AI Career Guide ("we", "us", "our") takes the security and privacy of your career information seriously. This policy applies to personal data collected when you register an account, upload a CV, search for jobs, or use our AI services. We act as the Data Controller for your personal data.
1. Data Categories We Process
We collect and process the following categories of information:
| Category | Data Fields | Source |
|---|---|---|
| Account Identity | Email, UID, sign-up timestamp | User Registration |
| Professional Details | Full name, phone, location (city/state), work history, education history, skills, languages, certifications | Direct Input / Uploaded CV File |
| Job Tracker Data | Saved roles, company names, application dates, statuses, notes, LinkedIn import files | User Action |
| Transaction Details | Billing email, subscription tier, billing period, Stripe transaction ID (we do not store credit card info) | Stripe Gateway |
| Diagnostic & Usage | IP address, browser type, device information, LLM token counts, request latency logs, cookies | Server Telemetry |
2. Legal Basis for Processing (EEA/UK Users)
We process your personal data under the following legal bases of the GDPR and UK GDPR:
- Performance of Contract: To manage your account, store your resume configurations, execute ATS scoring reports, and fulfill billing and paid subscription plans.
- Consent: When you upload document files (PDF/Word/TXT) for extraction. You grant consent for us and our AI subprocessors to parse the file text. You can revoke consent by deleting the document or your account.
- Legitimate Interests: To run diagnostics, monitor application performance, track error rates, enforce cost quotas via the `UsageManager`, and protect our systems from malicious abuse.
- Legal Obligation: To maintain transaction records and fulfill business tax requirements.
3. Subprocessors & Third-Party AI Integrations
To provide optimized suggestions, cover letters, and score ATS compatibilities, we integrate with third-party service providers. Below is a detailed list of our subprocessors:
| Subprocessor | Purpose | Data Transferred |
|---|---|---|
| Google Cloud Platform | Firebase Authentication, Firestore DB, Cloud Storage, App Hosting | Full account details, files, and CV inputs |
| Google AI (Gemini API) | Primary LLM extraction and career advising | CV text, job descriptions |
| Groq Inc. | Secondary fallback LLM processor | CV text, job descriptions |
| OpenRouter | Tertiary fallback LLM pool | CV text, job descriptions |
| Upstash | Redis cache and usage tracking database | Temporarily cached responses and token counts |
| Stripe, Inc. | Subscription billing and portal operations | Email, invoice data, and billing metadata |
Model Training Policy: We explicitly verify that Google AI, Groq, and OpenRouter do not use the data transmitted during our API calls to train their baseline models.
4. International Data Transfers
Because our servers and AI integrations are located globally, your personal data may be transferred to and stored in countries outside the United Kingdom and European Economic Area (specifically the United States). For all such transfers, we rely on standard contract safeguards (such as the UK International Data Transfer Agreement and EU Standard Contractual Clauses) to ensure your data receives an equivalent level of protection.
5. Your Data Rights (GDPR & UK GDPR)
Under the General Data Protection Regulation, you hold the following rights:
- Right to Access: You can download or view all resume documents and profile information stored in our databases.
- Right to Rectification: You can update incorrect data directly inside the dashboard.
- Right to Erasure (Deletion): You can request the permanent deletion of your account. Once requested, all database entries, resume templates, files, and tracker data will be deleted within 30 days.
- Right to Restrict or Object: You may object to the processing of your data based on legitimate interests.
- Right to Portability: You may request to receive your personal data in a structured, machine-readable JSON format.
- Right to Lodge a Complaint: You have the right to file a complaint with a data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
6. California Consumer Privacy Act (CCPA/CPRA)
If you are a resident of California, you are granted the following rights:
- The right to know what personal information we collect, use, and disclose.
- The right to request the deletion of your personal information.
- The right to correct inaccurate personal information.
- The right to opt-out of the "sale" or "sharing" of personal information. (AI Career Guide does not sell or share your personal information for targeted advertising).
- The right to non-discrimination for exercising your privacy rights.
7. Data Retention & Security Safeguards
Data Retention: We store your personal information only for as long as necessary to provide the services or until you delete your account. If your account is completely inactive for a period of 24 consecutive months, we reserve the right to delete all your records after notifying you.
Data Security: We deploy industry-standard security measures, including database rules restricting document access strictly to the owner's authenticated ID, secure SSL/TLS communication protocols, encryption at rest on Google Cloud, and strict parameter isolation to defend against cross-site scripting (XSS) and injection attacks.
8Cookies and Local Storage
We use cookies and local storage tokens solely for essential functionalities, including keeping your user session authenticated (via Firebase Auth) and facilitating secure transaction handshakes with Stripe. We do not use third-party tracking cookies, analytics cookies, or behavioral advertising cookies.
9Contact and DPO Information
For privacy requests, data access applications, or questions regarding this Privacy Policy, please contact our Data Protection Officer at:
Email: support@aicareerguide.uk