Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

• Account data: Name, email address, and password
• Career profile data: Work experience (job titles, companies, dates, descriptions), education history, skills, certifications, and career preferences
• Uploaded documents: Resumes, cover letters, and other career-related files
• AI coaching conversations: Messages you exchange with AI coaching personas (Maya, Campbell, Morgan, and Juno)
• Goal and milestone data: Career goals, progress updates, milestones, and reflections
• Job search data: Job descriptions you submit for analysis, application tracking data, culture fit preferences, and job match results
• Payment information: Billing details processed securely through Stripe (we do not store credit card numbers, bank account numbers, or full payment card details on our servers)

1.2 Information Collected Automatically

• Usage data: Pages visited, features used, session duration, and interaction patterns
• Device information: Browser type, operating system, and screen resolution
• Log data: IP addresses, access times, and referring URLs
• Cookies and similar technologies: As described in Section 7 and our Cookie Policy

1.3 Information Generated by the Platform

• AI-generated coaching insights, goal analyses, and recommendations
• Job match scores and skill gap analyses
• AI-generated resumes, cover letters, and action plans
• Conversation summaries and session metadata
• Activity logs tracking feature usage

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Platform and its features
• Deliver personalized AI coaching conversations and career guidance
• Generate AI-powered documents (resumes, cover letters), job analyses, and goal insights
• Process payments and manage your subscription
• Send service-related communications (account confirmations, billing notices, security alerts, trial expiration reminders)
• Analyze Platform usage to improve user experience and develop new features
• Enforce our Terms of Service and protect against misuse
• Comply with legal obligations

We do not use your personal information to: sell to third parties, serve targeted advertising, build marketing profiles for external parties, or make automated decisions that produce legal effects concerning you.

3. AI Data Processing

3.1 How AI Processing Works

When you use AI-powered features (coaching conversations, resume generation, cover letter generation, job analysis, goal insights, resume parsing), relevant portions of your data are transmitted to our AI providers for processing. We use Anthropic (Claude) as our primary AI provider and Google (Gemini) as a fallback provider to ensure service availability. This includes:

• Coaching conversations: Your messages and relevant career context needed to generate personalized responses
• Document generation: Your work experience, education, skills, and target job description needed to generate resumes and cover letters
• Job analysis: Job descriptions you submit and your career profile data needed to calculate match scores
• Goal insights: Your goal and milestone data needed to generate SMART scoring and recommendations
• Resume parsing: The resume file you upload, needed to extract structured data (experience, education, skills)

We transmit only the data contextually necessary for each specific AI interaction — we do not send your complete profile for every request.

3.2 AI Provider Data Practices

Anthropic (Primary Provider)

• No model training: Anthropic does not use data submitted through its commercial API to train or improve its AI models.
• Data retention: Anthropic retains API inputs and outputs for up to 30 days for safety monitoring, abuse prevention, and debugging purposes, after which the data is deleted. (This retention period is subject to change per Anthropic’s policies.)
• Sub-processors: Anthropic uses cloud infrastructure providers (including Amazon Web Services and Google Cloud Platform) to process API requests. For full details, see Anthropic’s Privacy Policy at anthropic.com/privacy.

Google (Fallback Provider)

• No model training: Google does not use data submitted through the paid Gemini API to train or improve its AI models.
• Data retention: Google’s data retention for the Gemini API is governed by the Gemini API Terms of Service.
• When used: Your data is only sent to Google when Anthropic’s service is unavailable. During normal operation, all requests are processed by Anthropic.

3.3 AI Output Accuracy

AI-generated outputs may contain inaccuracies, errors, or fabricated information. We do not independently verify AI outputs before displaying them to you. You are responsible for reviewing all AI-generated content before relying on it. See our AI Disclosure and Section 6 of our Terms of Service for full AI disclaimers.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

4.1 Service Providers (Sub-Processors)

We use the following third-party services to operate the Platform:

Each provider accesses only the data necessary to perform its functions and is bound by its respective data processing terms.

4.2 Other Disclosures

• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such transfer via email or prominent notice on the Platform.
• Safety and rights protection: We may disclose information when we believe it is necessary to protect the safety, rights, or property of Modern Compass LLC, our users, or others.
• With your consent: We may share information when you explicitly direct us to do so.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Platform. Specific retention periods:

When you delete your account, all associated personal data is permanently removed through cascading deletion within 30 days. Some data may persist in encrypted backups for up to 30 additional days before being purged.

6. Data Security

We implement industry-standard security measures to protect your data, including:

• Row Level Security (RLS) policies on all database tables ensuring users can only access their own data
• Encrypted data in transit (TLS/HTTPS) and at rest
• Authentication via Supabase Auth with secure session management
• Automated security scanning in our development pipeline
• Rate limiting on AI-powered features to prevent abuse
• Input validation and sanitization on all user-submitted data

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use cookies that are strictly necessary for the Platform to function, including authentication session cookies and payment fraud prevention cookies. These cookies cannot be disabled.

7.2 Analytics Cookies

With your consent, we use Google Analytics 4 to collect anonymized usage data that helps us improve the Platform. Analytics cookies are only activated if you click “Accept All” on the consent banner or enable analytics in your cookie preferences. We never use analytics data to identify you personally.

7.3 Cookies We Do Not Use

We do not use: advertising cookies, retargeting pixels, social media tracking cookies, or cross-site tracking of any kind. We do not sell or share cookie data with advertisers.

7.4 Managing Cookies

You can change your analytics cookie preference at any time by clicking the “Cookie Preferences” link in the site footer. You can also control cookies through your browser settings. Disabling essential cookies may prevent you from using the Platform.

For a complete list of cookies we use, their purposes, and durations, see our Cookie Policy.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information. You can also delete your account directly through your account settings.
• Data portability: Request your data in a structured, machine-readable format.
• Restrict processing: Request that we limit how we use your data.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
• Opt out of communications: Unsubscribe from non-essential emails at any time.

To exercise these rights, please contact us at privacy@moderncompass.ai. We will acknowledge your request within 5 business days and fulfill it within 30 days. If we need additional time, we will notify you of the extension and the reason.

We will not discriminate against you for exercising any of these rights.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know: You may request the categories and specific pieces of personal information we have collected about you.
• Right to delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt out of sale or sharing: We do not sell or share your personal information as defined under the CCPA/CPRA.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

Note: The CCPA applies to businesses meeting certain revenue and data processing thresholds. While Modern Compass may not currently meet these thresholds, we extend these rights to all California residents as a matter of good practice.

To exercise your California privacy rights, contact us at privacy@moderncompass.ai or submit a request through your account settings.

10. European Economic Area, UK, and Swiss Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:

10.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract performance: Processing necessary to provide the Platform and fulfill our obligations under the Terms of Service (account data, career profile data, AI processing, payment processing).
• Legitimate interests: Processing for Platform improvement, security, and fraud prevention, where our interests do not override your rights.
• Consent: Where you have provided explicit consent, such as for analytics cookies or optional communications.

10.2 Additional Rights

In addition to the rights listed in Section 8, you have the right to:

• Object to processing: Object to processing based on legitimate interests.
• Lodge a complaint: File a complaint with your local data protection supervisory authority.

10.3 International Data Transfers

Your data is processed and stored primarily in the United States. We rely on the following mechanisms for international data transfers: (a) Standard Contractual Clauses (SCCs) incorporated into our agreements with sub-processors; and (b) adequacy decisions where applicable.

10.4 Data Protection Officer

For GDPR-related inquiries, contact us at privacy@moderncompass.ai. We will evaluate the need for a formal Data Protection Officer as our user base grows.

11. Children’s Privacy

Modern Compass is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will take steps to delete it promptly. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@moderncompass.ai.

12. International Data Transfers

Your information may be processed and stored in the United States or other countries where our service providers operate. By using the Platform, you acknowledge that your information may be transferred to jurisdictions that may have different data protection laws than your country of residence. We take steps to ensure that your data receives an adequate level of protection wherever it is processed, including through the use of Standard Contractual Clauses and other appropriate safeguards.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by: (a) posting the updated policy on the Platform with a revised “Last Updated” date; and (b) sending an email notification for significant changes. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: