CareerCraft Uganda

Privacy Policy

How we protect your identity, secure your documents, and handle your data.

Effective Date: June 25, 2026

1. The CareerCraft Uganda Privacy Promise

At CareerCraft Uganda, your privacy isn't just an afterthought - it is the foundational architecture of our platform. Because our users trust us with highly sensitive professional, legal, and academic documents, we operate on a strict **Privacy-First, Zero-Retention** philosophy. This policy explicitly details what little data we collect, how we secure it, and why your documents belong exclusively to you.

Zero Model Training

We explicitly forbid the use of your proprietary data, inputs, or generated documents to train our Large Language Models.

AES-256 Encryption

All database fields, including user profiles and generation metadata, are encrypted at rest using military-grade AES-256.

2. Information We Collect

We collect only the bare minimum data required to operate the service and facilitate billing.

  • Account Data: Your name, email address, and authentication tokens provided by our identity providers (e.g., Google OAuth, Supabase Auth).
  • Billing Data: Transaction history and subscription status. We do not store your credit card numbers. All raw financial data is securely processed by our PCI-DSS compliant payment gateways (Stripe / Local Mobile Money APIs).
  • Generation Metadata: We log the timestamp, document type, and token usage of your generations solely for billing deduction and rate-limiting purposes.

3. How We Process Your Documents

When you request an AI document generation, your input variables are securely transmitted to our LLM clusters via TLS 1.3 encryption.

In-Memory Processing: Your data is processed entirely in-memory. Once the JSON output is compiled and the final file (PDF/DOCX/PPTX) is generated and returned to your browser, the internal prompt context is instantaneously purged from the LLM cluster's memory.

4. Cookies and Local Storage

We use minimal, essential cookies and browser LocalStorage to maintain your active session, store your UI theme preferences (Light/Dark mode), and secure your authentication state. We do not use invasive third-party tracking pixels to monitor your web activity across other sites.

GDPR & CCPA Compliance

You maintain absolute sovereignty over your data. Under GDPR and CCPA regulations, you have the right to request a complete export of your account data, or request the total deletion of your account and all associated metadata. Account deletion is permanent and immediate. To exercise these rights, simply navigate to your Account Settings or contact our Data Protection Officer.

5. Third-Party Services

To provide our service, we utilize industry-leading infrastructure partners. We have verified that these partners adhere to strict compliance standards (SOC2, ISO 27001).

  • Vercel & Next.js: Frontend hosting and edge-routing.
  • Supabase: Core database, Row Level Security (RLS), and authentication.
  • OpenAI / Anthropic / DeepSeek: LLM inference providers (bound by Zero-Retention Enterprise Agreements).

6. Changes to this Policy

We may update this Privacy Policy periodically as we add new features or comply with evolving regulations. If we make material changes, we will notify you via email or display a prominent notice within the application dashboard prior to the change becoming effective.

Home
Resume/CV
Jobs
Research
Profile