Privacy Policy
Last updated: July 5, 2026
Your privacy matters. This policy explains what we collect, how we use it, and the choices you have. We process sensitive career data, so we apply strong security by design, and we never sell your data.
1. Information We Collect
We collect: (a) account data (name, email, hashed password, plan); (b) content you provide, which includes resumes, interview answers, job applications and their stage history, contacts you record about your own network and your notes about them, job offers you enter, calendar entries, saved searches, cohort memberships, practice activity, and profile details such as your target role, skills, phone, and links; (c) usage data (features used, AI token usage, timestamps, in-app notifications); and (d) technical data (IP address, device and browser, approximate country for currency and security).
2. How We Use Your Information
We use your information to provide and personalize the Service: analyze your resume, score your fit against real job postings, run mock interviews and generate evidence-based feedback, build your practice queue, compute your progress and pipeline analytics, and send the reminders and reports described below. We also use it to maintain security and prevent abuse, process payments, enforce plan limits, and communicate with you about your account. We rely on your consent and the performance of our contract with you as legal bases.
3. Public and Research Data We Combine With Yours
Some numbers you see are not about you at all: job postings come from employers' own career systems and vetted job boards; occupation statistics (employment projections, wages, AI task-exposure research) come from published public datasets and are cited where shown. We display these alongside your data (for example, comparing an offer you enter against salaries stated in live postings) but they are computed from public sources, never invented.
4. AI Processing
To power AI features, relevant content (such as a summarized version of your resume, your interview answers, or a job description you analyze) is sent to a third-party AI provider (currently Google Gemini) to generate output. Untrusted content is isolated so it cannot manipulate the AI, output is validated before display, and AI-generated content is labeled or grounded in your real data. We do not use your content to train publicly available models, and we minimize what is sent (summaries and clamped text rather than whole files).
5. How We Protect Your Data
Resume text is encrypted at rest (AES-256-GCM). Data is transmitted over HTTPS. Each account's data is isolated, uploads are validated and scanned, and we apply rate limiting, bot protection, audit logging, and prompt-injection defenses. Access to production data is restricted.
6. Sharing Your Information
We do not sell your personal data. We share data only with: (a) service providers who help us run the platform under appropriate safeguards, currently Vercel (hosting), Neon (database), Google (AI processing), Resend (email delivery), Stripe (payments), and, where configured, Supabase (file storage); (b) coaches you explicitly engage: a coach you book sees what is needed for the session, and if you join a coach's cohort with an invite code, that coach sees your summary progress only (readiness score, target role, interview and application counts, last active date), never your resumes, transcripts, or messages, and you can leave a cohort at any time from your Profile, which stops the sharing immediately; and (c) authorities where required by law.
7. Emails, Notifications, and Reminders
Beyond account emails (verification, password reset), we send: a weekly progress summary only in weeks you were active, which you can turn off in your Profile; follow-up reminders on dates you set in your Application Tracker, which stop when you clear the date; and interview reminders from your own calendar entries. In-app notifications mirror these. We never send alerts with nothing real behind them.
8. Browser Extension
The optional ZorixOS Copilot browser extension has its own supplemental policy at /extension/privacy. In short: it connects with a revocable token, talks only to our API, reads a job page only when you ask it to, never auto-submits applications, and contains no third-party analytics.
9. Data Retention
We keep your data while your account is active and as needed to provide the Service. You can delete your account, after which we delete or anonymize your personal data within a reasonable period, except where retention is required by law (for example, billing records). Contacts, offers, and notes you record can be deleted individually at any time inside the app.
10. Your Rights
Depending on your location (for example GDPR/UK GDPR, India's DPDP Act, CCPA), you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to withdraw consent. To exercise these rights, contact us at the address below. You can edit your profile, manage email preferences, leave cohorts, revoke extension tokens, and delete your account within the app.
11. Cookies & Tracking
We use essential cookies for authentication and security (session cookies). We do not use advertising trackers or third-party analytics scripts; the product analytics we keep are first-party event counts used to improve the Service.
12. International Transfers
Your data may be processed in countries other than your own (for example, where our hosting, database, or AI providers operate, primarily the United States). Where required, we use appropriate safeguards for such transfers.
13. Children
The Service is not intended for children under 16 (or the applicable age of digital consent). We do not knowingly collect data from children.
14. Changes & Contact
We may update this policy and will notify you of material changes. For privacy questions or requests, contact mihirsingh994@gmail.com.