Your Privacy, Our Priority

Privacy Policy

Last updated: January 5, 2025

How we protect your data with GDPR-compliant practices and ephemeral architecture.

πŸ”’ Our Privacy Principles

  • Ephemeral Data: Raw CV data auto-deletes after processing
  • 30-Day Purge: Reports expire automatically after 30 days
  • Minimal Collection: We only collect what's necessary for service delivery
  • No Selling: Your data is never sold to third parties
  • Transparent Processing: You know exactly how your data is used

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password (hashed)
  • Profile Data: Career goals, education level, target locations, budget preferences
  • CV/Resume: Work history, skills, certifications (ephemeral - auto-deleted after processing)
  • Payment Information: Credit card details (processed by Stripe, not stored on our servers)

1.2 Automatically Collected Information

  • Device Data: IP address, browser type, operating system, device identifier
  • Usage Data: Pages visited, features used, report generation timestamps
  • Cookies: Session cookies, preference cookies (see Cookie Policy)
  • Analytics: Aggregate usage statistics (anonymized)

2. How We Use Your Information

2.1 Service Delivery

  • Generate personalized MCDA reports based on your profile
  • Provide career risk scores (AIOE), cost-of-living analysis, skill gap mapping, and market vitality data
  • Deliver executive reports via email and in-app notifications
  • Process payments and manage credit balances

2.2 Platform Improvement

  • Analyze usage patterns to improve report accuracy
  • Monitor system performance and error rates
  • Conduct A/B testing for UI/UX improvements (anonymized)
  • Train and refine recommendation algorithms (using aggregated, non-identifiable data)

2.3 Communication

  • Send transactional emails (account verification, password reset, report delivery)
  • Provide customer support responses
  • Send service updates and feature announcements (opt-out available)
  • Marketing communications (only with explicit consent, unsubscribe anytime)

3. Data Retention & Deletion

⏱️ Automatic Deletion Schedule

  • CV/Resume Data: Deleted immediately after report generation (within 5 minutes)
  • Executive Reports: Auto-expire after 30 days (downloadable during this period)
  • Account Data: Retained while account is active
  • Deleted Accounts: Data permanently deleted within 90 days
  • Anonymized Analytics: Retained indefinitely (non-identifiable)

You can request immediate deletion of your account and all associated data by emailing privacy@pushnask.com. We will process deletion requests within 7 business days.

4. Data Sharing & Third Parties

4.1 Service Providers

We share data with trusted third-party providers solely for service delivery:

  • Payment Processing: Stripe (credit card processing)
  • Email Delivery: SendGrid (transactional emails)
  • Cloud Hosting: Google Cloud Platform (data storage and processing)
  • Analytics: Google Analytics (anonymized usage data)

All providers are GDPR-compliant and contractually obligated to protect your data.

4.2 Legal Requirements

We may disclose data if required by law, court order, or government request, or to:

  • Comply with legal obligations
  • Protect our rights and property
  • Prevent fraud or abuse
  • Ensure user safety

4.3 Business Transfers

If PushNask is acquired or merged, your data may be transferred to the new entity. You will be notified via email 30 days before any such transfer.

5. Your Rights (GDPR, CCPA, African Data Protection)

5.1 Access & Portability

  • Right to Access: Request a copy of all personal data we hold
  • Data Portability: Receive your data in JSON format (machine-readable)
  • Response Time: Within 30 days of request

5.2 Correction & Deletion

  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Delete your account and all associated data
  • Right to Restrict Processing: Limit how we use your data

5.3 Objection & Withdrawal

  • Right to Object: Object to data processing for marketing or profiling
  • Withdraw Consent: Revoke consent for optional data processing anytime
  • Opt-Out: Unsubscribe from marketing emails (one-click)

To exercise your rights, email privacy@pushnask.com or use the in-app settings (Account β†’ Privacy).

6. Security Measures

  • Encryption: 256-bit SSL/TLS for data in transit, AES-256 for data at rest
  • Password Security: Bcrypt hashing (salted, 12 rounds)
  • Access Control: Role-based access, principle of least privilege
  • Monitoring: 24/7 intrusion detection, automated security scans
  • Compliance: SOC 2 Type II certified (pending), GDPR compliant

7. Children's Privacy

PushNask is not intended for users under 16 years old. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately at privacy@pushnask.com.

8. International Data Transfers

Your data may be processed in data centers located in the United States, Europe, and Africa. We use Standard Contractual Clauses (SCCs) approved by the European Commission for GDPR compliance.

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified via:

  • Email notification (30 days before effective date)
  • In-app banner for 30 days
  • Updated "Last updated" date at the top of this page

10. Contact Us

For privacy-related questions, data requests, or complaints:

You also have the right to lodge a complaint with your local data protection authority.