Privacy Policy

1. Data We Collect

We may collect:

• account data, such as name, email address, and authentication information;
• resume, work history, job descriptions, uploaded files, prompts, and generated outputs;
• browser extension data from active job-related pages when the extension is explicitly activated;
• usage data, such as IP address, browser type, device information, API requests, logs, and error telemetry;
• billing metadata, such as subscription status and Stripe customer identifiers;
• support communications and feedback.

We do not intentionally collect raw payment card numbers. Payment card data is processed by Stripe.

2. How We Collect Data

We collect data through:

• direct input from you;
• uploaded files;
• API requests;
• browser extension actions that you initiate;
• application logs and telemetry;
• Stripe billing events and webhooks.

The browser extension does not silently track your background browsing. It is intended to operate when activated by you on relevant job-related pages.

3. How We Use Data

We use data to:

• provide and operate the Service;
• generate resumes and professional content;
• authenticate users;
• maintain accounts;
• process billing and subscription status through Stripe;
• prevent fraud, abuse, unauthorized access, and misuse;
• monitor platform reliability and performance;
• provide support;
• comply with legal obligations.

4. SaaS and AI Data Handling

4.1 Multi-Tenant Isolation

The Service is designed to logically isolate user data by account. Users should not be able to access another user's resumes, jobs, billing state, or account data.

4.2 AI Processing

To generate content, we may transmit User Content, prompts, job descriptions, resume text, and related context to third-party AI providers such as OpenAI, Anthropic, or similar providers.

4.3 No Public Model Training

We do not use your User Content to train public AI foundation models. Where available, we use API-tier provider settings or agreements that restrict providers from using submitted data for public model training.

4.4 AI Output Review

Generated content may be inaccurate or incomplete. You are responsible for reviewing and verifying generated content before using it.

5. Data Sharing and Third-Party Services

We do not sell your personal data.

We may share data with essential service providers, including:

• Stripe, for payments and billing;
• AI providers, for content generation;
• hosting and cloud infrastructure providers;
• analytics, logging, and monitoring providers;
• professional advisors or authorities when required by law.

These providers may process data according to their own terms and privacy policies.

6. Data Retention

We retain User Content while your account is active or as needed to provide the Service.

If you delete your account or request deletion, we will delete or de-identify personal data from active systems within a reasonable period, typically within 30 days, unless retention is required for legal, security, fraud-prevention, backup, or financial record-keeping purposes.

Stripe transaction and billing records may be retained according to Stripe's policies and applicable financial record laws.

7. Data Security

We use reasonable administrative, technical, and organizational safeguards, including encryption in transit and access controls.

No system is completely secure. We cannot guarantee absolute security of data transmitted to or stored by the Service.

8. User Rights

Depending on your location, you may have rights to:

• access personal data;
• correct inaccurate data;
• delete personal data;
• object to or restrict certain processing;
• receive a copy of your data;
• opt out of certain analytics or marketing communications.

To exercise these rights, contact: privacy@pathzeno.com

9. Cookies and Tracking

We may use essential cookies or similar technologies to maintain sessions, authenticate users, and operate the Service.

We may use analytics tools to understand performance and usage. Where required, optional analytics may be disabled through browser settings or consent controls.

10. International Data Transfers

Your data may be processed in [Your Country] and other jurisdictions where we or our service providers operate.

Data protection laws may differ from those in your location.

11. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect personal data from children under 18.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we may notify users through email, dashboard notice, or other reasonable means.