Privacy Policy

Effective Date: January 1, 2025 | Last Updated: January 1, 2025

1. Introduction

Careerkit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We are registered in Zug, Switzerland and comply with Swiss Federal Data Protection Act (FADP) and the EU General Data Protection Regulation (GDPR) where applicable.

As a Swiss company, we benefit from Switzerland's strong privacy laws, providing an additional layer of protection for your sensitive career data beyond standard international requirements.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, password
• Profile Information: Resume data, work history, education, skills, contact details
• User Content: Documents, photos (for AI headshots), cover letters, and other materials you create or upload
• Payment Information: Billing details processed through our third-party payment processors
• Communications: Feedback, support requests, and correspondence

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages viewed, features used, time spent, click data
• Performance Data: Error reports, load times, service performance metrics
• Cookies and Similar Technologies: As described in our Cookie Policy

3. How We Use Your Information

3.1 Primary Uses

We use your information to:

• Provide, maintain, and improve our services
• Create and manage your account
• Process transactions and send related information
• Generate AI-enhanced content (resumes, cover letters, headshots)
• Respond to comments, questions, and support requests
• Send administrative information and service updates

3.2 Additional Uses

With your consent or as permitted by law, we may also use your information to:

• Send marketing communications (you can opt-out anytime)
• Analyze usage patterns to improve our service
• Detect and prevent fraud or technical issues
• Comply with legal obligations

4. AI Processing of Your Data

Our AI features process your data to provide personalized suggestions and content generation. Here's how:

• Resume Optimization: AI analyzes your content to suggest improvements and keyword optimization
• Cover Letter Generation: AI uses your resume data and job descriptions to create tailored letters
• AI Headshots: Your photos are processed by AI to generate professional headshots

Important: AI-processed data is used solely to provide services to you. We do not use your personal data to train our AI models. AI processing is performed by our trusted service providers under strict data protection agreements.

5. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract: To fulfill our service agreement with you
• Consent: Where you have given explicit consent (e.g., marketing emails)
• Legitimate Interests: To improve our services, ensure security, and prevent fraud
• Legal Obligations: To comply with applicable laws and regulations

6. Data Sharing and Disclosure

6.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our service. These providers are contractually bound to protect your data and use it only for the purposes we specify:

• Supabase (Database & Authentication): Stores user accounts, resumes, and application data. Servers located in the United States with SOC 2 Type II certification.
• Vercel (Hosting & Infrastructure): Hosts our application and serves content globally through their CDN. Data processed in multiple regions based on user location.
• OpenAI & Anthropic (AI Services): Process text for AI-powered resume suggestions, cover letter generation, and content optimization. Data is not used to train their models.
• Stripe (Payment Processing): Handles all payment transactions securely. We never store credit card details directly. PCI DSS compliant.
• PostHog (Product Analytics): Tracks usage patterns and feature adoption to improve our service. Data is anonymized where possible.
• Google Analytics (Website Analytics): Monitors website traffic and user behavior. IP addresses are anonymized.
• Resend (Email Service): Sends transactional emails and, with your consent, marketing communications.
• Sentry (Error Monitoring): Captures error logs to improve service reliability. Personal data is scrubbed from error reports.

All service providers are carefully selected based on their security practices and compliance with data protection regulations. We maintain data processing agreements with each provider.

6.2 Other Disclosures

We may disclose your information:

• With your consent or at your direction
• To comply with legal obligations or respond to legal requests
• To protect rights, property, or safety of Careerkit, our users, or others
• In connection with a business transfer, merger, or acquisition

6.3 Public Information

Information you choose to make public through Career Link profiles is accessible to anyone with the link. You control what information is displayed publicly.

7. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active
• User Content: Retained until you delete it or close your account
• AI-Generated Content: Retained for 90 days after generation unless saved by you
• Transaction Records: Retained for 7 years for tax and accounting purposes
• Marketing Data: Retained until you unsubscribe or request deletion

After deletion, some information may be retained in backups for up to 90 days. Anonymized data may be retained indefinitely for analytics and service improvement.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication measures
• Employee training on data protection
• Incident response procedures

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

As a Swiss company, we may transfer data internationally. When we do:

• We ensure appropriate safeguards are in place
• We rely on adequacy decisions where available
• We use Standard Contractual Clauses approved by the European Commission
• We ensure our service providers maintain appropriate security measures

10. Your Rights and Choices

10.1 Your Rights

Under applicable data protection laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request limited processing of your data
• Object: Object to certain processing activities
• Withdraw Consent: Where processing is based on consent

10.2 Exercising Your Rights

To exercise any of these rights, please contact us at support@careerkit.me. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

10.3 Account Settings

You can manage your information through your account settings:

• Update profile information
• Change privacy settings
• Manage email preferences
• Download your data
• Delete documents and content

11. Special Categories of Data

We do not intentionally collect special categories of personal data (such as racial origin, political opinions, religious beliefs, health data, or sexual orientation). However, such information may be included in resumes or documents you create. If you include such information:

• You explicitly consent to our processing of this data solely to provide our services
• We recommend minimizing such information in your documents unless necessary
• This data receives the same security protections as all other personal data

12. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will promptly delete it.

13. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending email notification for significant changes

15. Data Protection Officer

For questions about our privacy practices or to exercise your rights, you can contact our Data Protection Officer at:

16. Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).

17. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights