toggles
9.1 Profile visibility (public / unlisted / private)
Visibility is the most powerful single privacy lever. It is also the most misunderstood; the rules are below.
| State | Who can see your profile | Who can DM you (default) | Where you appear |
|---|---|---|---|
| Public | Anyone, signed in or not. | Anyone (subject to AI screening + reputation). | Search results, /all_candidates, term marketplace pages, post feed, community discovery. |
| Unlisted (default for new accounts) | Only people who have a direct link, or who you have messaged. | Only people you've messaged before. | Not in search; not in the directory; can be found by direct URL only. |
| Private | Only people you follow back, or who you have explicitly approved. | Only mutual follows. | Not in search; messages from strangers go through extra screening (see 6.13). |
A few important details:
- You start at Unlisted. New accounts are always Unlisted until (a) email is verified and (b) the minimum-profile threshold is reached (name + at least one term + intro video or about-me).
- Even on Public you can hide individual fields (email, phone, location precision) — those toggles live on
/candidate-settings. - Private also hides your published VBQ videos from non-connections — handy if you want to participate in the community without recruiters approaching.
- Switching from Public → Private does not retro-cancel any access; people you've already messaged keep their conversation, and any external links you've shared (like a
/v/...permanent video URL) keep working.
To change visibility: /candidate-settings → Visibility → pick a level → Save.
9.2 The /settings/ page
/settings/ (template settings.html) is the central command panel for your account-wide preferences. (/candidate-settings is the candidate-specific panel; the two pages link to each other.) The sections you'll find on /settings/:
| Section | What you control |
|---|---|
| Account | Email address, password, two-factor (if enabled in your region), language preference. |
| Notifications | Per-channel toggles — see 9.3. |
| Messaging privacy | Who can DM you, AI-screen sensitivity, auto-approve rules. |
| Activity notifications | Global toggle for follow-related alerts; per-user overrides. |
| Connected accounts | Google, LinkedIn, GitHub, Microsoft (and other OAuth providers) — connect or disconnect. |
| Blocked users | Quick link to /settings/blocked/. |
| Premium | Recruiter subscription status, billing portal link. |
| Sessions | Active devices / browsers; sign out from all but this one. |
| Data | Export your data; delete your account. |
9.3 Notification preferences in detail
Every notification on the platform belongs to a category and a channel. You can toggle each combination independently. Categories:
| Category | Examples |
|---|---|
| Messages | New conversation, new reply, voice message, message reaction. |
| Posts & community | Comment on your post, reply to your comment, mention, reaction. |
| Follows | Someone followed you, someone you follow posted. |
| Jobs (candidate) | New saved-job alert, application reply, recommendation digest. |
| Jobs (business) | New applicant, new saved-search match, application followup reminder. |
| Credentials | New credential issued to you, credential accepted by an employer, status change. |
| System | Account warnings, terms updates, weekly digest. |
Channels:
| Channel | Latency | When to use it |
|---|---|---|
| In-app bell | Instant | Always on by default. |
| Email — instant | < 1 minute | High-priority categories (new message, application reply). |
| Email — daily digest | Once / day | Lower-priority categories (post reactions, follows). |
| Email — weekly digest | Mondays 09:00 local | Recommendations, summaries. |
| SMS | Instant | Optional; requires Twilio integration. Limited to high-priority items. |
| Push | Instant | Web push (browser) and mobile-app push when WebSocket / FCM is enabled. |
The configuration page presents one matrix; tick the cells you want.
9.4 Blocking users
To block a user:
- Open their profile.
- Click the … menu → Block.
- Confirm.
Backend: POST to /profile/<user_id>/block/.
Blocked users:
- Cannot DM you (the message is silently rejected).
- Cannot follow you. If they were following, the relationship is severed.
- Cannot react to or comment on your posts.
- Cannot see your profile, even if your visibility is Public.
- Are not notified that they have been blocked.
To unblock: /profile/<user_id>/unblock/.
Manage your full list at /settings/blocked/ (template blocked_users.html). The list shows each blocked user, the date you blocked them, and an Unblock button.
9.5 Data export
Two separate exports:
| Export | URL | What's in it |
|---|---|---|
| Wallet export | /wallet/export |
Every verifiable credential you hold, in W3C JSON-LD. See Section 8. |
| Conversation export | /messages/<conversation_id>/export/ |
A single conversation as a PDF (or text). See 6.10. |
A full account export (every post you've made, every video, every message, every application) is on the roadmap but not currently a one-click button. To request one in the meantime, contact support.
9.6 Deleting your account
Deleting your account is permanent and removes your candidate profile, business profile, posts, comments and uncommitted videos.
- Go to
/settings/→ Data → Delete my account. - Read the warning carefully.
- Type your email address to confirm.
- Click Delete.
The system runs the following:
| Step | What happens |
|---|---|
| 1. Mark account as deleted | Login is immediately disabled. |
| 2. Anonymise messages | Your name in conversations is replaced with "Former Ditto Up user". The message bodies remain visible to the other participants — we cannot retroactively delete the recipients' copies of messages they received. |
| 3. Delete profile fields | Bio, headline, photo, contact info, location are removed. |
| 4. Delete videos | Every intro / VBQ / looking-for / can-help-with file is deleted from S3 along with its DynamoDB attempt records. |
| 5. Detach from terms | Your association with every term is removed. |
| 6. Delete posts | Posts you authored are deleted. Comments you wrote on others' posts are anonymised but kept (so the threading isn't broken). |
| 7. Cancel subscriptions | Any active recruiter subscription is cancelled. |
| 8. Cancel saved searches | Saved-search alerts and saved-job alerts are deleted. |
| 9. Issue final notification | A confirmation email is sent. The email is the last contact from us. |
If you want to delete only the candidate side or only the business side, see 2.14 and 3.11.
9.7 What we keep after deletion
For legal, fraud-prevention and aggregate-analytics reasons, we keep a minimal residue:
- Hashed email — to prevent the same email from re-registering for spam purposes.
- Aggregate anonymous metrics — "X candidates with Y term in Z city," used by employers in marketplace insights. None of these metrics include any personal identifier.
- Verifiable credentials you issued — if you were an issuer (organisation account), the credentials you issued continue to exist and verify. The credentials say "issued by
did:web:...," not by your name. - Required tax records — if you used the recruiter premium plan, our payment processor (Stripe) keeps records as required by US tax law. Ditto Up does not retain card details.
We do not keep your videos, your transcripts, your résumé, your messages (your half), your posts, your photo, or your profile fields after deletion completes.
9.8 Email and SMS opt-outs
Every email we send has an Unsubscribe link in the footer. Clicking it lands you on /JobRecommend-email-response (for recommendation emails) or a similar /x-email-response endpoint specific to that category, where you can:
- Unsubscribe from that single category.
- Unsubscribe from all Ditto Up emails (account/security emails are still sent — we cannot turn those off).
- Reply with simple words like "more like this" or "not interested" to feed back into the recommendation engine.
For SMS, reply STOP to any SMS we send (Twilio standard). The system records the opt-out in our database and stops sending.
9.9 Switching between candidate and business contexts
If you have both a candidate profile and a business profile on the same account, the top-right dropdown lets you switch between them. The chosen context affects:
- Which dashboard you see (
/dashboardfor candidate,/dashboardwith business filter for business). - Which inbox you see (the inbox is shared, but unread badges and label filters can be context-scoped — set on
/messages/templates/). - Which top-bar links are shown (e.g. Post a job is only visible in business mode).
You can have multiple businesses on one account; the dropdown lists them all.
9.10 Featured / premium toggles
Two paid features are exposed at the account level:
| Toggle | Endpoint | What it does |
|---|---|---|
| Featured candidate profile | /feature-candidate-settings |
Boosts your profile in the /all_candidates directory and search results. Charged via Stripe. |
| Recruiter subscription | /recruiter/subscribe/ |
Unlocks unlimited saved searches, applicant export and reputation tier Unlimited. Cancel via /recruiter/cancel/. See 3.9 The recruiter dashboard. |
Both are managed through Stripe billing. To update card details or download invoices, follow the Manage billing link on /settings/ → Premium.
Next: 10. Troubleshooting & FAQ — common problems and how to fix them.