Privacy Policy

1. Introduction

CareerLift.ai ("we," "our," or "us") is an AI-powered career platform offering interview practice, resume tools, cover letter generation, a smart job board, structured learning paths, and job tracking via our web app and Chrome Extension. We are committed to protecting your personal information in accordance with the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the General Data Protection Regulation (GDPR), and other applicable privacy laws.

This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your rights as a user. It applies to our website, web application, and Chrome Extension (collectively, the "Service").

By using the Service, you consent to the practices described here. If you do not agree, do not access or use the Service.

2. Information We Collect

2.1 Account & Profile Information

When you register or use the Service:

• Basic account: Full name, email address, password (hashed — never stored in plaintext)
• Professional profile: Current job title, years of experience, target role, skills, and career goals
• Resume data: Uploaded or pasted resume content used to tailor interview questions and ATS scoring

2.2 Interview & Session Data

• Interview responses: Your typed, spoken (transcribed), or coded answers during practice sessions
• AI feedback & scores: Evaluations generated from your responses, stored in your session history
• Code submissions: Source code submitted during coding practice, including the language selected
• Session metadata: Interview type, company, role, duration, date, and completion status

2.3 Voice & Audio Data

When you use voice interview mode, your audio is streamed in real time to a speech-to-text service (Deepgram) for transcription. Audio is not permanently stored after the session ends. Only the text transcript of your spoken response is saved to your session history.

2.4 Job Search & Tracker Data

• Job listings you save, apply to, or track (title, company, URL, status, notes)
• Job descriptions you paste or import for ATS scoring or interview customization
• Learning path progress, completed sessions, XP milestones, and selected roadmaps

2.5 Chrome Extension Data

When the Chrome Extension is active on supported job board domains:

• It reads job listing content (title, description, company name) to compute your ATS match score — this content is not stored on our servers beyond the current request
• It does not monitor your general browsing history, read pages outside supported domains, or capture screenshots
• It reads only content already loaded in your browser — no additional requests are made to third-party sites beyond what your browser normally performs

2.6 Payment Information

Billing details (card number, expiry, CVV) are processed entirely by Stripe and are never stored on our servers. We store only your subscription status, plan type, and billing period.

2.7 Automatically Collected Data

• Device & browser: Browser type, OS, device model, screen resolution
• Usage data: Pages and features accessed, session durations, feature interactions
• Log data: IP address, access timestamps, referring URLs, error logs
• Performance metrics: Interview completion rates, scores over time, streak data

2.8 Cookies & Tracking Technologies

• Essential Cookies: Authentication, session management, security — cannot be disabled
• Functional Cookies: Theme preferences, UI settings
• Analytics: Aggregate usage analytics (Vercel Analytics) — no cross-site tracking or advertising

You can control non-essential cookies in your browser settings. Disabling essential cookies may prevent login or core features from working.

3. How We Use Your Information

3.1 Providing the Service

• Create and manage your account and subscription
• Generate personalized interview questions based on your role, resume, and job description
• Transcribe voice responses and evaluate answers using AI
• Compute ATS resume scores and identify keyword gaps
• Generate cover letters, resume bullets, and tailored resumes
• Analyze job listings and compute ATS match scores on job board pages
• Track learning path progress and deliver structured practice roadmaps
• Store and display your job tracker pipeline, session history, and progress analytics
• Execute your code in a sandboxed environment for coding practice

3.2 Service Improvement

• Improve AI question quality and feedback accuracy using anonymized and aggregated data only
• Identify and fix bugs, performance issues, and usability problems

3.3 Billing & Payments

• Process subscription payments and manage billing cycles
• Send payment confirmations, invoices, and renewal reminders
• Handle refund requests and billing disputes

3.4 Communications

• Send transactional emails (verification, password resets, receipts)
• Notify you of material changes to the Service or policies
• Respond to support inquiries
• Send promotional emails only with your opt-in consent (unsubscribe anytime)

3.5 Safety & Legal Compliance

• Detect, prevent, and address fraud, abuse, and security threats
• Enforce our Terms of Service and Acceptable Use Policy
• Comply with applicable legal obligations, court orders, and regulatory requirements

4. Third-Party Services & Data Processors

We work with the following third-party service providers ("data processors") to operate the platform. Each processes only the data necessary for its specific function. This disclosure is required by GDPR Article 28 and CCPA.

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes. We do not use advertising trackers or share data with ad networks.

4.2 When We May Disclose Information

• Legal Requirement: When required by law, subpoena, court order, or regulation
• Safety: To protect the rights, property, or safety of CareerLift.ai, our users, or the public
• Business Transfer: In a merger or acquisition, with confidentiality protections and advance notice
• With Your Consent: When you explicitly authorize a specific disclosure

5. AI-Specific Disclosures

• Interview responses, resume content, and job descriptions are sent to OpenAI's API for AI processing. We do not send your name, email, or contact details alongside these requests
• We do not use your personal data to train or fine-tune AI models
• Data sent to OpenAI is subject to their Privacy Policy. OpenAI's API applies zero data retention by default for API customers
• AI-generated feedback, ATS scores, and resume suggestions are for educational and practice purposes only
• Automated decisions (ATS scores, session evaluations) do not constitute employment decisions and are not used by employers

6. Data Security

We implement industry-standard technical and organizational security measures:

• TLS/SSL encryption for all data in transit
• Encrypted storage for sensitive data at rest
• Row-Level Security (RLS) so each user can only access their own data
• Secure, httpOnly session cookies
• Rate limiting and abuse prevention on all API endpoints
• Regular security reviews and dependency updates
• Principle of least privilege for internal access controls

No method of internet transmission is 100% secure. In the event of a data breach affecting your rights, we will notify affected users as required by applicable law (within 72 hours for GDPR, without unreasonable delay for CCPA).

7. Data Retention

You may request deletion of your account and all associated data (resume, session history, learning path progress, job tracker, profile) at any time via Settings → Account → Delete Account, or by emailing privacy@careerlift.ai. We process deletion requests within 30 days.

8. Your Privacy Rights

8.1 Rights for All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and personal data
• Opt-Out: Unsubscribe from marketing communications at any time

8.2 GDPR Rights (EEA & UK Users)

• Data Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Object: Object to processing based on legitimate interests or for direct marketing
• Withdraw Consent: Withdraw consent where processing is consent-based
• Lodge a Complaint: File a complaint with your local supervisory authority

Legal bases for processing (GDPR): We process your data based on: (a) your consent (e.g., marketing emails); (b) contract performance (providing the Service); (c) legitimate interests (security, fraud prevention, service improvement); and (d) legal obligation.

8.3 CCPA / CPRA Rights (California Residents)

California residents have the following rights under the CCPA as amended by the CPRA:

• Know: Request disclosure of categories and specific pieces of personal information collected about you in the past 12 months
• Delete: Request deletion of personal information we have collected, subject to certain exceptions
• Correct: Request correction of inaccurate personal information we maintain about you
• Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. You have the right to opt out if this changes
• Limit Use of Sensitive Personal Information: You may request that we limit the use of sensitive personal information to what is necessary to provide the Service
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise any of these rights, contact us at privacy@careerlift.ai or through your account settings. We respond within 30 days (up to 45 days for CCPA if an extension is needed, with notice).

9. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States, where our service providers operate. These countries may have different data protection standards.

Where we transfer data from the EEA or UK to third countries, we use Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards to ensure your data is protected in accordance with this policy and applicable law.

10. Children's Privacy

The Service is not intended for individuals under 16 (or 13 where COPPA applies). We do not knowingly collect personal information from children under these age thresholds.

If you are a parent or guardian and believe your child has provided us with personal data, contact us at privacy@careerlift.ai. We will delete such data within 30 days.

11. Do Not Track

We honor Do Not Track (DNT) signals and do not engage in cross-site tracking. We do not use third-party advertising trackers on the Service.

12. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices, features, or legal requirements. For material changes:

• We will update the "Last updated" date at the top of this page
• We will notify you by email or in-app notification at least 30 days before the changes take effect
• For significant changes affecting how we use sensitive data, we may require re-consent

Continued use of the Service after the effective date constitutes acceptance of the updated policy.