Information You Provide Directly:

• Account Information: Email address, notification preference settings, user preferences
• Payment Information: Billing details processed through Stripe (we do not store complete payment card information)
• Communication Data: Support inquiries, feedback, and correspondence

Information Collected Automatically:

• Usage Data: Service interaction patterns, feature usage, search queries, and preferences
• Technical Information: IP addresses, device information, browser type, access times
• Bot Interaction Data: Commands used, response patterns, service configuration choices
• Session Information: Login timestamps, session duration
• Profile Data: Name, email, phone, career information, gender (when voluntarily provided by the user)

Marketing and Analytics Data:

• Site Analytics: Google Analytics, Facebook Pixel, Yahoo marketing pixels for site optimization
• Marketing Attribution: Campaign effectiveness, referral sources, user acquisition metrics
• Cookie Data: Session management cookies, preference settings, authentication tokens

LGPD Legal Bases:

• Consent: For marketing communications, analytics, and optional features, and processing of sensitive data (when applicable)
• Contract Performance: For service delivery, payment processing, and account management
• Legitimate Interest: For service improvement, fraud prevention, and customer support
• Legal Compliance: For tax obligations, regulatory reporting, and law enforcement requests

GDPR Legal Bases (for EU users):

• Consent (Article 6(1)(a)): Marketing, analytics, and optional data processing
• Contract Performance (Article 6(1)(b)): Service delivery and payment processing
• Legitimate Interests (Article 6(1)(f)): Service improvement, security, and fraud prevention
• Legal Obligation (Article 6(1)(c)): Regulatory compliance and legal requirements
• Sensitive Data (Article 9): When sensitive data such as gender is processed, we base it on explicit consent from the data subject

Processing Purposes:

• Service Delivery: Providing job opportunity notifications and personalized recommendations
• AI Processing: Use of Claude AI and ChatGPT for content analysis, filtering, and document generation
• Payment Processing: Subscription management and billing through Stripe
• Customer Support: Responding to inquiries, troubleshooting, and service assistance
• Service Improvement: Analyzing usage patterns to enhance features and functionality
• Marketing and Analytics: Understanding user behavior and promoting relevant services
• Legal Compliance: Meeting tax, regulatory, and law enforcement obligations

AI Systems Used:

• Content Analysis: Processing resume information for relevance and quality
• Job Scoring: Algorithmic evaluation of listing value and user relevance
• Automatic Context Expansion: Enhancing resume information with additional relevant details
• Recommendation Generation: Personalizing job suggestions based on user preferences

Automated Decision Making Rights:

• Request human review of AI-driven recommendations
• Understand the logic behind automated processing that affects your service experience
• Opt out of using certain AI-powered features while maintaining access to the main service
• Access information about how AI systems process your data

Payment Processing:

Stripe: Processes all payment transactions. Shared data includes billing information and transaction details. Stripe maintains independent privacy practices described in its privacy policy.

Service Infrastructure:

Cloud Hosting Providers: Service technical data and user information stored in secure cloud infrastructure

AI Processing Partners:

Anthropic (Claude AI): User queries and job market data processed for analysis and recommendations. OpenAI (ChatGPT): Similar processing for content enhancement and user assistance.

Marketing and Analytics:

• Google Analytics: Site usage analysis for service improvement
• Facebook Pixel: Marketing attribution and campaign optimization
• Yahoo Analytics: Additional marketing performance analysis

Transfer Locations:

• United States: For AI processing (Anthropic, OpenAI) and payment processing (Stripe)
• European Union: For cloud infrastructure and service delivery
• Other Countries: As necessary for service operation and third-party processing

Transfer Safeguards:

• Standard Contractual Clauses (SCCs): We use Standard Contractual Clauses approved by the European Commission for EU data transfers, and clauses approved by ANPD for transfers from Brazil
• Data Processing Agreements: Comprehensive agreements with all international processors that include data protection obligations
• Privacy Shield Successors: Appropriate frameworks for US data transfers when available
• Adequate Protection: Ensuring that recipient countries provide adequate levels of data protection equivalent to EU and Brazil standards

Retention Periods:

• Account Data: Retained while the account is active plus 30 days after closure
• Payment Information: 7 years for tax and financial record keeping (European/international requirements)
• Usage Analysis: 24 months for service improvement analysis
• Marketing Data: Until consent is withdrawn or maximum 3 years
• Legal Compliance Data: As required by applicable laws and regulations

Automatic Deletion:

We implement automated deletion processes to remove data after retention periods end. Users receive notification before automatic deletion when required by law. We collect and retain only data necessary for specified purposes and regularly review retention practices to minimize storage duration.

Universal Rights (Available to All Users):

• Right to be Informed: Clear information about data processing at collection
• Right of Access: Obtain copies of personal data and processing information
• Right of Rectification: Correct inaccurate or incomplete information
• Right of Deletion: Request erasure of personal data ("right to be forgotten")
• Right to Data Portability: Export data in machine-readable format
• Right of Opposition: Object to processing for direct marketing and legitimate interests

Brazilian Users (LGPD Rights):

• Right of Confirmation: Confirm existence of data processing
• Right of Information: Detailed information about processing activities
• Right of Anonymization: Request anonymization of unnecessary data
• Right to Withdraw Consent: Easy mechanism for consent withdrawal
• Right of Explanation: Understand automated decision-making processes

US State Law Rights (California, Virginia, Colorado, etc.):

• Right to Know: Categories of personal information collected and processed
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of sale/sharing and targeted advertising
• Right to Non-Discrimination: Equal service regardless of privacy choices
• Right to Correct: Rectify inaccurate personal information

Canadian Users (PIPEDA Rights):

• Right of Access: Access personal information maintained by the organization
• Right to Contest: Contest accuracy and completeness of information
• Right to Withdraw Consent: Withdraw consent subject to contractual restrictions
• Right to Complain: File complaints with the Privacy Commissioner

How to Submit Requests:

Email: dafondeveloper@gmail.com with "Privacy Request" in the subject line

Request Processing:

• Response Time: 15 days (LGPD), 30 days (GDPR), 45 days (CCPA)
• Identity Verification: Reasonable measures to confirm requester identity
• No Fee: Generally free unless requests are excessive or repetitive
• Status Updates: Regular communication about request processing status

Request Fulfillment:

• Data Access: Comprehensive information about data processing
• Data Deletion: Complete erasure subject to legal retention requirements
• Data Portability: Machine-readable format (JSON, CSV, XML)
• Consent Withdrawal: Immediate cessation of consent-based processing

Types of Cookies Used:

• Essential Cookies: Necessary for basic service functionality and security
• Analytics Cookies: Google Analytics for site performance analysis
• Marketing Cookies: Facebook Pixel, Yahoo marketing pixels for campaign optimization
• Preference Cookies: Remember user settings and preferences

Cookie Consent:

• Granular Control: Users can accept/reject specific cookie categories
• Consent Management: Easy-to-use cookie preferences center
• Withdrawal Rights: Simple mechanism to withdraw cookie consent
• Equal Prominence: Accept and reject options receive equal emphasis

Opt-Out Mechanisms:

• Global Privacy Control (GPC): Respect browser-based opt-out signals
• Cookie Settings: Preference management accessible on all pages
• Marketing Opt-Out: Direct opt-out links in marketing communications
• Analytics Opt-Out: Support for Google Analytics browser opt-out plugin

Security Measures:

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Access Controls: Role-based access permissions and multi-factor authentication
• Regular Audits: Periodic security assessments and penetration testing
• Employee Training: Comprehensive privacy and security training programs

Breach Response:

• Detection: 24/7 monitoring and incident detection systems
• Assessment: Rapid risk assessment and impact analysis
• Notification: Regulatory notification within 72 hours (GDPR), 3 business days (LGPD)
• User Communication: Immediate notification if breach likely to cause harm
• Remediation: Immediate measures to contain and remediate security incidents

Data Protection Measures:

• Privacy by Design: Privacy protections integrated into system architecture
• Data Minimization: Collect only information necessary for specified purposes
• Regular Deletion: Automated removal of data after retention periods
• Vendor Security: Comprehensive security requirements for all data processors

Marketing Communications:

• Explicit Consent: Opt-in for marketing communications
• Service Relationship: Transactional messages related to service use
• Legitimate Interest: Service improvement communications when permitted

Communication Controls:

• Subscription Management: Easy unsubscribe links in all marketing emails
• Granular Preferences: Choose specific types of communications to receive
• Immediate Effect: Opt-out requests processed within 10 business days

Privacy Inquiries:

Email: dafondeveloper@gmail.com with "Privacy Request" in the subject line

Response Time: 15 business days for general inquiries

Regulatory Complaints:

• Brazil (LGPD): National Data Protection Authority (ANPD) - www.gov.br/anpd
• EU (GDPR): Relevant EU supervisory authority in your member state
• California: California Attorney General - oag.ca.gov
• Canada (PIPEDA): Office of the Privacy Commissioner of Canada - priv.gc.ca