Privacy Policy

HirePathPro is a product of MineledgerAI (“Company”, “we”, “us”, “our”), accessible at mineledgerai.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the HirePathPro service (“Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. This policy should be read together with our Terms of Service.

a) Information you provide directly:

• Account information: Email address, display name, and password (hashed; we never store plaintext passwords).
• Resume content: Resumes, CVs, and other documents you upload to your Resume Vault or for one-off analyses.
• Job posting data: Job descriptions, URLs, and related text you provide for analysis.
• Offer details: Salary, equity, bonus, and benefits information you input for negotiation research.
• Payment information: Billing details are collected and processed by Stripe, Inc. We receive only your subscription status, plan type, and transaction confirmations — not your full card number.

b) Information collected automatically:

• Usage data: Pages visited, features used, timestamps, and interaction patterns (collected via client-side analytics).
• Device & browser info: Browser type, operating system, screen resolution, and language preference.
• IP address: Collected for security, rate limiting, and approximate geolocation (country/region level only).
• Cookies: Essential cookies for authentication and session management (see Section 9 below).

The Service uses automated processing, including third-party AI language models, to generate resume analyses, interview preparation materials, and negotiation insights. This means:

• Your resume text and job posting text are sent to third-party AI service providers for real-time processing.
• These providers process your data under their own data processing agreements and do not use your inputs to train their models (per our agreements with them).
• AI-generated outputs (scores, recommendations, questions) are probabilistic estimates and should not be treated as definitive professional advice.
• No automated decisions are made that produce legal effects or similarly significantly affect you. All outputs are informational and advisory.

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that significantly affect you. Our AI features are advisory tools, not decision-making systems. If you believe an automated output has affected you adversely, contact us for a human review.

We share your personal data with the following categories of third-party processors, strictly for the purposes described:

We do not sell, rent, or trade your personal data to any third party for advertising or marketing purposes. We only share data with processors who are contractually obligated to protect it.

Your data may be processed in the United States and other countries where our service providers operate. If you are located in the EEA, UK, or other regions with data transfer restrictions, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Reliance on processors that have implemented adequate data protection measures;
• The EU-US Data Privacy Framework, where applicable.

• Account data: Retained for as long as your account is active. Upon account deletion, your personal data is deleted or anonymized within 30 days, except where retention is required by law.
• Analysis history: Stored linked to your account. Deleted when your account is deleted.
• Resume Vault: Stored until you delete individual resumes or your account.
• Payment records: Transaction records may be retained for up to 7 years as required for tax and accounting obligations.
• Server logs: Retained for up to 90 days for security and debugging, then automatically purged.

We implement industry-standard technical and organizational measures to protect your data:

• Encryption at rest and in transit (TLS 1.2+).
• Firebase Authentication with secure session management.
• Rate limiting and abuse detection on all API endpoints.
• Access controls limiting employee access to personal data on a need-to-know basis.
• Regular security reviews of our codebase and infrastructure.

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We use the following types of cookies:

Essential cookies are required for the Service to function. You can disable analytics cookies in your browser settings. We honor Do Not Track (DNT) browser signals — when detected, analytics cookies are not set.

Depending on your location, you may have the following rights regarding your personal data:

a) Rights for all users:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data and account.
• Data portability: Request your data in a structured, machine-readable format.

b) Additional rights under GDPR (EEA & UK residents):

• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interest.
• Withdraw consent: Withdraw consent at any time where processing is based on consent.
• Lodge complaint: File a complaint with your local Data Protection Authority.

c) Additional rights under CCPA (California residents):

• Right to know: Request disclosure of the categories and specific pieces of personal information we collect.
• Right to delete: Request deletion of your personal information.
• Right to opt-out: We do not sell your personal information. No opt-out is necessary.
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, email contactus@mineledgerai.com with the subject line “Privacy Rights Request”. We will respond within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at contactus@mineledgerai.com.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware (where required by GDPR);
• Notify affected users without undue delay if the breach is likely to result in a high risk to their rights;
• Document all breaches internally, including the facts, effects, and remedial actions taken.

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the revised policy on this page and updating the “Last updated” date;
• Sending an email notification for material changes that affect your rights.

Continued use of the Service after changes take effect constitutes acceptance. We encourage you to review this page periodically.

MineledgerAI is the data controller responsible for your personal information. For questions, concerns, data requests, or complaints related to this Privacy Policy, contact us at: