Privacy Policy

1. Introduction

Gephra Career ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service"). This policy applies to all users of Gephra Career, a product of Gephra Ltd.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Full name (optional)
• Password (encrypted and hashed)
• Account preferences and settings

2.2 Resume Data

When you use our resume optimization features, we may collect:

• Resume content (text, structure, formatting)
• Job descriptions you provide
• Optimization history and scores
• Application tracking data

Important: We only store your resume data if you explicitly choose to save it. You can opt out of storage at any time during the upload process.

AI Processing: We use artificial intelligence to analyze and optimize your resume content. The AI processes your information to generate optimized versions, recommendations, and insights. You should always review AI-generated content for accuracy before using it.

2.3 Usage Data

We automatically collect certain information about how you use our Service:

• IP address and device information
• Browser type and version
• Pages visited and time spent
• Feature usage and interactions
• Error logs and performance data
• Session tracking information
• User actions and events (e.g., signup, login, resume upload)

This data helps us improve our Service and user experience. We collect analytics on user-facing pages to understand how our Service is used.

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and authentication
• Remember your preferences
• Analyze usage patterns (anonymized)
• Improve our Service

You can control cookies through your browser settings, though this may affect Service functionality.

2.5 Feedback Data

When you provide feedback through our feedback module, we collect:

• Net Promoter Score (NPS) ratings (0-10 scale)
• Text feedback and comments
• Optional contact information (if you choose to provide it)

Feedback is optional and can be deleted upon request. We use feedback to:

• Improve our Service and user experience
• Identify product issues and feature requests
• Measure user satisfaction
• Generate anonymized analytics and reports

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process your resume optimization requests
• Generate ATS scores and recommendations
• Send you service-related communications
• Respond to your inquiries and support requests
• Detect, prevent, and address technical issues
• Comply with legal obligations
• Protect our rights and prevent fraud

We do not: Sell your personal information to third parties. We do not use your resume data for advertising or marketing purposes without your explicit consent.

3.5 Email Communications

We send the following types of emails:

Promotional Emails (you can unsubscribe):

• Product updates and feature announcements
• Tips and best practices
• Service-related communications

You can unsubscribe from promotional emails at any time by clicking the unsubscribe link in any promotional email or by contacting us at privacy@gephra.com.

Transactional Emails (required for service):

• Account verification emails
• Password reset emails
• Security notifications
• Service-related updates (e.g., resume processing complete)

You cannot unsubscribe from transactional emails as they are necessary for Service operation.

Email Tracking: We track email opens and link clicks for promotional emails to improve our communications. This data is used for analytics and campaign optimization. Email service provider: Resend (see Section 6.1 for their privacy policy).

4. Data Storage and Security

4.1 Storage Location

Your data is stored securely using Supabase, a cloud-based platform with data centers that comply with international security standards. Data may be stored in regions outside your country of residence.

4.2 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption in transit (HTTPS/TLS) and at rest
• Row-Level Security (RLS) policies for database access
• Secure authentication and password hashing
• Regular security audits and updates
• Access controls and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

4.3 Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this policy, unless a longer retention period is required by law. When you delete your account, we permanently delete your personal data within 30 days, except where we are required to retain it for legal purposes.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

To exercise these rights, please contact us at privacy@gephra.com. We will respond to your request within 30 days.

6. Data Sharing and Third-Party Services

6.1 Third-Party Service Providers

We use trusted third-party services to operate our Service:

• Supabase: Database, authentication, and file storage. Their privacy policy: supabase.com/privacy
• OpenRouter: AI processing for resume optimization. Their privacy policy: openrouter.ai/privacy
• Resend: Email delivery service for transactional and promotional emails. Their privacy policy: resend.com/legal/privacy-policy

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

6.2 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We only share your information as described in this policy or with your explicit consent.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by relevant data protection authorities
• Compliance with GDPR and other applicable data protection laws
• Security measures as described in Section 4

8. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending you an email notification (for significant changes)

Your continued use of our Service after changes become effective constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

11. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority
• Right to restriction of processing
• Right to data portability

Our legal basis for processing your data includes: (1) your consent, (2) performance of a contract, (3) compliance with legal obligations, and (4) legitimate interests (service improvement, security).

If you wish to exercise your GDPR rights or have concerns about our data processing, please contact us at privacy@gephra.com.