Privacy Policy

1. Introduction

CareerTwins ("we," "us," or "our") operates the website CareerTwins.com and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

Our Service is designed to provide comprehensive AI-powered career lifecycle support, including but not limited to career advising, resume analysis, mock interviews, job-matching, and other professional development tools. Because of the nature of our Service, we process sensitive personal information including resume data, interview performance data, and other personally identifiable information ("PII"). We take the privacy and security of this data very seriously.

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

When you use our Service, you may provide us with the following categories of personal information:

• Resume and Career Data: Full name, email address, phone number, mailing address, work history, job titles, employers, education history, degrees, certifications, skills, professional summaries, and any other information contained in your resume or CV.
• Account Information: Email address, username, password, and profile preferences.
• Job Preferences: Desired job titles, target companies, salary expectations, location preferences, and industry interests.
• Communications: Any messages, feedback, or correspondence you send to us.

2.2 Information Collected Automatically

When you access our Service, we automatically collect certain information, including:

• Usage Data: Pages visited, features used, time spent on pages, click patterns, and search queries.
• Device Information: Browser type, operating system, device identifiers, screen resolution, and language preferences.
• Log Data: IP address, access times, referring URLs, and error logs.
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activity. See our cookie practices described below.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Authentication providers (e.g., Google, LinkedIn) if you choose to sign in using a third-party account.
• Publicly available professional profile data used to enhance our job-matching algorithms.

3. Legal Basis for Processing (EU/UK)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data under the following legal bases:

• Performance of a Contract: To provide the Service you requested, including maintaining your account and performing AI career analysis.
• Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications).
• Legitimate Interests: For our legitimate business interests, such as improving our Service technology, protecting against fraud, and enhancing security, provided these interests are not overridden by your rights.
• Legal Obligation: To comply with applicable laws and regulations.

4. How We Use Your Information

We use the personal information we collect for the following purposes:

• Provide and Operate the Service: To process your resume, perform AI-powered career analysis, match you with relevant job opportunities, and deliver personalized career insights.
• Improve and Develop: To analyze usage patterns, conduct research, and improve our AI models, algorithms, and overall Service quality.
• Communications: To send you service-related notifications, respond to your inquiries, and provide customer support.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• AI Model Training and Improvement: To train, fine-tune, and improve our proprietary artificial intelligence models, machine learning algorithms, and overall system performance. We typically use anonymized or pseudonymized data for these purposes.
• With Your Consent: For any other purpose disclosed to you at the time we collect your information or with your consent.

5. How We Share Your Information

We do not sell your personal information. We do not rent, trade, or otherwise make your personal information available to third parties for their own marketing purposes.

We may share your information in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf, such as cloud hosting, data analytics, third-party Large Language Model (LLM) providers (such as OpenAI, Anthropic, or Google), AI processing, email delivery, and customer support. These service providers have access to your personal information only to perform tasks on our behalf and are contractually obligated to protect your data and not use it for any other purpose. When processing data through third-party LLM providers, we utilize enterprise-grade APIs designed to ensure your data is not used to train their public models.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency request).

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information.

5.4 Protection of Rights

We may disclose your information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

5.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you opt in to share your profile with potential employers.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Account Data: We retain your resume data, profile information, and account data for as long as your account is active.
• Deleted Accounts: Upon account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain certain data for legal, regulatory, or legitimate business purposes (e.g., fraud prevention, dispute resolution).
• Usage and Log Data: Automatically collected data is typically retained for up to 12 months for analytics and security purposes, after which it is aggregated or deleted.
• Backup Copies: Residual copies of your data in our backup systems will be overwritten in the normal course of operations within 90 days of deletion.

7. Data Security

We implement and maintain reasonable and appropriate technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols. Sensitive data at rest is encrypted using AES-256 encryption.
• Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis, with multi-factor authentication and role-based access controls.
• Infrastructure Security: Our systems are hosted on enterprise-grade cloud infrastructure with SOC 2 compliance, firewalls, intrusion detection, and regular security audits.
• Breach Notification: In the event of a data breach affecting your personal information, we will notify you and the appropriate authorities in accordance with applicable law, including within 72 hours where required by regulation.

8. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: You have the right to request a copy of the personal information we hold about you.
• Correction: You have the right to request that we correct any inaccurate or incomplete personal information.
• Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (e.g., legal obligations, active disputes).
• Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format (e.g., JSON or CSV).
• Opt-Out of Communications: You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us directly.
• Withdraw Consent: Where we rely on your consent to process your data, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Restrict Processing: You may request that we restrict certain processing of your personal information under specific circumstances.

To exercise any of these rights, please contact us at the email address listed in the Contact Us section below. We will respond to your request within 30 days (or sooner where required by applicable law). We may ask you to verify your identity before fulfilling your request.

9. EU/UK Data Subject Rights

If you are a resident of the EEA or UK, you have the following additional rights under the GDPR and UK-GDPR:

• Right to Object: You can object to our processing of your personal data based on legitimate interests.
• Right to Restriction: You can request that we restrict the processing of your data under certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Right to Complain: You have the right to lodge a complaint with a data protection authority.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

10.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers: Name, email address, phone number, IP address, account username.
• Professional or Employment-Related Information: Resume content, work history, job titles, employer names, skills, certifications.
• Education Information: Degrees, institutions, graduation dates, academic achievements.
• Internet or Electronic Network Activity Information: Browsing history on our Service, search queries, interaction data.
• Geolocation Data: Approximate location derived from IP address.
• Inferences: Career profile inferences drawn from the above categories to provide job matching and career recommendations.

10.2 Your CCPA/CPRA Rights

As a California resident, you have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
• Delete: Request deletion of your personal information, subject to certain exceptions.
• Correct: Request correction of inaccurate personal information.
• Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
• Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to only what is necessary to provide the Service.
• Non-Discrimination: You will not be discriminated against for exercising your CCPA/CPRA rights.

10.3 How to Submit a Request

To submit a request to exercise your California privacy rights, you may:

• Email us at info@careertwins.com

We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf, subject to verification of the agent's authority and your identity. We will respond to verifiable consumer requests within 45 days as required by law.

10.4 Financial Incentives

We do not offer financial incentives or price differentials related to the collection, retention, or sale of personal information.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete such information as soon as possible. If you believe we may have collected information from a child under 16, please contact us immediately at info@careertwins.com.

12. International Users & Data Transfers

CareerTwins is based in the United States. Your information may be transferred to, stored, and processed in the US and other countries where our service providers operate.

For transfers of personal data from the EEA or UK to countries not deemed to have an adequate level of data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, or other legally recognized transfer mechanisms to ensure your data is protected.

By using our Service, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy. If you do not consent to such transfer and processing, please do not use the Service.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Effective Date" at the top of this page.
• Post a prominent notice on our Service.
• Send you an email notification if you have an account with us (where required by law).

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: info@careertwins.com
• Website: CareerTwins.com

We will endeavor to respond to all inquiries within 30 days.