Privacy Policy

Version 0.4 — contact email + legal entity filled in · Last updated 2026-05-09

⚠️ This is a working draft. It has not been reviewed by a lawyer. Do not publish externally without that review. The internal companion document is SECURITY_AND_PERSONAL_INFORMATION.md, which goes deeper on the technical details.

1. Who we are

AI Stream Jobs is a CV-tailoring tool operated by Næxt AI ("we", "us", "our"). You can reach us at the email listed in §11 Contact.

If you live in the EU, EEA, or UK, the data controller for your personal data is Næxt AI.

2. The short version

We collect the things you'd expect — your account email, the CV content you upload, the job postings you save, and how you use the product (drafts generated, plan, billing). We use them to run the product, generate AI-tailored CVs and cover letters, charge you correctly, and improve the service. We send your CV text and the job description to Anthropic and Google when you generate a draft, because those are the AI providers that do the rewriting; their commercial terms forbid them from training on this data. We never sell your data. You can export or delete everything you've put in at any time.

The full version follows.

3. What we collect, why, and the legal basis (GDPR Article 6)

We do not collect sensitive categories under GDPR Article 9 (race, religion, health, biometrics, etc.) intentionally. CVs sometimes mention these — that's user-volunteered content; we treat it the same as the rest of the CV (encrypted at rest, sent only to the AI providers we list, deletable on request).

4. How long we keep it

5. Who we share it with

We don't sell your personal data. We share it only with the vendors that make the product work:

Both Anthropic and Google's commercial terms commit them not to train models on production API traffic. We will publish signed Data Processing Agreements with both before EU launch. (See the Implementation Plan for the timeline.)

We will never share your data for marketing, advertising, or sale to third parties.

PII minimization on utility calls. When we send your CV text to an AI provider for tasks that don't actually need to identify you — scoring how well your CV matches a job posting, extracting your career profile (function, level, target roles) for the search-suggestion chips — we strip your name (where applicable), email, phone, LinkedIn URL, and other personal handles from the text before sending. The provider sees something like "[REDACTED_NAME] worked as a Senior Engineer at Stripe 2020–2024" and produces an equally accurate score / extraction. Tasks that genuinely need your full content — generating tailored CVs, rewriting bullets, drafting cover letters, generating interview-prep questions — keep the full text because the output references you by name and writes in your voice.

6. International transfers

If you're in the EU, EEA, UK, or Switzerland, your data may be transferred to and processed in the United States by the vendors above. We rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission, embedded in our DPAs with Anthropic, Google, and Stripe (signed before EU launch — see open gap above).
• Adequacy decisions where they apply (EU–US Data Privacy Framework as of 2026).

When EU data residency lands (planned, see Implementation Plan §7), EU users' CV content, drafts, applications, and AI model calls will stay within Google Cloud's europe-west1 region. One exception remains: see §6.1.

6.1 Documented exception — Firebase Authentication identity

AI Stream Jobs uses Google Firebase Authentication to handle sign-in. As of 2026, Firebase Authentication does not offer EU data residency: your sign-in identity (email address and display name) is stored and processed by Google in the United States.

We rely on the following legal bases for this transfer:

• GDPR Article 6(1)(b) — performance of a contract. We cannot operate the service without storing your authentication identity. This processing is therefore not "consent" in the Article 6(1)(a) sense, but a contractual necessity. If you do not accept this exception, please do not create an account.
• Standard Contractual Clauses — the EU–US transfer of your sign-in identity is covered by SCCs in the Google Cloud Data Processing Addendum, which you can review at cloud.google.com/terms/data-processing-addendum.
• EU–US Data Privacy Framework — Google is a certified participant where the framework applies.

What is and isn't covered by this exception:

Every EU user is shown this exception in the consent dialog at sign-up and must explicitly acknowledge it via a checkbox — the audit trail of acceptances is in Firestore at users/{uid}/consents/*.

We will revisit this exception when either (a) Firebase Authentication ships full EU data residency, or (b) our EU customer base requires us to migrate to an EU-resident auth provider (Auth0 EU, Descope, FusionAuth, or similar). The decision will be documented in the Implementation Plan.

7. Your rights

Wherever you live, you can:

• Access what we hold — Settings → Data → Export everything (planned /api/account/export).
• Correct anything wrong — edit it directly in the app.
• Delete everything — Settings → Danger zone → Delete account (planned /api/account/delete). This is permanent.
• Take it elsewhere — same export endpoint, machine-readable JSON.
• Withdraw consent for sending CV content to AI providers — toggle in Settings → Privacy. This stops further AI calls; it doesn't retroactively delete drafts already generated.
• Object to specific processing — email us via §11 Contact.
• Lodge a complaint with your data protection authority if you live in the EU/EEA/UK. We'd appreciate a heads-up first so we can fix whatever's wrong.

We respond to rights requests within 30 days (often within 7).

8. Cookies (the complete list)

We use a small number of cookies, all strictly necessary for the Service to operate. No tracking, advertising, or analytics cookies. No third-party cookies.

Under the ePrivacy Directive (Article 5(3)) and EU regulator guidance, strictly-necessary cookies are exempt from the consent-banner requirement — which is why we don't show one. The complete list:

That's it. Both cookies are set on sign-in and cleared on sign-out. They're never readable by JavaScript (httpOnly), only sent over HTTPS (Secure), and never sent on cross-site requests (SameSite=Lax).

We do not use:

• Google Analytics, Meta Pixel, or any other behavioural tracker
• Advertising cookies of any kind
• Third-party cookies
• localStorage as a tracking mechanism (we do use it as a per-device cache for your drafts; that's described in §3)

The Cloud Logging that we do run is server-side only — it doesn't drop cookies on you. Requests from your browser to /api/* produce a log line with the request path, your truncated IP (/24 for IPv4, /48 for IPv6), and timing — see §3 "Server logs".

9. Children

AI Stream Jobs is for adults. We do not knowingly collect data from anyone under 16. If you believe a child has signed up, contact us and we'll delete the account.

10. Changes

When we change this policy, we'll bump the version in the header, log the change in §13, and (for material changes) email you before the new version takes effect. For non-material changes (typos, links), we just publish.

11. Contact

Email: support@aistreamjobs.com Address: (to be filled in — required for GDPR; can be a P.O. box; pending lawyer review)

If you have a security finding, please email instead of opening a public GitHub issue.

12. Definitions

• Personal data — anything that can identify you, directly or indirectly, including your name, email, IP address, and the contents of your CV.
• Processing — any operation performed on personal data: collecting, storing, using, sharing, deleting.
• AI provider — Anthropic and Google. Both run their APIs on commercial terms that exclude API traffic from model training.

13. Change log