Privacy Policy
Privacy Policy
Reviewed by counsel pre-launch — final review pending. This document was drafted from a Termly template and customised by the CAREER iNTEL team. Formal counsel review is scheduled post-first-revenue (D-16). Material questions can be directed to [email protected].
Effective: 2026-05-20 · Last updated: 2026-05-20
1. Who we are
CAREER iNTEL ("we," "us," "our") is an AI-powered job-search platform operated as a multi-tenant SaaS. Our service is hosted at https://careerintel.app, with primary data storage in the United States (Hetzner, Ashburn, Virginia). We are the data controller for your personal data under California and other US state privacy laws (CCPA/CPRA), and — for our international customers — the GDPR (EU), UK GDPR, NDPR (Nigeria), and PIPEDA (Canada).
Contact:
- General: [email protected]
- Data Protection Officer (DPO): [email protected]
2. What data we collect
| Category | Examples | Purpose | Legal basis (GDPR) |
|---|---|---|---|
| Identity | Email, name, OAuth identifier | Authentication, account management | Contract (Art. 6(1)(b)) |
| Career data | Uploaded resume, work history, skills, target roles, compensation expectations | Score, Tailor, Discovery, Tracker | Contract |
| Application data | Tracked applications, status, notes | Tracker, Story Bank, Copilot context | Contract |
| Generated artifacts | Tailored resumes, cover letters, mock-interview transcripts | Service delivery + your retention | Contract |
| Usage logs | Page views, feature usage, AI call latency + cost | Service improvement, billing reconciliation | Legitimate interest (Art. 6(1)(f)) |
| Payment data | Stripe-tokenised payment method (we never see the raw card) | Subscription billing | Contract |
| Technical | IP, user agent, device type | Security, abuse detection | Legitimate interest |
| Marketing | Waitlist email + tier preference (if you opt in) | Phase 2 launch notification | Consent (Art. 6(1)(a)) |
3. How we use AI on your data
Your data is processed by large language models (LLMs) routed via OpenRouter (a sub-processor). We use multiple model tiers per task — see AI Policy for the routing transparency table.
Hallucination guardrail: Every AI output passes through a regex + LLM-validator gate before reaching you. We reject fabricated metrics, dates, companies, or titles not grounded in your source data.
Prompt-injection sanitizer: Every user-input field passes through a 36-pattern sanitizer before AI prompt concatenation.
No training without opt-in: By default, your data is processed only to deliver the service. Opt-in to anonymised data use for AI improvement in Settings → Data & Privacy → Consent. Default is off.
We do not sell or share your data. Not now, not ever.
4. Your data rights
You may exercise these rights at any time. The exercise mechanism (Settings → Data & Privacy, or emailing [email protected]) is the same across jurisdictions; the rights below are grouped by the law that grants them.
4.1 United States — CCPA/CPRA (California) and other US state privacy laws
If you are a US resident, you have the following rights under the California Consumer Privacy Act as amended by the CPRA, and equivalent rights under other US state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, and similar):
| Right | How to exercise |
|---|---|
| Right to know / access (what we collect, use, disclose) | Settings → Data & Privacy → Export (ZIP delivered < 60 s) |
| Right to delete | Settings → Data & Privacy → Delete (30-day soft-delete with crypto-shredding; cancellable) |
| Right to correct | Settings → Profile (edit any field) |
| Right to data portability | Settings → Data & Privacy → Export (JSON + Markdown formats) |
| Right to opt out of sale / sharing (Do Not Sell or Share) | No action required — we do not sell or share your personal information |
| Right to limit use of sensitive personal information | Settings → Data & Privacy → Consent (granular toggles) |
| Right to non-discrimination for exercising these rights | Automatic — we never penalise you for exercising a right |
California: Do Not Sell or Share My Personal Information. We do not sell, and do not "share" (for cross-context behavioural advertising), your personal information — so there is nothing to opt out of. We will honor any Global Privacy Control (GPC) signal regardless.
4.2 EU / EEA — GDPR
If you are in the EU/EEA, you have the following rights under the GDPR:
| Right | How to exercise |
|---|---|
| Access | Settings → Data & Privacy → Export (ZIP delivered < 60 s) |
| Rectification | Settings → Profile (edit any field) |
| Erasure | Settings → Data & Privacy → Delete (30-day soft-delete with crypto-shredding; cancellable) |
| Restriction | Email [email protected] |
| Portability | Settings → Data & Privacy → Export (JSON + Markdown formats) |
| Objection | Settings → Data & Privacy → Consent (granular toggles) |
| Withdraw consent | Settings → Data & Privacy → Consent |
| Lodge a complaint | Your national supervisory authority (e.g., BfDI in Germany) |
4.3 United Kingdom — UK GDPR
UK users have the same set of rights as EU/EEA users above (UK GDPR). You may lodge a complaint with the UK Information Commissioner's Office (ICO).
4.4 Nigeria — NDPR
If you are a Nigerian data subject, see our NDPR Addendum for jurisdiction-specific rights, including:
- Right to information on cross-border data transfer mechanisms
- Right to lodge a complaint with the NDPC (Nigeria Data Protection Commission)
- Local DPO appointment status (currently deferred; updates published in that addendum)
4.5 Canada — PIPEDA
We honor the same access + correction + withdrawal-of-consent rights for users covered under PIPEDA. The exercise mechanism is identical to the above. You may lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC).
7. Sub-processors
We rely on the following sub-processors to deliver the service. Full table at Sub-processors.
- Stripe — Payment processing (US)
- OpenRouter — LLM gateway (US); downstream: Anthropic + Meta + Mistral
- Cloudflare — CDN + DNS + Access (global)
- Sentry — Error monitoring (SaaS — US); Phase 5 self-hosted migration planned
- Unstructured.io — Resume parse fallback (US)
- Hetzner — Hosting (US — Ashburn, Virginia)
- Brevo — Transactional email + waitlist (EU — international processor)
8. Cookies
We use first-party cookies for authentication (Better Auth session) and dark-mode preference. We do not use third-party advertising cookies. See our Cookie Policy for the full, region-aware cookie disclosure (including the consent model that applies to you).
9. Breach notification
In the event of a personal data breach affecting your data, we will notify you without undue delay. For US users, we notify affected individuals (and any required state authorities) as required by applicable US state breach-notification laws (e.g., California Civil Code §§ 1798.29 / 1798.82). For international customers, we notify within 72 hours of discovery, per GDPR Art. 33 (and NDPR Section 40). See ops/runbooks/breach-notification.md (internal runbook) for the process. Notifications go to the registered email + a banner in the app + a Trust Center status post.
10. International transfers
Primary storage is in the United States (Hetzner, Ashburn, Virginia). If you are an international customer — in the EU/EEA, the UK, Nigeria, or Canada — your personal data is transferred to and stored in the United States. We rely on appropriate cross-border transfer safeguards for these transfers: the EU-US Data Privacy Framework (and the UK and Swiss extensions) where applicable, the 2021 Standard Contractual Clauses for EU/EEA transfers, and the UK International Data Transfer Addendum (IDTA) for UK transfers. Transfers to our sub-processors, and to any other regions, use SCCs, the DPF, or adequacy decisions.
11. Retention
| Data | Retention |
|---|---|
| Account + profile + career data | Until you delete your account or 36 months of inactivity |
| Application data + Story Bank | Same as account |
| Generated artifacts | Same as account |
| Usage logs (PII-scrubbed) | 13 months |
| Backups | 30 days (pgBackRest); tombstones expire after 90 days |
| Audit logs (admin access, billing events) | 6 years (regulatory retention) |
12. Children
CAREER iNTEL is for users 16 years and older (EU) / 13 years and older (US). We do not knowingly collect data from anyone below these ages. If we discover such data, we delete it.
13. Changes to this policy
We will notify you of material changes via email and in-app banner at least 30 days before they take effect. Minor edits (typo fixes, clarifications) may be published without notice.
14. DPO Contact
For all CCPA/CPRA / US state-privacy-law / GDPR / UK GDPR / NDPR / PIPEDA requests, email [email protected]. We respond within 5 business days (or sooner where a shorter statutory deadline applies).
Reviewed by counsel pre-launch — final review pending.