AI Policy

AI Policy

Reviewed by counsel pre-launch — final review pending. This document was drafted from a Termly template and customised by the CAREER iNTEL team. Formal counsel review is scheduled post-first-revenue (D-16). Material questions can be directed to [email protected].

Effective: 2026-05-20 · Last updated: 2026-05-20


1. What this policy covers

CAREER iNTEL uses large language models (LLMs) to generate Resume Scores, tailored applications, cover letters, mock interview questions, and Copilot responses. This policy explains:

  1. Which models we use, where they run, and how we route between tiers
  2. The guardrails we apply on every AI output
  3. The bias evaluation and anti-discrimination measures
  4. Your rights — opt-out, explanation, audit

2. Model routing transparency

We route AI tasks across three tiers via OpenRouter (our LLM gateway). The default routing is configurable by our admin team via the Payload PromptRegistry (see ADR-007 — git source-of-truth + Payload mirror).

TierDefault modelCost per callUsed for
Cheapmeta-llama/llama-3.1-70b-instruct (with mistralai/mixtral-8x22b-instruct fallback)$0.0005-$0.001Resume parse, JD classify, scam detect, safety classifier
Standardanthropic/claude-sonnet-4.6$0.008-$0.0156-block A-F Score, Tailor, Cover Letter
Premiumanthropic/claude-opus-4.7$0.03-$0.05Copilot deep reasoning, future negotiation + executive coaching

Every prompt is pinned in YAML with model name + version + temperature + seed. We track every AI call in an audit log (AIUsageLog) with task name, model version, prompt version, tokens, cost, and outcome.

3. Hallucination guardrail

Every generative AI output passes a two-layer hallucination check before reaching you:

Layer 1 — Regex rejection. Output is scanned for fabricated metrics (years, dollar amounts, percentages) not grounded in your source data. Companies, dates, and titles must match your resume.

Layer 2 — LLM validator. A cheap-tier LLM validator answers: "Is every claim in this output grounded in the source?" On reject, we auto-retry once with stricter wording. On second reject, we surface "We caught made-up details" and ask you to try again.

This is conservative — some valid AI rewrites get rejected. We prefer false-positive rejection over hallucination shipped to your application.

4. Prompt-injection sanitizer

Every user-input field passes through a 36-pattern sanitizer before AI prompt concatenation. We strip:

  • LLM control sequences (<|im_start|>, <|im_end|>, system override prompts)
  • Jailbreak signatures (DAN, "ignore previous instructions," etc.)
  • Suspected encoded payloads (base64, hex, rot13 of role-override strings)

Your real resume content passes through unchanged. The sanitizer is logged but the matched tokens are NOT exposed in error UI to prevent fingerprinting.

5. Anti-bias evaluation (SAFE-05 + SAFE-06)

We maintain a 200-profile synthetic bias evaluation set covering gender-coded names, ethnic-coded names, school prestige, regional bias, and seniority. The set is balanced and run every quarter against our default scoring + tailoring prompts.

Next quarterly run: 2026-08-19 (90 days from baseline 2026-05-19).

If chi-square p > 0.05 OR |Δ| in Score across a protected category > 3, the evaluation fails and triggers a Sentry alert. We do not deploy a prompt update that regresses bias more than 5% against the golden set.

The evaluation framework scope reflects EEOC SEP 2024-2028 + NYC Local Law 144 anti-bias intent (information-only; we are not subject to NYC LL 144 as we are not an employer).

6. Provenance metadata (SAFE-07)

Every AI-generated artifact you receive is tagged with:

  • Model name + version (e.g., anthropic/claude-sonnet-4.6@2026-04-22)
  • Prompt version (git SHA from the YAML at generation time)
  • Temperature + seed
  • Timestamp + your user ID hash

You can see this metadata in Settings → Audit Log. You can request the full prompt + response via SAR export (Settings → Data & Privacy → Export).

7. Right to explanation of automated decisions

Wherever you are, if you want to understand an AI-driven decision affecting you (e.g., a Resume Score), email [email protected] with the artifact ID. We will provide:

  • The model + prompt version used
  • The score components + sub-scores
  • The factors that drove the result
  • An option to dispute via human review

US (CCPA/CPRA): California residents have the right to know about, and request meaningful information regarding, the logic involved in automated decision-making that affects them; the disclosure above satisfies that request. Equivalent rights under other US state privacy laws (e.g., the profiling / automated-decision opt-out provisions of Virginia VCDPA, Colorado CPA, and Connecticut CTDPA) are honored through the same mechanism.

EU (AI Act Article 86 + GDPR Article 22): EU users additionally have the right to a meaningful explanation of decisions taken on the basis of output from a high-risk AI system, and the GDPR Art. 22 right not to be subject to a solely automated decision with legal or similarly significant effects. Our Resume Score and tailoring outputs are decision-support tools, not solely automated decisions, and human review is always available via the dispute path above.

8. AI-improvement training (opt-in only)

By default, your data is processed only to deliver the service. AI-improvement training is OFF by default.

If you opt in (Settings → Data & Privacy → Consent → "Allow anonymised data use for AI improvement"), we:

  • Scrub PII (name, email, phone, address)
  • Hash any company names that appear < 5 times in our corpus (avoid identifying small employers)
  • Use the anonymised signal to improve our scoring + tailoring prompts
  • Never share, sell, or fine-tune third-party models on your data without separate explicit consent

You can withdraw consent at any time. Past training contributions cannot be retroactively "unlearned" by the upstream models, but we will exclude your data from all future training cycles.

9. Cost guard transparency

We enforce three layers of AI cost control:

  1. Per-request cap: 50,000 input tokens per AI call. Exceeded → user error message, no cascade.
  2. Per-user daily budget: Redis-tracked, plan-tier-aware. Exceeded → "You've hit your daily limit" error.
  3. Global circuit breaker: When monthly spend hits 100% of budget, we fall back to free-tier read-only mode. We will notify all active users via email and in-app banner before this triggers.

You can see your usage in Settings → Billing → Usage.

10. Failure modes + recovery

If a hallucination check fails twice, the AI surface shows "We caught made-up details — try again." This is by design; we prefer surfacing the failure to shipping a fabricated claim.

If the Copilot streams a response and is interrupted, your conversation history persists; refresh the page to continue.

If the AI cost guard trips, you will see "We've hit a usage limit" — Settings → Billing shows the recovery path.

11. Disputes + audit

If you believe an AI output produced a discriminatory or fabricated result that materially affected your job search, email [email protected] with the artifact ID + context. We will:

  • Provide the full prompt + response audit trail
  • Review the case with human eyes
  • Issue a credit (if the dispute is valid) and update the prompt registry if a pattern emerges

12. Contact


Reviewed by counsel pre-launch — final review pending.