Privacy Policy

Effective: October 2, 2025 · Last Updated: October 2, 2025

CareerFlex ("we", "us", "our") operates the website careerflex.app and a companion desktop tray application (the "Service"). If you have any questions about this policy or your data, contact us at support@careerflex.app.

Information We Collect

• Account and authentication: Email and a unique user ID (via Supabase).
• Payments and credits: We do not collect or store card numbers. Payments are processed by Stripe. We store purchase metadata (e.g., Stripe session/payment identifiers, package purchased) to manage your credit balance and transaction history.
• Credits and usage: Your credit balance and credit transactions (purchases, consumption, bonuses). Basic usage analytics you send to us: event type, counts, durations, app version, timestamps, and optional metadata. We do not use third‑party ad trackers.
• AI processing content: When you request AI analysis, your prompt may include CV text and job content. We transmit the prompt to an AI model via a routing provider (OpenRouter) to return the analysis. We configure requests to disable model training and sharing, and to enable zero data retention (ZDR) where the provider supports it. Some model providers may not support all privacy controls; in those cases we choose settings that minimize retention, and we do not use your prompts to train our own systems. We do not sell this information. We do not persist prompt content server‑side beyond what is needed to fulfill the request. We may store minimal metadata (e.g., model used, timestamps, credits consumed, error messages). See OpenRouter’s privacy documentation for details: https://openrouter.ai/privacy.
• Referrals: Referral codes and attributions (who referred whom), and simple referral cookies (e.g., ref_code, ref_user) to credit referrals.
• Desktop app data: The desktop app generates a local device_id and stores data in local folders (e.g., CVs, results, logs). The device_id may be used to issue short‑lived desktop tokens that authorize your desktop app to call our web API. Most desktop data stays on your device under your control.
• Automatically collected information: Standard server logs (IP address, user‑agent, pages/routes accessed, timestamps) and basic device/browser info for reliability, security, and abuse prevention.
• Cookies: Authentication cookies from Supabase, referral cookies we set (where applicable), and Stripe cookies on Stripe’s domain during checkout.

How We Use Information

• Provide and maintain the Service (auth, credits, AI analysis, desktop connectivity).
• Process payments and issue/consume credits.
• Improve reliability, performance, and security (including rate limiting and abuse prevention).
• Provide support and communicate about updates or changes.
• Measure basic usage (in‑house analytics stored in our database).

Sharing of Information

We share information with service providers solely to operate the Service:

• Supabase (authentication and database)
• Stripe (payments)
• OpenRouter and underlying AI model provider(s) for AI processing
• Hosting and infrastructure providers, and software update sources (e.g., GitHub for update checks)

We may disclose information if required by law or to protect rights, safety, and security. We do not sell personal information.

Data Retention

• Account and transactional records: Retained while your account is active and for a reasonable period afterward for legal, accounting, and fraud‑prevention purposes.
• AI prompts: Not stored server‑side beyond processing the request (we may keep basic metadata like timestamps, model identifiers, and credits used).
• Usage analytics: Retained for an operational period (e.g., up to 12 months) to improve the Service.
• Desktop data: Stored locally on your device; you control retention there.

Security

We use commercially reasonable measures (e.g., HTTPS, access controls, short‑lived HMAC desktop tokens) to protect information. No system is 100% secure.

Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal information. Contact us at support@careerflex.app to make a request.

Children’s Privacy

The Service is not intended for children under 13, and we do not knowingly collect their information.

International Transfers

We may process and store information in regions where our providers operate. By using the Service, you consent to such transfers.

Changes to This Policy

We may update this policy. The “Last Updated” date will be revised. Material changes may be announced on the website.

Contact

Questions or requests: support@careerflex.app