Privacy Policy

Last updated: November 11, 2025

1. Introduction

Career Signals ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Career Signals, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide when using the Service:

  • Account Information: Name, email address, and profile information from Google authentication
  • Resume Data: Content from uploaded resumes including work history, education, skills, and achievements
  • Interview Responses: Conversations and responses during AI-powered career interviews
  • Persona Information: Career summaries, philosophies, goals, and other professional data you create
  • Profile Links: LinkedIn, GitHub, portfolio, and other professional URLs you add

2.2 Automatically Collected Information

We automatically collect certain information when you use the Service:

  • Usage Data: Pages viewed, features used, time spent, and interaction patterns
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Session Data: Login times, authentication tokens, and session identifiers
  • Performance Data: Error logs, loading times, and service performance metrics

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: Process resumes, conduct AI interviews, build career personas, and enable exports
  • Personalization: Tailor AI responses and recommendations based on your profile and goals
  • Improvements: Analyze usage patterns to enhance features and user experience
  • Communication: Send service updates, feature announcements, and respond to inquiries
  • Security: Detect fraud, prevent abuse, and maintain Service security
  • Analytics: Track aggregate usage metrics to understand product performance
  • Compliance: Meet legal obligations and enforce our Terms of Service

4. AI Processing and Third-Party Services

4.1 AI Services

We use Groq AI services to power our interview system and persona generation. Your resume data and interview responses are sent to Groq's API for processing. Groq processes data according to their own privacy policy and terms of service.

4.2 Authentication

We use Google OAuth for authentication. When you sign in with Google, we receive basic profile information (name, email, profile picture) as authorized by you. Google's use of this information is governed by their privacy policy.

4.3 Hosting and Infrastructure

Our Service is hosted on Vercel. Your data is stored in secure databases managed through Prisma ORM. We implement industry-standard security measures to protect your information.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: Third-party services (Groq, Vercel, Google) that help us operate the Service
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
  • Protection of Rights: To protect our rights, property, or safety, or that of our users
  • With Your Consent: When you explicitly authorize us to share specific information

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. You may request deletion of your account and data at any time. Upon deletion request:

  • We will delete your account and associated persona data within 30 days
  • You may export your data before deletion
  • Some information may be retained in backup systems for up to 90 days
  • Aggregated, anonymized data may be retained for analytics
  • We may retain certain information as required by law

7. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure authentication via Google OAuth
  • Regular security assessments and updates
  • Access controls and authentication for database access
  • Monitoring for suspicious activity and security incidents

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights and Choices

You have the following rights regarding your information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information through your account settings
  • Deletion: Request deletion of your account and associated data
  • Export: Download your persona data in markdown format
  • Objection: Object to certain processing of your information
  • Portability: Request transfer of your data to another service (where technically feasible)

To exercise these rights, please contact us at [email protected].

9. Cookies and Tracking

We use essential cookies and similar technologies to:

  • Maintain your authenticated session
  • Remember your preferences and settings
  • Analyze usage patterns and improve the Service
  • Detect and prevent fraud

You can control cookies through your browser settings, but disabling cookies may limit functionality.

10. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that a user is under 18, we will delete their account and information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to such transfers.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to deletion
  • Right to non-discrimination for exercising your rights

13. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing: Consent and legitimate interests
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority
  • Right to data portability
  • Right to restrict processing

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Support: [email protected]

We will respond to your inquiry within 30 days.