Privacy Policy

We collect information you provide directly to us and information generated through your use of PathfAI.

Account Information: When you create an account, we collect your email address and password (stored as a secure hash).

CV & Career Data: When you use our CV scoring, CV builder, or career coaching features, we process the content you upload or enter — including work history, education, skills, and career goals. This data is used solely to deliver the service.

Usage Data: We automatically collect information about how you interact with PathfAI, including pages visited, features used, session duration, and clickstream data. This helps us improve the product.

Payment Information: If you subscribe to PathfAI Pro, payment is processed by Stripe. We do not store your credit card number or CVV — only a Stripe customer ID and subscription status.

Communications: If you contact us for support, we retain those communications to resolve your request and improve our service.

We use the information we collect to:

- Provide, maintain, and improve PathfAI's features and functionality - Personalize your experience — for example, Dr. Morgan uses your CV and career goals to generate tailored coaching advice - Process transactions and send billing-related communications - Send weekly progress digests and product updates (you can unsubscribe at any time) - Detect and prevent fraud, abuse, and security incidents - Comply with legal obligations - Respond to your requests and provide customer support

We do not sell your personal data to third parties. We do not use your CV content to train AI models without explicit consent.

PathfAI integrates with the following third-party services to deliver its functionality:

OpenAI: AI-powered features (career coaching, CV scoring, interview preparation) are powered by OpenAI's API. Content you submit to these features is processed by OpenAI subject to their data processing agreement. We have a DPA in place with OpenAI that restricts them from using your data to train their models.

Supabase: We use Supabase for database storage and authentication. Your account data and career information are stored in Supabase's infrastructure, hosted on AWS. Data is encrypted at rest and in transit.

Stripe: Payment processing is handled by Stripe. When you subscribe to PathfAI Pro, your payment information is collected and stored by Stripe under their Privacy Policy. We receive only a token and subscription status.

Resend: We use Resend to send transactional emails (welcome emails, weekly digests). Your email address is shared with Resend for this purpose.

Each of these providers is contractually obligated to protect your data and use it only for the purpose of providing services to PathfAI.

We take the security of your data seriously and implement industry-standard measures:

- All data in transit is encrypted using TLS 1.2 or higher - Passwords are hashed using bcrypt and never stored in plaintext - Database access is restricted to authorized services only - We conduct regular security reviews of our infrastructure - Access to production systems is limited to essential personnel

Despite these measures, no system is completely secure. If you believe your account has been compromised, please contact us immediately at privacy@pathfai.com.

Depending on your location, you may have the following rights regarding your personal data:

Access: You can request a copy of the personal data we hold about you.

Correction: You can update or correct inaccurate data through your account settings or by contacting us.

Deletion: You can request deletion of your account and associated data at any time. Go to Settings → Delete Account, or email privacy@pathfai.com. We will delete your data within 30 days, except where retention is required by law.

Data Portability: You can request an export of your career data (CV content, coaching history) in a machine-readable format.

Opt-out of Marketing: You can unsubscribe from marketing emails at any time using the unsubscribe link in any email we send.

Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at privacy@pathfai.com. We will respond within 30 days.

We retain your personal data for as long as your account is active or as needed to provide you services. Specifically:

- Account data is retained for the lifetime of your account plus 90 days after deletion - CV content and coaching data is deleted within 30 days of account deletion - Payment records are retained for 7 years for tax and legal compliance purposes - Anonymized, aggregated usage analytics may be retained indefinitely

You may request early deletion of specific data types by contacting privacy@pathfai.com.

PathfAI uses cookies and similar tracking technologies to operate and improve the service.

Essential Cookies: Required for authentication and session management. These cannot be disabled without breaking core functionality.

Analytics Cookies: We use anonymized analytics to understand how users interact with PathfAI. No personally identifiable information is included in analytics data.

Preference Cookies: Used to remember your settings and preferences across sessions.

You can control cookie settings through your browser. Disabling cookies may affect the functionality of some features.

PathfAI is intended for users who are 16 years of age or older. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact privacy@pathfai.com.

PathfAI is operated from and your data may be processed in countries outside your own, including the United States and the European Union. We rely on standard contractual clauses approved by the European Commission for transfers of personal data from the EEA to third countries.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice in the app at least 14 days before the change takes effect. Continued use of PathfAI after the effective date constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@pathfai.com Response time: We aim to respond to all privacy-related inquiries within 5 business days.