Privacy Policy

1. Information We Collect

Personal Information You Provide

• CV and Resume Data: Professional experience, education, skills, contact information
• Account Information: Email address, password (encrypted), preferences
• Profile Data: Job preferences, salary expectations, location preferences
• Communication Data: Messages, support requests, feedback

Automatically Collected Information

• Usage Analytics: How you interact with our platform (via Google Analytics, Microsoft Clarity, PostHog)
• Technical Data: IP address, browser type, device information, session data
• Performance Data: Page load times, error logs, system performance metrics

2. How We Use Your Information

Primary Uses (Job Matching)

• Analyze your CV using AI to identify skills and experience
• Match you with relevant job opportunities in real-time
• Generate personalized cover letters and application materials
• Provide salary insights and market value estimates
• Offer interview preparation and career guidance

Service Improvement

• Improve our AI matching algorithms through service optimization
• Enhance platform performance and user experience
• Develop new features based on usage patterns
• Provide customer support and technical assistance

3. Data Security Measures

Encryption & Storage

• Encryption at Rest: All data stored using AES-256 encryption
• Encryption in Transit: TLS 1.3 for all data transmission
• Secure Infrastructure: Hosted on Cloudflare and Vercel with enterprise-grade security
• Database Security: Multi-layer database encryption and access controls

Access Controls

• Multi-factor authentication for all team access
• Role-based access controls with principle of least privilege
• Regular security audits and penetration testing
• 24/7 security monitoring and threat detection

Privacy by Design

• Data minimization - we only collect what's necessary
• Purpose limitation - data used only for stated purposes
• Storage limitation - automatic deletion when no longer needed
• Transparency - clear communication about data practices

4. Third-Party Services

We work with trusted partners who meet our strict security and privacy standards:

All third-party services are bound by strict data processing agreements and comply with GDPR requirements.

5. Your Privacy Rights

Data Access & Control

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct any inaccurate or incomplete information
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your personal data
• Objection: Object to processing based on legitimate interests

How to Exercise Your Rights

Contact us at equipa@okemprego.com to exercise any of these rights. We will respond within 30 days and verify your identity before processing requests.

6. Data Retention

We retain your data for specific periods based on the type of information and legal requirements:

• CV and Profile Data: Until account deletion + 30 days for system cleanup
• Billing Data: 7 years from last transaction (UK tax law requirement)
• Analytics Data: 26 months, then anonymized/aggregated
• Support Communications: 3 years for quality assurance
• Legal Compliance Data: As required by applicable law (GDPR, tax regulations)
• OpenAI Processing: Data sent to OpenAI is retained for 30 days for safety monitoring

7. International Data Transfers

Your data may be processed in the United Kingdom, European Union, and United States. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions where available
• Additional safeguards for sensitive data
• Regular compliance assessments

8. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for platform functionality
• Analytics Cookies: Understanding usage patterns (can be disabled)
• Preference Cookies: Remembering your settings and preferences

You can control cookie preferences through your browser settings or our cookie consent banner.

9. Children's Privacy

Our services are designed for individuals aged 16 and older. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately.

10. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or platform notification at least 30 days before they take effect.

11. Contact Information