CarveNextBack to Sign Up

Privacy Policy

Last updated: February 2025

1. Introduction

CarveNext ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered career intelligence platform ("Service"). By using CarveNext, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account.
  • Resume Data: Resume content including work experience, education, skills, certifications, and contact information (phone, address, LinkedIn URL) that you upload or enter.
  • Job Preferences: Job search keywords, preferred locations, work mode preferences, and saved job descriptions.
  • Application Data: Job application tracking information, interview notes, recruiter contacts, and feedback.
  • Payment Information: Subscription payments are processed through Stripe. We do not store your credit card information directly.

2.2 Automatically Collected Information

  • Usage Data: Feature usage counts, login frequency, and last active timestamps.
  • Device Information: Browser type, IP address, and device identifiers for security purposes.
  • Cookies: Authentication cookies for session management. We do not use tracking or advertising cookies.

3. How We Use Your Information

  • Provide and maintain the Service, including AI-powered resume analysis, job matching, and interview preparation.
  • Process your resume and career data through AI models to generate personalized insights and recommendations.
  • Process payments and manage your subscription.
  • Send you service-related communications (account verification, plan changes, interview reminders).
  • Improve our Service through anonymized, aggregated analytics.
  • Comply with legal obligations.

4. AI Processing & Third-Party Services

CarveNext uses OpenAI's API to power AI features such as resume analysis, job matching, and interview preparation. When processing your data through AI:

  • PII Scrubbing: We remove personally identifiable information (name, email, phone number, LinkedIn URL) from data before sending it to AI services. Only professional content (skills, experience descriptions, education) is transmitted.
  • No AI Training: Per OpenAI's API terms, data sent via the API is not used to train their models.
  • Data Retention: OpenAI retains API data for up to 30 days for abuse monitoring, after which it is deleted.

Other Third-Party Services

  • Supabase: Authentication and database hosting (data stored in the US).
  • Stripe: Payment processing. Subject to Stripe's Privacy Policy.
  • Vercel: Application hosting.
  • Resend: Transactional email delivery.

5. Data Security

We implement multiple layers of security to protect your data:

  • Encryption in Transit: All data is transmitted over HTTPS/TLS.
  • Encryption at Rest: Sensitive personal fields (phone number, personal email, LinkedIn URL) are encrypted using AES-256-GCM before storage in our database.
  • Infrastructure Encryption: Our database provider (Supabase) encrypts all data at the disk level.
  • Access Controls: Row-level security ensures users can only access their own data.
  • PII Scrubbing: Personal identifiers are removed before data is sent to third-party AI services.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. You may request deletion of your account and all associated data at any time through your account settings. Upon account deletion, all personal data will be permanently removed within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

California Residents (CCPA)

  • Right to Know: Request what personal information we have collected about you.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out: We do not sell your personal information to third parties.
  • Non-Discrimination: We will not discriminate against you for exercising your rights.

EU/EEA Residents (GDPR)

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Portability: Request your data in a portable format.
  • Right to Object: Object to processing of your data for certain purposes.

To exercise any of these rights, please contact us at privacy@carvenext.com.

8. Marketing Communications

We will only send you marketing emails if you explicitly opt in during registration. You can opt out at any time through your account settings or by clicking the unsubscribe link in any marketing email. Service-related communications (account security, payment confirmations, critical updates) may still be sent regardless of your marketing preferences.

9. Children's Privacy

CarveNext is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that we have collected data from a child under 16, we will delete that information promptly.

10. Data Breach Notification

In the event of a data breach that may affect your personal information, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law. Notification will include the nature of the breach, what data was affected, steps we are taking, and recommended actions for you.

11. International Data Transfers

Your data may be processed in the United States, where our servers and third-party service providers are located. By using CarveNext, you consent to the transfer of your data to the United States. We ensure appropriate safeguards are in place for any international data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

CarveNext

Email: privacy@carvenext.com