Privacy Policy

Last Updated: August 29, 2025

Effective Date: August 29, 2025

1. Introduction

This privacy policy ("Policy") describes how Jacob Brown trading as CareerDraft ("Company", "CareerDraft", "we", "us", “our”) collects, uses, and shares personal information of consumer users of our website, careerdraft.app (the "Site"), as well as all associated products and services (together, the "Services").

This Policy applies to personal information we collect through the Site and our Services, as well as personal information you provide to us directly. Please note that by using the Site or the Services, you accept the practices and policies described in this Policy and you consent that we will collect, use, and share your personal information as described below.

If you do not agree to this Policy, please do not use the Site or the Services.

2. Personal Information We Collect

We collect personal information about you in several different ways when you use our Services.

a. Information You Provide to Us We collect personal information that you provide directly to us, which may include the following categories depending on how you use our Services:

General Identifiers: Your full name, email address, and account credentials
User Content: All professional and personal information you provide when using the Service, such as your prompts, employment history, education, skills, qualifications, and other content you upload or generate for resumes, cover letters, and other career documents.
Protected Characteristics: You may choose to include information in your User Content that could be considered a protected characteristic under certain laws, such as age, race, gender, or marital status. We only process this information as part of the User Content you provide.
Commercial Information: Billing details used to process payments, such as your name and billing address, as well as your payment and subscription history.
Communications: Information you provide when you contact us for support or provide feedback on the Service.

b. Information We Collect Automatically We automatically log information about you and the device you use to access the Services.

Online Identifiers: Your device's operating system type and version, browser type, screen resolution, Internet Protocol (IP) address, device identifier, the website you visited before browsing our Site, and general location information (e.g., city or geographic area).
Cookies: We log information using "cookies", which are small data files stored on your device. We may use both session Cookies (which expire when you close your browser) and persistent Cookies (which remain until you delete them) to provide a more personal and interactive experience. For more detail, please see Section 5 below.
Analytics Information: We may use analytics tools to help analyse how users use the Services. These tools use Cookies to collect information such as how often users visit, what features they use, and what other sites they used prior to coming to our Site. We use this information only to improve our Services.

3. How We Use Your Personal Information and Why

We use your personal information for the purposes detailed below.

a. To Provide the Services and Personalise Your Experience We use your personal information to operate, maintain, and provide the Services to you. This processing includes using third-party service providers.

Why? We have a contract to provide a the Service to you, as per our Terms of Service.

b. Research and Development We may use your personal information for research and development purposes, including analysing and improving the Services, our Site, and our business.

Why? Legitimate Interests. We want to improve our Services to offer a better experience to our users.

c. Marketing We may use your personal information to send you marketing communications.

Why? We will only send you marketing communications with your consent (you can change is in the Service).

d. Compliance and Protection We may use your personal information to comply with legal requirements and protect the rights and safety of our company, our users, and others.

Why? Compliance with a Legal Obligation. We may be required to process your data to comply with laws, regulations, or lawful requests.

We may disclose your personal information to the following categories of third parties:

a. Third-Party Service Providers We provide your personal information to third-party service providers that help us operate our business and provide the Services. These include:

Amazon Web Services (AWS): We use AWS for web hosting and authentication services (AWS Cognito). You can view the AWS privacy notice here: https://aws.amazon.com/privacy/
Turso: We use Turso for database hosting and management. You can view the Turso privacy policy here: https://turso.tech/privacy-policy
Stripe: We use Stripe for payment processing. You can view the Stripe privacy policy here: https://stripe.com/privacy

b. AI Providers We use third-party AI providers to power the AI features of our Service. When you use these features, we send the necessary User Content to their servers to process your request. Our AI providers include, but are not limited to:

OpenAI (OpenAI OpCo, LLC): You can view OpenAI’s privacy policy here: https://openai.com/policies/privacy-policy
Google (Google, Inc.): You can view Google’s privacy policy here: https://policies.google.com/privacy
Anthropic (Anthropic, PBC): You can view Anthropic’s privacy policy here: https://www.anthropic.com/legal/privacy
xAI (X.AI, LLC): You can view xAI’s privacy policy here: https://x.ai/legal/privacy-policy

c. Other Disclosures We may disclose your personal information if we believe in good faith that it is necessary to comply with relevant laws, respond to subpoenas, protect the rights or property of CareerDraft, or prevent any violation of the law or our Terms of Service.

5. Your Choices and Data Subject Rights

a. Your Choices

Email Communications: When you receive promotional communications from us, you may “opt-out” by following the unsubscribe instructions in the email or by changing your account settings. Despite your preferences, we may still send you essential, non-promotional communications regarding your account or our Services.
Cookies: You can typically instruct your browser to stop accepting cookies or to prompt you before accepting a cookie. Consult your browser's technical information for instructions. If you do not accept cookies, however, you may not be able to use all portions or functionality of the Services.

b. Your Data Protection Rights (EEA, UK, and Switzerland) If you are a resident of the EEA, UK, or Switzerland, you have the following data protection rights:

Right to Access: The right to request copies of your personal data.
Right to Rectification: The right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure (Right to be Forgotten): The right to request that we erase your personal data, under certain conditions.
Right to Restriction of Processing: The right to request that we restrict the processing of your personal data, under certain conditions.
Right to Object to Processing: The right to object to our processing of your personal data, under certain conditions.
Right to Data Portability: The right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection authority about our collection and use of your personal data.

To exercise these rights, please contact us at privacy@careerdraft.com. You can also access and update much of your personal information directly through your account settings.

6. Data Retention

We retain personal data for as long as you have an open account with us or as otherwise necessary to provide our Services. Upon account termination, we will delete your core User Content and personal profile data within 30 days.

We may retain personal data for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable legal, tax, or accounting requirements. For example, we will retain commercial information for up to 7 years to comply with Australian tax law. We may also retain your data in a de-identified format for research and development purposes.

7. Security Of Your Personal Information

We are committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your data from unauthorised access, use, or disclosure. However, no method of transmission over the internet is 100% secure. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security.

8. International Data Transfers

Our Services are supported by a global infrastructure. To provide you with a fast and reliable service, your personal information may be transferred to, stored, and processed in various countries around the world, including Australia, the United States, and countries in Europe and Asia. The data protection laws of these countries may differ from those in your country of residence. Regardless of where your information is processed, we take appropriate measures to ensure its protection.

9. Children

Our Services are not intended for children under 13 years of age, and you must be at least 13 years old to have our permission to use the Services. We do not knowingly collect personally identifiable information from children under 13. If you believe we have collected such information, please contact us so we can take appropriate action.

10. Do Not Track

We currently do not support the Do Not Track (DNT) browser setting or respond to DNT signals.

11. Updates To This Privacy Policy

We reserve the right to change this Privacy Policy at any time. If we make material changes, we will post the revised version on our Site and update the "Last Updated" date at the top of this Policy. Your continued use of the Services after such changes will constitute your acceptance of the new Policy.