Career Steer ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our AI-powered career guidance platform.

This policy applies to all users of Career Steer, whether you access our services through our website, mobile applications, or other platforms. By using our services, you consent to the collection and use of information in accordance with this policy.

We are committed to compliance with UK GDPR, EU GDPR, and other applicable data protection laws. If you have any questions about this Privacy Policy, please contact us through our support channels.

Career Steer acts as the data controller for the personal information we collect and process. This means we determine how and why your personal data is processed.

For any privacy-related enquiries, data subject requests, or concerns about how we handle your personal information, please contact us through our support channels or help centre.

Account Information

• Name (first name and last name)
• Email address
• Username (if provided)
• Profile image (if uploaded)
• Account preferences and settings

Professional Information

• Current job title and career level
• Work experience and employment history
• Education background and qualifications
• Skills, competencies, and certifications
• Career preferences and goals
• Location information for job searches

CV and Resume Data

• Uploaded CV/resume files (PDF, DOC, DOCX, TXT)
• Professional profile screenshots
• Extracted text and structured data from documents
• AI-generated analysis and insights from your CV

Voice Chat Data

Important: We do not store audio recordings from voice chat sessions. We only collect and process:

• Text transcriptions of voice conversations
• AI-generated summaries and insights from conversations
• Session metadata (duration, timestamp, call type)
• Voice preferences and settings

Usage and Analytics Data

• Feature usage patterns and interaction data
• Search queries and job preferences
• Session duration and frequency of use
• Device information and browser type
• IP address and general location data
• Performance and error logs

Cookies and Tracking Technologies

• Essential cookies for service functionality
• Analytics cookies to improve our services
• Preference cookies to remember your settings
• Authentication tokens and session management

Service Delivery

• Providing AI-powered career guidance and recommendations
• Processing and analysing your CV for career insights
• Delivering personalised job search results
• Facilitating voice chat sessions with AI career coaches
• Managing your account and subscription services

AI Processing and Analysis

• Generating career path recommendations based on your profile
• Matching you with relevant job opportunities
• Providing interview feedback and preparation assistance
• Creating professional networking suggestions
• Analysing career progression opportunities

Service Improvement

• Improving our AI algorithms and recommendation accuracy
• Enhancing user experience and platform functionality
• Developing new features and career guidance tools
• Monitoring service performance and reliability

Communication

• Sending service-related notifications and updates
• Providing customer support and assistance
• Notifying you of important changes to our services
• Sending promotional communications (with your consent)

Legal and Security

• Complying with legal obligations and regulations
• Protecting against fraud, abuse, and security threats
• Enforcing our Terms of Service and policies
• Responding to legal requests and court orders

Under UK GDPR and EU GDPR, we process your personal data based on the following legal bases:

Contract Performance

Processing necessary to provide our career guidance services, manage your account, and fulfil our contractual obligations under our Terms of Service.

Legitimate Interests

Processing for our legitimate business interests, including service improvement, fraud prevention, and analytics, balanced against your privacy rights.

Consent

Processing based on your explicit consent, such as for marketing communications or optional data uses that enhance your experience.

Legal Obligation

Processing required to comply with legal obligations, such as tax requirements, regulatory compliance, or responding to legal requests.

Categories of Third Parties

We share personal data with the following categories of third parties, only as necessary to provide our services:

• AI and Machine Learning Providers: For career guidance, content analysis, and voice processing services
• Cloud Infrastructure Providers: For secure data storage, hosting, and platform services
• Authentication Services: For user account management and security
• Payment Processors: For subscription billing and payment processing
• Job Data Providers: For job listing aggregation and career information
• Analytics Providers: For product analytics and user experience improvement (including PostHog)

Data Sharing Purposes

Personal data is shared with third parties only for the following purposes:

• Delivering AI-powered career guidance and recommendations
• Processing voice interactions and generating insights
• Storing and securing your data and files
• Managing user accounts and authentication
• Processing payments and managing subscriptions
• Providing job search and career matching services
• Analysing user behaviour and improving service functionality

Data Protection Measures

All third-party providers are carefully selected and contractually required to:

• Implement appropriate technical and organisational security measures
• Process data only for specified purposes
• Comply with applicable data protection laws
• Provide adequate data protection guarantees
• Allow us to monitor their data processing activities

Some of our service providers are located outside the UK and EU, particularly AI providers based in the United States. When we transfer your personal data internationally, we ensure appropriate safeguards are in place:

Safeguards for International Transfers

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with adequate data protection
• Binding Corporate Rules for multinational organisations
• Certification schemes and codes of conduct

US-Based AI Providers

For AI providers based in the United States, we rely on Standard Contractual Clauses and additional safeguards to ensure your data receives adequate protection equivalent to UK and EU standards.

Account Data

We retain your account information and profile data for as long as your account remains active or as needed to provide services. After account deletion, most personal data is removed within 30 days.

CV and Professional Data

Uploaded CVs and professional information are retained while your account is active and for 30 days after account deletion to allow for data recovery if needed.

Voice Chat Transcriptions

Voice chat transcriptions are retained for the duration of your account to provide continuity in career guidance. These are deleted within 30 days of account deletion.

Analytics and Usage Data

Anonymised analytics data may be retained for longer periods for service improvement purposes. This data cannot be linked back to individual users.

Legal Retention Requirements

Some data may be retained longer where required by law, for fraud prevention, or to resolve disputes. This includes billing records and certain account information.

Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of all personal data we hold about you, including how it's being used and who it's shared with.

Right to Rectification

You can request correction of inaccurate or incomplete personal data. Most profile information can be updated directly in your account settings.

Right to Erasure

You can request deletion of your personal data in certain circumstances, including when the data is no longer necessary or you withdraw consent.

Right to Restrict Processing

You can request that we limit how we process your data in certain situations, such as while we investigate a complaint about data accuracy.

Right to Data Portability

You can request a copy of your data in a structured, machine-readable format to transfer to another service provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time. This won't affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us through our support channels. We will respond to your request within one month and may ask for identification to verify your identity.

Technical Safeguards

• End-to-end encryption for data in transit and at rest
• Secure authentication and session management
• Regular security assessments and penetration testing
• Automated security monitoring and threat detection
• Secure backup and disaster recovery procedures

Organisational Measures

• Role-based access controls and principle of least privilege
• Regular security training for all personnel
• Incident response and data breach procedures
• Third-party security assessments and audits
• Privacy by design in all system development

Data Breach Response

In the unlikely event of a data breach, we will notify affected users within 72 hours and take immediate steps to secure the system and prevent further unauthorised access. We will also notify relevant supervisory authorities as required by law.

Essential Cookies

These cookies are necessary for the website to function and cannot be disabled:

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance
• User preferences and settings

Analytics Cookies

These cookies help us understand how users interact with our service:

• Page views and user journeys
• Feature usage and engagement metrics
• Performance monitoring and error tracking
• A/B testing and service optimisation

PostHog Analytics

We use PostHog, a product analytics platform, to understand how users interact with our service and improve the user experience. PostHog processes the following data:

• User interactions and feature usage patterns
• Session recordings and heatmaps (anonymised)
• Custom events related to career guidance activities
• User properties for personalised analytics
• Device and browser information

PostHog data is processed under our legitimate interest to improve our services. You can opt out of PostHog tracking through your account settings. PostHog complies with GDPR and processes data in accordance with their privacy policy.

Managing Cookies

You can control cookie settings through your browser preferences. However, disabling essential cookies may affect the functionality of our service. You can manage non-essential cookies through our cookie preferences centre.

Career Steer is designed for individuals aged 16 and above. We do not knowingly collect personal information from children under 16 without parental consent.

If you are under 18, we recommend that you discuss the use of our service with a parent or guardian before creating an account. Parents and guardians have the right to request information about data we hold on their children and to request its deletion.

If we become aware that we have collected personal information from a child under 16 without proper consent, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify users of material changes through email and prominent notices on our platform at least 30 days before changes take effect.

The updated Privacy Policy will take effect on the date specified in the notice. The current version will always be available on our website with the "last updated" date clearly displayed.

Your continued use of our service after updated Privacy Policy takes effect constitutes acceptance of the new policy. If you disagree with updates, you may delete your account before the effective date.

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your personal information, please contact us through our support channels or help centre.

We are committed to addressing your privacy concerns promptly and transparently. For data protection enquiries, we aim to respond within one month of receiving your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with data protection law.

This Privacy Policy is effective as of 15 September 2025 and governs our collection and use of your personal information.