Privacy Policy

Career Lift is an AI-powered resume generation service. When we refer to “Career Lift”, “we”, “us”, or “our” in this policy, we mean the operator of this Service. For privacy enquiries, contact us at support@example.com.

We collect the following categories of personal data when you use the Service:

• Account data— email address and password (hashed) when you register. If you sign in via Google, we receive your name and email from Google's OAuth service.
• Profile data — full name, professional summary, work experience, education, skills, and projects that you enter into your profile.
• Resume content — job descriptions you paste, job titles you specify, and the AI-generated resumes produced for you.
• Payment data — for Pro Plan purchases, we collect order and payment status records. Card or UPI details are processed entirely by Razorpay; we do not store raw payment credentials.
• Usage data — plan tier, credit balance, and timestamps of resume generations.

We use your data for the following purposes:

• Resume generation — your profile and job description are sent to an AI model to produce a tailored resume.
• Account management — to authenticate you, manage your subscription, and deliver the Service.
• Service improvement — aggregated, anonymised usage patterns may inform product decisions. We do not use your personal resume content for AI model training without explicit consent.
• Transactional communications — order confirmations and essential service notifications sent to your registered email.

To generate resumes, we pass your profile data and job description to third-party AI providers. Specifically:

• Free Plan — requests are routed through OpenRouter to open-source language models (e.g., LLaMA 3).
• Pro Plan— requests are routed through OpenRouter to Anthropic's Claude models.

These providers process your data under their own privacy policies and data processing agreements. We recommend reviewing OpenRouter's and Anthropic's privacy policies for details on how they handle inference data.

We do not knowingly share data with providers for purposes beyond inference (e.g., training).

All payments are processed by Razorpay, which supports UPI, cards, net banking, and international card payments (Visa, Mastercard, Amex). Razorpay is PCI-DSS compliant and handles all sensitive payment information. Career Lift receives only payment status and order identifiers — never raw card numbers or UPI credentials.

We use HTTP-only cookies to maintain authenticated sessions for admin users. Client users store authentication tokens in browser local storage. These are used exclusively for authenticating API requests and are never shared with third parties.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

We retain your account data and generated resumes for as long as your account is active. You may request deletion of your account and associated data at any time by emailing support@example.com. We will process your request within 30 days.

We implement industry-standard security measures including:

• Passwords stored using bcrypt hashing (never in plain text).
• All data in transit encrypted via TLS/HTTPS.
• Database hosted on a managed, access-controlled PostgreSQL instance.
• JWT-based authentication with short-lived access tokens (15 minutes).

We do not sell, rent, or trade your personal data to third parties.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict certain processing.

To exercise any of these rights, contact us at support@example.com.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. Continued use of the Service after the effective date constitutes acceptance of the revised policy.