Legal

Privacy Policy

Last updated: June 20, 2026

1. Introduction

CareerWin ("we," "our," or "us") is operated by Exogram AI. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at careerwin.ai (the "Service"). By using the Service, you agree to the practices described in this policy.

2. Information We Collect

Account Information. When you create an account, we collect your email address and authentication credentials through Supabase, our authentication provider. We may also store your name if you choose to provide it.

Resume & Career Data. When you use our tools, you voluntarily provide resume text, LinkedIn profile data, and related career information. This data is processed to deliver our analysis and recommendations.

Payment Information. Payments are processed by Stripe. We do not store your full credit card number, CVC, or billing address on our servers. Stripe handles all payment data in accordance with PCI-DSS standards.

Usage Data. We automatically collect standard log data including IP address, browser type, referring pages, pages visited, and timestamps to improve our Service and troubleshoot issues.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Analyze your resume and career materials using AI processing
  • Process your transactions through Stripe
  • Send transactional emails related to your account
  • Improve and personalize your experience
  • Detect, prevent, and address technical issues or abuse

4. AI Processing

CareerWin uses Google Gemini for AI-powered resume analysis, evidence interviews, and career material generation. When you submit career data for processing, it is sent to the Google Gemini API. Google's use of this data is governed by their own privacy policies and data processing terms. We do not use your data to train AI models.

5. Cookies & Tracking

We use essential cookies to maintain your session and authentication state. We may use analytics cookies to understand how users interact with the Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, disabling cookies may affect the functionality of the Service.

6. Third-Party Services

We integrate with the following third-party services, each of which has its own privacy policy:

  • Supabase — Authentication and database hosting
  • Stripe — Payment processing
  • Google Gemini — AI-powered resume analysis and content generation
  • Vercel — Application hosting and deployment

We do not sell your personal information to third parties. We share data with these providers only to the extent necessary to operate the Service.

7. Data Retention

We retain your account data and career materials for as long as your account is active. You may request deletion of your data at any time by contacting us. Upon account deletion, we will remove your personal data from our active systems within 30 days, though some data may persist in backups for a limited period.

8. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), secure authentication via Supabase, and PCI-compliant payment processing via Stripe. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data; object to or restrict certain processing; and receive your data in a portable format. To exercise any of these rights, please contact us at the email below.

10. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us at:

Email: richardewing@exogram.ai