CareerAIlign ("we," "our," or "us") operates careerailign.com. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered career optimization platform.
By using CareerAIlign, you agree to this policy. Questions? Email us at support@careerailign.com.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address (used to identify your account and send magic-link login emails)
- Display name (optional)
- Account creation timestamp
Resume and Career Content
To deliver our AI analysis, we process:
- Resumes you upload (PDF, DOCX, TXT formats)
- Job descriptions you enter for tailored analysis
- LinkedIn profile data you provide for optimization
- Cover letter content you generate or upload
Email Account Connection (Optional)
When you connect a Gmail or Outlook account to power the job application tracker:
- OAuth access tokens (stored encrypted — we never see your password)
- Email metadata related to job applications (sender, subject, date)
- Email body content only where necessary to identify application status
Important: We request the minimum permissions necessary. Gmail access is read-only scoped — we do not send emails from your account. You can disconnect your email at any time from account settings.
Usage Data
We automatically collect:
- Pages visited and features used (to improve the service)
- Browser type, operating system, and device type
- IP address (for security and fraud prevention)
- Timestamps of actions (analysis runs, logins, etc.)
- Credit usage and purchase history
2. How We Use Your Information
- Provide the service: Run AI analysis on resumes, generate cover letters, score LinkedIn profiles, and track job applications
- Improve the service: Understand which features are most used, identify bugs, optimize AI quality
- Send account communications: Magic-link login emails, purchase receipts, and important service updates (transactional — always sent)
- Send marketing emails: Career tips, product updates, and improvement suggestions — only to users who have consented or have not opted out. Every marketing email includes a one-click unsubscribe link
- Prevent fraud and abuse: Detect unusual usage patterns and enforce usage limits
- Respond to support requests: Use your information to assist you when you contact us
We do not use your resume or personal career content to train AI models, sell to third parties, or share with advertisers.
3. Data Storage and Security
Your data is stored on cloud infrastructure in the United States. Our security practices include:
- Encryption at rest: All OAuth tokens and sensitive credentials are encrypted using AES-256-GCM before storage
- Encryption in transit: All traffic uses HTTPS/TLS
- Access controls: Database access is restricted to authorized infrastructure only
- No data sales: We never sell, rent, or trade your personal data
Uploaded resume files are processed in memory for analysis. We do not permanently store raw file content beyond what's necessary to deliver your results.
4. Email Connection Data
When you connect Gmail or Outlook:
- OAuth tokens are stored encrypted
- Tokens are used only to read job-related emails
- We do not read personal emails unrelated to job applications
- Tokens are never shared with third parties
- You can revoke access anytime via account settings or your Google/Microsoft account security page
- Disconnecting an email account deletes the stored tokens immediately
5. Email Communications & CAN-SPAM Compliance
CareerAIlign sends two categories of email:
- Transactional emails — Required for account function: magic-link login emails, purchase receipts, feedback replies, and account credit notifications. These are sent in direct response to your actions and cannot be opted out of
- Marketing emails — Career tips, product updates, resume improvement suggestions, and re-engagement messages. These require your consent and include an unsubscribe link in every email
Unsubscribe: Every marketing email contains a one-click "Unsubscribe" link in the footer. Clicking it immediately removes you from all marketing emails. You can also manage your preferences at careerailign.com/email-preferences.
CAN-SPAM compliance: All commercial emails include our physical mailing address, an accurate "From" name, a non-deceptive subject line, and a functioning unsubscribe mechanism. Unsubscribe requests are honored within 10 business days (typically immediately).
GDPR (for EU users): If you are in the European Economic Area, we rely on your consent as the legal basis for marketing emails. You can withdraw consent at any time using the unsubscribe link in any email or by contacting support@careerailign.com.
Bounce & complaint handling: If an email bounces (invalid address) or you mark our email as spam, we automatically stop sending to that address.
Email processor: We use Mailgun (a Sinch company) to deliver emails. Mailgun processes email addresses and delivery metadata in accordance with their Privacy Policy.
6. AI Processing
Our analysis features use large language model APIs. When you submit content for analysis:
- Your content is sent to our AI provider for processing
- We use API configurations that opt out of training data collection where available
- Results may be cached briefly to serve your analysis
7. Cookies and Local Storage
We use minimal browser storage:
- Authentication token: A JWT stored in
localStorage to keep you logged in
- Session preferences: UI settings like last-viewed page
- Anonymous analytics: Usage patterns to understand product performance (no personally identifiable tracking)
We use the Meta Pixel (Facebook Pixel) to measure ad performance and conversion events (e.g., page views, completed assessments, purchases). This pixel may set cookies on your device that Meta uses for advertising measurement. You can opt out via Meta's privacy settings.
8. Third-Party Services
We use these services to operate CareerAIlign:
- Render.com — Cloud hosting
- Neon — Database storage
- Google OAuth — Gmail connection (optional, user-initiated)
- Microsoft OAuth — Outlook connection (optional, user-initiated)
- Stripe — Payment processing (card data never touches our servers)
- Meta (Facebook Pixel) — Advertising measurement and conversion tracking. Meta's Privacy Policy applies.
- Mailgun (Sinch) — Email delivery. Email addresses, subjects, and delivery metadata are processed by Mailgun in accordance with their Privacy Policy.
9. Your Rights
- Access: Request a copy of all data we hold about you
- Correction: Update your account information
- Deletion: Request deletion of your account and all associated data
- Export: Request your data in a portable format
- Opt-out of marketing emails: Click the "Unsubscribe" link in any email footer, or visit your Email Preferences page. Unsubscribe requests are honored immediately. Transactional emails (login links, receipts) cannot be turned off as they are required for account function
- Disconnect email integrations: Remove Gmail or Outlook access at any time from account settings
Email support@careerailign.com to exercise any of these rights. We will respond within 30 days.
10. Data Retention
- Account data: Retained while your account is active
- Analysis history: Retained for 12 months to support trend comparisons
- OAuth tokens: Deleted immediately upon disconnection
- Deleted accounts: All data purged within 30 days of deletion request
- Email preferences & unsubscribe records: Retained indefinitely to honor opt-out requests, even after account deletion. This is required by law — we must not re-email someone who has unsubscribed
11. Children's Privacy
CareerAIlign is not intended for users under 16 years of age. We do not knowingly collect data from minors. Contact us at support@careerailign.com if you believe a child has submitted data.
12. Changes to This Policy
We may update this Privacy Policy. Material changes will be announced by updating the "Last updated" date and notifying users via email. Continued use of the service after changes constitutes acceptance.