Privacy Policy

a. Account Data:

• Email address (required for signup)
• First name and last name
• Full name (derived or user-provided)
• User ID (auto-generated)

b. Profile Information:

• Language preference (English/German)
• Career goals/preferred role
• Industry
• Experience level
• Onboarding completion status

c. Subscription & Billing Data:

• Stripe customer ID
• Stripe subscription ID
• Subscription status (active/canceled)
• Subscription end date
• Payment history (amounts, currency, invoice URLs, payment status)
• Pro subscription status (is_pro boolean)

d. Email Marketing Data:

• Mailing list subscription status
• Email verification status
• Subscription source (maintenance page, etc.)
• Unsubscribe tokens

e. Usage & Technical Data:

• Audio data: Voice recordings temporarily processed for speech-to-text conversion
• Email content: Draft emails processed by AI for enhancement (temporarily)
• Session data: Authentication sessions and tokens
• Metadata: Account creation/update timestamps
• IP address, browser, OS, device type
• Feature interactions, session logs
• Analytics via Google Analytics and Vercel
• Authentication logs via Supabase

f. Cookies and Tracking:

• Authentication cookies: sb-session, sb-access-token, sb-refresh-token (1 week duration)
• HttpOnly, Secure, SameSite cookies for security
• Used for performance, session continuity, and analytics
• You can control cookies via browser settings or our cookie consent manager

a. Types of Data Processed by AI

Our AI features may process the following data:

• Resume content
• Interview responses
• Career goals and educational history
• Speech assessments and feedback
• Uploaded documents and writing samples

b. Third-Party AI Providers and API Usage

We use OpenAI's API to power certain AI features. We may add additional providers in the future without prior notice. These providers may receive your input data to generate AI responses.

• Data may be used by third-party providers (e.g., OpenAI) to improve their models, except for sensitive personal identifiers such as email address, phone number, or address—unless you explicitly add such information via tools like EnhanceMail.

Third-party AI providers include:

• OpenAI Privacy Policy (https://openai.com/policies/privacy-policy)
• Additional providers may be listed in future updates.

c. Automated Decision-Making and Profiling

AI features may evaluate or score:

• Resume quality
• Interview responses
• Language proficiency
• Career match insights

These processes may influence career feedback or suggestions.

You may request:

• Human review of AI-based decisions
• Opt-out of profiling where applicable

d. AI Data Retention

• AI chat logs and feedback are stored for 90 days to improve user experience and allow for review.
• You may request deletion at any time by contacting support@provocis.com.

e. User Control Over AI Data

You can download or delete:

• Resume analysis results
• Interview feedback
• AI chat history
• Any training logs associated with your profile

f. Explainability of AI Decisions

Wherever AI scoring or suggestions occur, we will:

• Provide a brief explanation within the feature
• Or link to a detailed guide explaining how the AI evaluated your input

g. Security of AI Training Data

• We do not fine-tune or directly train AI models on your personal data.
• If user input is ever used to improve AI performance, it is:
• • Anonymized before use
• • Access restricted to authorized team members
• • Stored securely with audit logging

h. Beta/Experimental Features

Some AI features may be marked as beta. These may:

• Store anonymized data to improve feature accuracy
• Behave differently from finalized features

You will be notified when using beta tools. Continued use indicates acceptance of potential data usage for development purposes.

Supabase (Database and Authentication)

• Stores: All user data, profiles, payment history
• Location: Specified in Supabase project settings
• Privacy: Supabase Privacy Policy (https://supabase.com/privacy)
• Security: Encrypted connections, Row Level Security (RLS)

Stripe (Payment Processing)

• Shares: Email, user ID, customer metadata
• Purpose: Subscription billing and payment processing
• Privacy: Stripe Privacy Policy (https://stripe.com/privacy)
• Webhooks: Receives payment events for subscription management

OpenAI (AI Services)

• Shares: Email content, transcriptions
• Purpose: Email enhancement and AI assistance
• Model: GPT-3.5-turbo
• Privacy: OpenAI Privacy Policy (https://openai.com/policies/privacy-policy)
• Data Retention: As per OpenAI's data retention policy

Google Cloud (Speech-to-Text)

• Shares: Audio recordings
• Purpose: Speech-to-text conversion
• Privacy: Google Cloud Privacy Policy (https://cloud.google.com/terms/cloud-privacy-notice)

Resend (Email Service)

• Shares: Email addresses, names
• Purpose: Transactional emails (welcome, payment confirmation, cancellation notices)
• Privacy: Resend Privacy Policy (https://resend.com/legal/privacy-policy)

Vercel (Hosting and Analytics)

• Analytics tracking (@vercel/analytics)
• Speed insights (@vercel/speed-insights)
• Privacy: Vercel Privacy Policy (https://vercel.com/legal/privacy-policy)

Email Communication

We send the following automated emails:

• Welcome emails (upon subscription purchase)
• Payment confirmation emails (recurring billing)
• Failed payment emails
• Subscription cancellation emails
• Mailing list emails (if subscribed)

Opt-out: Users can unsubscribe from mailing lists via unsubscribe tokens included in all marketing emails.

Legal Disclosure

• Authorities: If required by law from law enforcement or court order
• Future Acquirers: In the event of a merger, acquisition, or asset sale

We never sell your personal data to third parties for marketing purposes.

For a complete list of all third-party services that process your data, please see our Subprocessor List (/subprocessors).

EEA / United Kingdom / Switzerland:

• Access, correct, delete, or transfer your data
• Object to or restrict processing
• Contact your data protection authority

California (CCPA / CPRA):

• Know what data is collected/shared
• Request deletion
• Opt-out of profiling and automated decision-making

Canada (PIPEDA):

• Access and correct personal data
• Withdraw consent

Brazil (LGPD):

• Access, deletion, correction, anonymization, or withdrawal of consent

Australia (APPs):

• Request access and corrections
• File complaints with the OAIC