Privacy Policy

1. Who We Are

TalentAvatar ("we," "our," or "us") is a UK-based career coaching platform that provides AI-powered career guidance, resume analysis, and professional development services. Our registered office is located in the United Kingdom.

Data Controller: TalentAvatar
Contact: privacy@talentavatar.com

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, and password (managed securely through AWS Cognito hosted authentication)
• Profile Information: Professional background, skills, education, work experience, career goals, and other information you choose to provide for your resume and career profile
• Resume/CV Data: Documents and information you upload for analysis and improvement
• Communication Data: Messages, feedback, and correspondence with our support team
• Payment Information: Billing details processed securely through Stripe and/or Paddle (we do not store complete payment card details on our servers)

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on platform, interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Similar Technologies: See our Cookie Policy for details
• AI Interaction Data: Questions asked to our AI career advisor and responses provided (used to improve service quality)

2.3 Information from Third Parties

• Authentication Services: Basic profile information from AWS Cognito (name, email)
• Payment Processors: Transaction confirmation and billing status from Stripe/Paddle

3. How We Use Your Information

3.1 Service Provision

• Create and manage your account
• Provide AI-powered career coaching and resume analysis
• Generate personalized recommendations and insights
• Store and manage your career profile and documents
• Process personality assessments (IPIP-OCEAN) and career evaluations

3.2 Communication

• Send service-related notifications and updates
• Respond to your inquiries and support requests
• Send marketing communications (only with your consent, which you can withdraw at any time)

3.3 Platform Improvement

• Analyze usage patterns to improve our services
• Develop new features and functionality
• Conduct research and analytics
• Train and improve our AI models (using anonymized data)

3.4 Legal and Security

• Comply with legal obligations and regulatory requirements
• Prevent fraud, abuse, and security incidents
• Enforce our Terms of Service and other policies
• Protect the rights and safety of our users and the public

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Contract Performance: To provide our services as outlined in our Terms of Service
• Legitimate Interests: To improve our platform, prevent fraud, and ensure security
• Consent: For marketing communications and optional data processing (you may withdraw consent at any time)
• Legal Obligation: To comply with applicable laws and regulations

5. AI Processing and Third-Party Services

5.1 AI Service Providers

We use APIPie as our AI processing service. APIPie acts as a data processor and does not store or retain your data. APIPie uses the following AI sub-processors:

• OpenAI
• Anthropic
• Other leading AI providers

Important Data Protection Information:

• APIPie and its sub-processors delete all data within 30 days of processing
• Data is only retained temporarily for malicious activity detection as legally required
• All processors operate under strict Data Processing Agreements (DPAs) that comply with UK GDPR
• Your data is encrypted in transit and at rest

5.2 Other Service Providers

• AWS (Amazon Web Services): Cloud hosting infrastructure (London region)
• AWS Cognito: Authentication and identity management (we do not directly handle passwords)
• Stripe/Paddle: Payment processing, billing, and tax compliance

5.3 Data We Do NOT Share

We do NOT sell, trade, rent, or otherwise provide your personal data to third parties for their marketing purposes. Your data is only shared with trusted service providers who assist us in operating our platform, and only to the extent necessary to provide our services.

6. Data Storage and Security

6.1 Storage Location

• All your data is stored on TalentAvatar servers hosted by AWS in the London, UK region
• We maintain 100% control over your data stored on our servers
• Data is backed up regularly for disaster recovery purposes

6.2 Security Measures

• Industry-standard encryption for data in transit (TLS/SSL)
• Encryption for data at rest
• AWS Cognito hosted authentication (we do not directly handle or store passwords)
• Regular security audits and monitoring
• Access controls and authentication mechanisms
• Employee training on data protection and security

6.3 Data Retention

We retain your personal data for as long as:

• Your account remains active
• Necessary to provide our services
• Required by law or for legitimate business purposes

You can request deletion of your data at any time. Upon request, we will delete or anonymize your personal data, except where retention is required by law.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

7.1 Right to Access

You can request a copy of all personal data we hold about you. You have full access to view, download, and export your data through your account dashboard.

7.2 Right to Rectification

You can update and correct your personal information at any time through your profile settings.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your account and all associated personal data at any time. We will process such requests within 30 days.

7.4 Right to Restriction

You can request that we restrict processing of your personal data in certain circumstances.

7.5 Right to Data Portability

You can download your data in a machine-readable format for transfer to another service.

7.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
Website: https://ico.org.uk
Phone: 0303 123 1113

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze platform usage. For detailed information, please see our Cookie Policy.

9. AI-Generated Content Disclaimer

Important Notice: Our platform uses artificial intelligence to provide career advice, resume analysis, and recommendations. While we strive for accuracy, AI-generated content may contain errors or suggestions that may not be suitable for your specific situation. We are not liable for decisions made based on AI recommendations. Always verify information and use professional judgment when making career decisions.

10. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete such information promptly.

11. International Data Transfers

While our primary servers are located in the UK, some of our service providers may process data outside the UK/EEA. In such cases:

• We ensure appropriate safeguards are in place (Standard Contractual Clauses, adequacy decisions)
• All processors comply with UK GDPR requirements
• Data is encrypted during transfer

12. Business Transfers

If TalentAvatar is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide notice and obtain consent where required before your data is transferred and becomes subject to a different privacy policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy on this page with a new "Last Updated" date
• Notify you via email or platform notification of material changes
• Obtain your consent where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us