OpenCareerAI
OpenCareerAI
Legal

Privacy Policy

Last updated: March 2026

OpenCareerAI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights in relation to it. By using OpenCareerAI ("the Service"), you agree to the practices described in this policy.

1. Data We Collect

We collect the following categories of personal data:

  • Account Information: Name, email address, and hashed password (or OAuth tokens if you sign in via Google or LinkedIn).
  • Profile Data: Phone number, skills, work experience, education history, certifications, professional summary, and any other information you voluntarily add to your profile.
  • Resume Data: Uploaded resume files (PDF, DOCX), AI-extracted resume content, and AI-generated resume drafts.
  • Interview Data: Mock interview responses, voice input (processed locally via Web Speech API — see Section 3), and AI-generated interview feedback.
  • Code Submissions: Code written and submitted in the coding practice editor, along with AI code review feedback.
  • Career Preferences: Target roles, industries, preferred locations, salary expectations, and career goals you specify.
  • Payment Information: Transaction records, plan type, and billing history. We do not store your credit or debit card numbers — all payment data is processed exclusively by Razorpay.
  • Usage Data: Job searches, saved jobs, feature interactions, AI feature usage counts, session duration, and access timestamps.
  • Device & Technical Data: IP address, browser type and version, operating system, device identifiers, and referral URLs.

2. How We Use Your Data

  • To provide, operate, and maintain the Service — including job matching, resume building, interview prep, skill gap analysis, and coding practice.
  • To personalise AI-generated content and recommendations based on your profile, preferences, and usage history.
  • To process payments and manage subscriptions and add-on purchases via Razorpay.
  • To send transactional emails such as OTP verification codes, password reset links, payment receipts, and subscription renewal notices.
  • To enforce usage limits, detect abuse, and prevent fraud or unauthorised access.
  • To analyse aggregate and anonymised usage patterns and improve the platform.
  • To comply with legal obligations, respond to lawful requests from authorities, and protect our rights.

We do not sell your personal data to third parties. We do not use your data for advertising networks or share it with employers unless you have explicitly opted in to recruiter visibility.

3. Third-Party Data Processors

By using the Service, you acknowledge and consent to your data being transmitted to and processed by the following third-party providers. Each is governed by their own privacy policy:

Anthropic (Claude API)

Your resume content, career preferences, interview questions and responses, and coding submissions are sent to Anthropic's Claude API for AI processing (primary AI feature provider). Anthropic Privacy Policy

OpenAI (GPT-4o-mini)

Used for high-volume AI tasks such as batch job matching and skill analysis. Relevant text data is sent to OpenAI's API for processing. OpenAI Privacy Policy

Google (Gemini API)

Powers mastery content generation and certain job matching features. Relevant text data is sent to Google's Gemini API for processing. Google Privacy Policy

Razorpay

Processes all payment card data, billing information, and recurring subscription management. Fully PCI-DSS compliant and regulated by the Reserve Bank of India (RBI). We never store your card details. Razorpay Privacy Policy

Adzuna API

Job search aggregation. Your search query terms, location, and filter preferences are sent to Adzuna's API. Job listings are sourced from Adzuna's database. Adzuna Privacy Policy

Resend

Your email address and the content of transactional emails (OTP codes, password resets, payment receipts, subscription notices) are processed by Resend for delivery. Resend Privacy Policy

Judge0 CE (Code Execution)

Your code submissions from the coding practice editor are sent to a Judge0 CE sandboxed execution environment for compilation and execution. No personally identifiable information is included in code execution requests.

Google OAuth

If you sign in with Google, authentication tokens and basic profile information (name, email, profile picture) are exchanged with Google under their OAuth 2.0 protocol. Google Privacy Policy

LinkedIn OAuth

If you sign in with LinkedIn, authentication tokens and basic profile information (name, email) are exchanged with LinkedIn under their OAuth 2.0 protocol. LinkedIn Privacy Policy

Web Speech API (Voice Input)

Voice input for mock interview features uses the browser-native Web Speech API. Voice audio is processed entirely within your browser and is NOT transmitted to our servers or any third-party service. The transcribed text may be sent to AI providers (Anthropic, OpenAI) as part of the interview evaluation flow.

We are not responsible for the privacy practices, data retention policies, security incidents, or conduct of any third-party provider. We encourage you to review their privacy policies independently.

4. Recruiter Visibility

Your profile and performance statistics are private by default. Verified recruiters on the platform may only view your profile, resume, and career metrics if you have explicitly opted in to recruiter visibility through your account settings. You may revoke this consent at any time from your profile settings. Recruiters may not contact you outside of the platform's designated messaging feature.

5. Cookies & Local Storage

We use cookies and browser local storage to operate the Service. For a full breakdown of the cookies we use and how to manage them, see our Cookie Policy.

6. Data Retention & Deletion

6.1 Active Accounts

We retain your personal data for as long as your account is active. Usage logs are aggregated and anonymised after 90 days.

6.2 Account Deletion

When you delete your account from the Settings page, your account is deactivated immediately. Your data is retained for 30 calendar days to enable account recovery, fraud prevention, and legal compliance. You may contact support@opencareerai.com within this window to restore your account.

6.3 Permanent Deletion

After the 30-day retention period, all personal data — including your profile, uploaded resumes, job interactions, interview data, and coding history — is permanently and irreversibly deleted. Payment transaction records are retained for 7 years as required by Indian financial regulations. Anonymised, aggregated analytics data that cannot identify you may be retained indefinitely.

7. Your Rights

Subject to applicable law, you have the following rights:

  • Access: View the personal data we hold about you via your Profile settings.
  • Correction: Update inaccurate or incomplete information at any time from your Profile settings.
  • Deletion: Delete your account and associated data from the Settings page.
  • Data Export: Request a machine-readable export of your personal data by emailing us.
  • Withdrawal of Consent: Withdraw consent for optional processing (such as recruiter visibility) at any time from your settings.

To exercise any of these rights, email us at privacy@opencareerai.com. We will respond within 30 days.

8. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal data from anyone under 16. If we become aware that a minor has registered, we will promptly delete their account and all associated data.

9. Security Measures

  • All data in transit is encrypted via HTTPS/TLS.
  • Passwords are hashed using bcrypt with a salt and are never stored or transmitted in plain text.
  • Our infrastructure is hosted on AWS in the Mumbai (ap-south-1) region with no public database access.
  • API access is controlled via JWT authentication with short-lived tokens.
  • Rate limiting and abuse detection are applied to all API endpoints.

While we implement reasonable security measures, no internet-based service can guarantee absolute security. In the event of a data breach affecting your personal data, we will notify you as required by applicable Indian law.

10. International Data Transfers

Your data may be processed in jurisdictions outside India — including the United States (Anthropic, OpenAI) and the European Union — when it is transmitted to our third-party AI providers. By using the Service, you consent to such transfers. We ensure that these providers maintain adequate data protection standards through their published data processing agreements.

11. Changes to This Policy

We may update this Privacy Policy at any time. Changes will be posted on this page with a revised "Last updated" date. Your continued use of the Service after any change constitutes acceptance of the revised policy.

12. Contact

For privacy-related inquiries, data requests, or concerns, contact us at: privacy@opencareerai.com