Privacy Policy
Last updated: February 7, 2026
🔒 Privacy First: CareerScout AI is designed with privacy at its core. We collect only the minimum data necessary to analyze your CV and provide job matching services. Your CV content is analyzed securely and stored with industry-standard encryption.
1. Data Controller
CareerScout AI ("we", "us", "our") is the data controller responsible for your personal data. This privacy policy applies to all users of the CareerScout AI web application.
For any privacy-related inquiries, please contact us at: support@careerscoutai.com
2. Data We Collect
2.1 Account Data
When you create an account via Google Sign-In, we collect:
| Data Type | Purpose | Retention |
|---|---|---|
| Email address | Account identification, authentication | Until account deletion |
| Display name | Personalization | Until account deletion |
| Profile picture (optional) | User interface personalization | Until account deletion |
2.2 CV/Resume Data
When you upload your CV or resume, we collect and store:
| Data Type | Purpose | Retention |
|---|---|---|
| CV text content | AI analysis to extract skills, experience, education | Until you delete or update |
| Extracted skills | Job matching and search | Until you delete or update |
| Work history | Experience-based job recommendations | Until you delete or update |
| Education details | Qualification-based filtering | Until you delete or update |
2.3 Usage Data
| Data Type | Purpose | Retention |
|---|---|---|
| Job search queries | Service improvement, personalization | Until account deletion |
| Selected countries/locations | Location-based job matching | Until you modify preferences |
| Job matches viewed | Improve recommendation algorithm | Until account deletion |
2.4 Data We DO NOT Collect
- Browsing history outside of our application
- Cookies for tracking or advertising purposes
- Precise geolocation data
- Third-party analytics or telemetry
- Social media activity beyond authentication
2.5 Email Tracking for Abuse Prevention
⚠️ Important: To prevent abuse of our free tier service, we maintain a privacy-preserving record of email addresses that have used free tier accounts.
| Data Type | Purpose | Retention |
|---|---|---|
| Hashed email address (SHA-256) | Prevent free tier abuse by tracking prior usage | Permanent (persists after account deletion) |
| First usage timestamp | Track when email first used free tier | Permanent |
| Account deletion timestamp (if applicable) | Track deletion events for abuse pattern detection | Permanent |
Why we do this: Our free tier is designed for genuine users to try our service. To prevent abuse where users repeatedly delete accounts and re-register to bypass usage limits, we store a cryptographic hash of your email address. This hash cannot be reversed to reveal your email address and is used solely to detect if an email has previously used free tier benefits.
Your rights: Even after deleting your account, the hashed email record persists. If you wish to contest this processing under GDPR Article 21, please contact support@careerscoutai.com with proof of legitimate use. We will evaluate requests on a case-by-case basis.
3. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your data based on:
- Contract Performance (Article 6(1)(b)): Processing is necessary to fulfill our service to you, including CV analysis, job matching, and account management.
- Legitimate Interest (Article 6(1)(f)):
- Processing your CV content and search preferences is essential to provide the job matching service you've requested by creating an account and uploading your CV.
- Maintaining hashed email records for abuse prevention is necessary to protect our service from fraudulent use of free tier benefits. This legitimate interest has been balanced against your privacy rights by using irreversible cryptographic hashing.
- Consent (Article 6(1)(a)): Where required, such as for optional features, we obtain your explicit consent before processing.
4. Third-Party Services
CareerScout AI uses the following third-party services to deliver our core functionality:
4.1 Google Gemini API (AI Analysis)
We use Google's Gemini AI model via Google AI Studio to analyze your CV. When you upload a CV:
- Your CV text is sent to Google's servers for AI processing
- Processing occurs on Google Cloud infrastructure (data centers in the EU and USA)
- Google processes this data under their Data Processing Addendum
- The text is used only for immediate analysis and is subject to Google's API terms
4.2 Firebase (Google Cloud)
Our backend infrastructure runs on Firebase/Google Cloud for:
- User authentication (Firebase Authentication with Google Sign-In)
- Database storage for CV data and user profiles (Firestore)
- Application hosting
Data stored on Firebase is protected by Google Cloud's security measures and is hosted in the EU region where possible.
4.3 Adzuna (Job Search API)
We use Adzuna's job search API to retrieve job listings. When you perform a job search:
- We send search queries based on your extracted skills and preferences to Adzuna
- Adzuna processes these queries to return relevant job listings
- We do not send your complete CV or personal identification data to Adzuna
- Job search data is subject to Adzuna's Privacy Policy
4.4 Lemon Squeezy (Payment Processing)
If we offer paid features, we use Lemon Squeezy as our Merchant of Record for processing payments:
- Lemon Squeezy collects and processes your payment information
- We do not receive or store credit card numbers or payment details
- Lemon Squeezy handles billing, refunds, and tax compliance
- Your purchase is subject to Lemon Squeezy's Privacy Policy
International Transfers: Data may be processed on servers located outside the European Economic Area (EEA). We ensure adequate protection through Google's Standard Contractual Clauses (SCCs) and compliance with EU-US Data Privacy Framework.
5. Data Retention
- CV content and analysis: Retained until you delete or update your CV or profile, or delete your account.
- Account data: Retained until you request account deletion.
- Usage data: Retained for the lifetime of your account to improve service quality.
- Job search history: Retained until account deletion or until you manually clear your history.
- Hashed email records: Retained permanently, including after account deletion, to prevent free tier abuse. See section 2.5 for details.
- Other deleted data: When you delete your account, all other associated data is permanently removed within 30 days.
6. Your Rights Under GDPR
If you are in the European Economic Area (EEA), you have the following rights:
✓ Right of Access
Request information about data we process about you.
✓ Right to Rectification
Request correction of inaccurate personal data.
✓ Right to Erasure
Request deletion of your personal data ("right to be forgotten"). You can delete your profile and associated data directly within the application at any time.
Important exception: Hashed email records will persist permanently after account deletion to prevent abuse. This processing is based on legitimate interests (GDPR Article 6(1)(f)). You may object to this under Article 21.
✓ Right to Restriction
Request limitation of processing of your data.
✓ Right to Portability
Receive your data in a portable, machine-readable format.
✓ Right to Object
Object to processing based on legitimate interests.
To exercise these rights, contact us at support@careerscoutai.com. You also have the right to lodge a complaint with a supervisory authority (such as your local Data Protection Authority in the EU).
7. Security Measures
We implement appropriate technical and organizational measures to protect your data:
- All communications are encrypted using HTTPS/TLS
- API keys are managed server-side and never exposed to clients
- CV content is stored with encryption at rest in Firebase Firestore
- Access controls and authentication via Firebase ensure only authorized access
- Regular security audits of our infrastructure
- Google Cloud security measures and compliance certifications
8. Cookies & Local Storage
CareerScout AI does not use cookies for tracking or advertising. We only use necessary cookies and browser storage to:
- Maintain your authenticated session (Firebase session cookies)
- Store your user preferences locally
- Remember your selected job search filters
Please see our Cookie Policy for more detailed information.
9. Children's Privacy
CareerScout AI is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately at support@careerscoutai.com.
10. Policy Updates
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Updating the "Last updated" date at the top of this page
- Displaying a notice in the application for significant changes
- Sending an email notification for substantial changes that affect your rights
We encourage you to review this policy periodically.
11. Contact Us
For any questions about this Privacy Policy or our data practices, please contact us:
Email: support@careerscoutai.com
General Support: support@careerscoutai.com
We aim to respond to all inquiries within 30 days.