AI Career Finder – Data Processing Addendum (DPA)

(2025 Global GDPR/CCPA-Compliant Version)

Last Updated: 2025-11-25

This Data Processing Addendum ("DPA") is incorporated into and forms part of the Terms of Use and Privacy Policy between AI Career Finder ("Processor", "we", "us") and the user ("Controller", "you").

This DPA governs our processing of personal data on your behalf, in accordance with:

1. Definitions

"Personal Data"

Any information relating to an identifiable natural person that you provide during your use of the Service.

"Processing"

Any operation performed on Personal Data (e.g., access, transmission, analysis).

"Controller"

You, the user, determine the purpose and means of the Personal Data you submit.

"Processor"

AI Career Finder processes Personal Data strictly according to your instructions.

"Sub-processors"

Third-party providers engaged to support the Service.

2. Subject Matter & Purpose of Processing

We process Personal Data solely for:

  • authenticating your account
  • generating AI-powered career insights
  • providing analytics and service performance
  • securing the Platform
  • complying with legal obligations

We do not process data for advertising or profiling unless required or explicitly authorized by you.

3. Types of Personal Data Processed

We may process:

3.1 Account Data

  • Name
  • Email address

(Collected via Google Authentication)

3.2 Career Input Data (Non-Persistent Processing)

  • work experience
  • skills
  • goals
  • resume text you paste
  • prompts supplied for AI analysis

🔒 Resume files and long-form text are processed in real-time and NOT stored.

3.3 Technical Data

  • masked IP address (where applicable)
  • browser & device information
  • usage logs
  • security logs

4. Duration of Processing

We process Personal Data:

  • for as long as your account remains active
  • or until you delete your account
  • or until data is no longer required for the purpose collected

Real-time input data (e.g., resume text) is processed temporarily and deleted immediately after generating results.

5. Controller Instructions

We only process Personal Data based on your documented instructions:

  • Using the Service
  • Entering data manually
  • Pasting text for AI analysis
  • Requesting account or data deletion
  • Requesting data export

We will not process data for any additional purpose without your consent.

6. Processor Obligations

We agree to:

6.1 Process data only for the purposes defined in this DPA

6.2 Maintain confidentiality

All personnel with access to Personal Data are bound by confidentiality obligations.

6.3 Implement technical & organizational security measures

Including:

  • Cloudflare WAF & DDoS protection
  • HTTPS encryption
  • Encrypted database storage
  • Zero-retention model for resume text
  • Access controls
  • Periodic security reviews

6.4 Notify you of data breaches

We will notify you without undue delay if a breach affecting your Personal Data occurs.

7. Sub-Processing

We use trusted sub-processors essential to providing the Service:

7.1 Approved Sub-Processors

  • Google Authentication – identity login
  • Google Analytics – analytics
  • Cloudflare – CDN, security, DDoS protection
  • AI Model Providers (US-based) – temporary processing of input text

7.2 Sub-processor Obligations

All sub-processors:

  • operate under GDPR-aligned agreements
  • provide industry-standard security
  • process data only for the intended purpose

7.3 Changes to Sub-Processors

If we add or replace a sub-processor, we will post an updated list on the website.

8. International Data Transfers

Personal Data may be transferred to servers and sub-processors located in the United States and other jurisdictions.

We ensure appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • Data minimization
  • Zero-retention for resume content

By using the Service, you consent to international data transfers as required.

9. Data Subject Rights

We support your ability to exercise all rights under applicable law, including:

  • access
  • correction
  • deletion
  • export
  • objection
  • withdrawal of consent

Requests may be submitted to:

📧privacy@aicareerfinder.com

We will assist in fulfilling these requests within statutory timeframes.

10. Data Retention & Deletion

10.1 No retention of resume files

We do not store or retain resume text or uploaded files.

10.2 Account data

Retained until account deletion.

10.3 Logs

Retained 30–90 days depending on system requirements.

10.4 Backups

Encrypted, time-limited backups for disaster recovery only.

Upon account deletion, all Personal Data will be permanently removed from active systems.

11. Security Measures

We implement industry-standard measures, including:

  • network firewalls
  • Cloudflare WAF
  • encrypted databases
  • TLS/HTTPS
  • monitoring and logging
  • least-privilege access control
  • periodic review of sub-processors

12. Audit & Compliance

Upon written request, we may provide:

  • descriptions of security practices
  • list of sub-processors
  • data flow summary
  • general compliance documentation

We do not provide data center access, source code, or proprietary system audits.

13. Liability

Liability under this DPA is governed by the limitations set forth in the Terms of Use.

We are not responsible for:

  • inaccuracies in AI-generated content
  • misuse of data entered by the Controller
  • consequences of decisions you make based on AI output

14. Termination

This DPA remains effective as long as:

  • you use the Service
  • we process your data

Upon termination:

  • account data is deleted
  • real-time input data is already destroyed
  • backups expire naturally
  • DPA obligations relevant to confidentiality and security survive termination

15. Contact

For privacy or data processing questions:

📧privacy@aicareerfinder.com

© 2025 AI Career Finder. All rights reserved.