Privacy Policy

      This Privacy Policy explains how CareerCompass collects, uses, and protects your information when you use our platform.

      Last updated: March 6, 2026·Also see: Terms of Service

      Contents

      IntroductionInformation We CollectHow We Use Your InformationEncryption & SecurityThird-Party ProvidersData ProtectionData Retention & DeletionYour RightsChanges to PolicyContact
      1

      Introduction

      At CareerCompass, we value your privacy. This Privacy Policy document outlines the types of personal information we collect, how we use and protect it, and your rights regarding your data. By using our services, you agree to the collection and use of information in accordance with this policy.

      2

      Information We Collect

      • Personal Information: When you create an account, we collect personal details such as your name, email address, and password. This information is essential for authentication and account management.
      • Profile Data: We collect information about your education, skills, interests, career goals, and company name to provide personalized services.
      • Usage Data: We track your interactions with our platform, including saved opportunities, dashboard activity, and recommendations, to improve our services.
      • Resume Data: If you upload your resume, we collect and parse data such as your skills, experience, certifications, and keywords to enhance your profile and job matching.
      • Application Data: We collect information about your job applications, including status, messages, and chat history, to facilitate communication and track progress.
      • Cookies: We use cookies to manage UI state and sessions. Cookies are small data files stored on your device that help us improve your experience.
      • Email Interactions: We track interactions with our emails, including opens and clicks, to measure engagement and improve our communication.
      3

      How We Use Your Information

      • Account Management: We use your information to create, manage, and secure your account.
      • Personalization: Your data helps us tailor recommendations and content on your dashboard to match your profile.
      • Opportunity Matching: We use your profile information to match you with relevant job opportunities and provide scoring to prioritize applications.
      • Communication: We send you onboarding emails, status updates, and notifications about new opportunities or platform features.
      • Application Tracking: We provide tools to track the status of your applications and enable messaging between you and potential employers.
      • Analytics and Improvement: We analyze usage data to understand how our platform is used and identify areas for improvement.

      AI Processing

      Your resume text, job descriptions, and submitted prompts are processed by Google Gemini 2.5 Flash via the Genkit framework to generate ATS scores, cover letters, skill gap analyses, interview questions, salary insights, LinkedIn suggestions, and candidate rankings. By using these features, you consent to this processing.

      File Security Validation

      All uploaded files are validated server-side against magic byte signatures to confirm actual file type, regardless of declared extension. Files exceeding 5 MB or failing signature validation are rejected and not stored.

      4

      Encryption & Security

      CareerCompass employs multiple security layers to protect your data in transit and at rest.

      End-to-End Encrypted Messaging (AES-GCM 256-bit)

      All chat messages are encrypted on your device using AES-GCM with a 256-bit key before transmission. Our servers relay only ciphertext — CareerCompass cannot read your messages.

      ECDH P-256 Key Exchange

      Session encryption keys are derived via Elliptic Curve Diffie-Hellman (ECDH P-256) using the Web Crypto API. Your private keys are generated locally and stored in IndexedDB on your device. They are never transmitted to our servers.

      Infrastructure Encryption

      All data at rest in Firebase Firestore and Cloud Storage is encrypted using Google-managed AES-256 keys. All data in transit is protected by TLS 1.2+.

      File Signature Validation

      Every uploaded file undergoes magic byte signature validation server-side. Files that fail validation — regardless of declared extension — are rejected before storage.

      API Rate Limiting

      AI processing endpoints, checkout sessions, and file upload routes are rate-limited to prevent abuse and denial-of-service attempts.

      Payment Security

      No raw card data is processed by CareerCompass servers. All payment flows run through Stripe's PCI-DSS compliant infrastructure.

      5

      Third-Party Providers

      We may employ third-party services for various purposes, such as analytics, payment processing, and email communication. These third parties may have access to your personal information as needed to perform their functions, but they are obligated not to disclose or use it for any other purpose.

      ProviderPurposeData Shared
      Google Gemini (Genkit)AI resume parsing, ATS scoring, cover letter generation, candidate ranking, interview prep, skill gap analysis, salary insights, LinkedIn optimizationResume text, job descriptions, user-submitted prompts
      Firebase (Google)Firestore database, user authentication (Google OAuth), file storageAccount data, professional profile data, application records, encrypted chat ciphertext
      CloudinaryProfile image hosting, transformation, and CDN deliveryProfile pictures and permitted media uploads
      StripeSubscription billing and payment processingPlan selection and billing email. Raw card data is processed exclusively by Stripe — CareerCompass never stores card numbers.
      BrevoTransactional email delivery via SMTPEmail address, name, application status content, welcome email content
      6

      Data Protection

      We take data protection seriously and implement industry-standard security measures to safeguard your information. Your password is stored securely using encryption, and we use secure connections (SSL/TLS) to protect data transmission. However, no method of transmission over the internet or electronic storage is 100% secure, so we cannot guarantee absolute security.

      7

      Data Retention & Deletion

      We retain your personal data as long as your account is active or as needed to provide you with our services. You can request the deletion of your account and personal data at any time by contacting us. Upon deletion, your data will be removed from our active systems, but we may retain certain information as required by law or for legitimate business purposes.

      8

      Your Rights

      You have certain rights regarding your personal data, including the right to access, correct, or delete your information. You can update your profile information at any time through your account settings. If you wish to exercise any other rights or have any concerns about your data, please contact us.

      9

      Changes to Policy

      We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on our website and updating the "Last Updated" date above. We encourage you to review this policy periodically to stay informed about how we protect your information.

      10

      Contact

      If you have any questions, concerns, or complaints about this Privacy Policy or our data practices:

      Contact us via GitHub

      By using CareerCompass, you acknowledge that you have read and understood this Privacy Policy.

      © 2026 CareerCompass. All rights reserved.