Privacy Policy

1. Introduction

This policy explains what data we collect, how we use it, and how we protect it. It applies to all Exibell services including the AI Resume Builder, Mock Interview Practice, 1:1 Mentorship, AI Upskilling Courses, and Communication Skills Training. By using our platform, you agree to this policy.

2. Information We Collect

We collect several types of information to provide and improve our AI-powered career growth services. The information we collect falls into the following categories:

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and improve our AI career tools: Your data powers our tools to deliver personalized career guidance.
• Personalize your experience: We use your career data and usage patterns to offer better suggestions and recommend relevant courses.
• Process payments and manage subscriptions: We process transactions, manage subscriptions, and send receipts.
• Communicate with you: We send platform updates and career tips. You can opt out of non-essential emails anytime.
• Improve our AI models: We use anonymized, aggregated data to improve our AI. Your individual data is never used in identifiable form without consent.
• Prevent fraud and ensure platform security: We use technical data to detect fraud, abuse, and unauthorized access.
• Comply with legal obligations: We may disclose information as required by law.

4. AI and Your Data

Here is how your data is used in our AI features.

• Your resume content and career data are processed by our AI systems to generate personalized suggestions, improvements, and feedback. This processing is essential to delivering our core services.
• Interview practice session recordings and responses are analyzed by our AI to provide performance feedback and coaching recommendations. Audio and video recordings are deleted after processing is complete; only the generated feedback text is retained.
• We do NOT sell your career data to recruiters or employers. Your resumes, interview responses, and career information are never shared with potential employers, recruiters, or hiring platforms.
• We do NOT share your resume with third parties without your explicit consent. Your career documents remain private and under your control at all times.
• AI model training is performed exclusively on anonymized, aggregated data that cannot be traced back to individual users. We strip all personally identifiable information before any data is used for model improvement.
• You can opt out of having your anonymized data used for AI model training at any time through your account settings. Opting out will not affect your ability to use any of our services.

5. Data Sharing

We only share your personal information in the following limited circumstances:

• Service providers: We share data with trusted third-party service providers who assist us with hosting, cloud infrastructure, analytics, payment processing, and email delivery. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Mentors: If you participate in our 1:1 Mentorship program, your mentor will only have access to the information you explicitly choose to share during your sessions. Mentors are bound by confidentiality agreements and cannot use your data for any purpose outside of your mentorship relationship.
• Legal requirements: We may disclose your information if required to do so by law, in response to valid legal process such as a court order, subpoena, or government request, or to protect the rights, property, or safety of Exibell, our users, or the public.
• Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
• Your data is NEVER sold to advertisers, recruiters, or data brokers. We do not and will never sell, rent, or trade your personal information to third parties for their marketing or commercial purposes.

6. Third-Party Services

Exibell uses a limited number of trusted third-party services to operate the platform. Below is a transparent list of these services, what they do, and what data they may access.

• Amazon Web Services (AWS): Cloud hosting, database, and file storage. All data is encrypted at rest and in transit and stored in AWS data centers. AWS does not access or use your data for its own purposes.
• AWS S3: Stores uploaded files (resumes, images, documents) with server-side encryption (AES-256). Files are accessible only through authenticated requests.
• AWS CloudFront: Content delivery network (CDN) for fast, secure page loading worldwide. Serves static assets and cached content from edge locations closest to you.
• Google Analytics 4: Anonymous website traffic analysis. Collects page views, session duration, and device type. No personal career data, resume content, or account information is shared with Google.
• Mixpanel: Product analytics to understand how features are used. Collects anonymized interaction events such as feature clicks and navigation patterns. No resume content, career data, or personally identifiable information is shared with Mixpanel.
• Google OAuth: Optional sign-in method. When you choose to sign in with Google, we receive only your name and email address from Google. Google does not receive any of your Exibell activity data, career documents, or platform usage information.
• Payment Processor: (To be disclosed when implemented.) Will process subscription payments securely. We will never store full card numbers, CVVs, or sensitive payment details on our servers.

We carefully vet all third-party providers and require them to meet our security and privacy standards through data processing agreements. Each provider is contractually obligated to handle your data in accordance with applicable data protection laws.

7. Data Retention

We retain your information only for as long as necessary to provide our services and fulfill the purposes described in this policy:

• Active account data: Your account information, career data, and preferences are retained for as long as your account remains active and you continue to use our services.
• Deleted accounts: When you delete your account, your personal data is removed from our active systems within 30 days. Data in encrypted backups is purged within 90 days of account deletion.
• AI interaction logs: Logs of your interactions with our AI features (interview practice, resume suggestions, course activity) are retained for 12 months to support service improvement and troubleshooting, after which they are anonymized or deleted.
• Payment records: Transaction records and billing history are retained as required by applicable tax and financial regulations, typically for a period of 7 years.

8. Your Rights

You have the following rights regarding your personal information. You may exercise these rights at any time by contacting us or through your account settings:

• Access your data: You can request a downloadable export of all personal data we hold about you, including your account information, career data, and AI interaction history.
• Correct inaccurate information: You can update or correct any inaccurate or incomplete personal information through your account profile or by contacting us directly.
• Delete your account and data: You can request the deletion of your account and all associated personal data. We will process your request in accordance with our data retention schedule.
• Opt out of marketing communications: You can unsubscribe from promotional emails at any time using the unsubscribe link in any email or through your account notification settings.
• Opt out of AI model training: You can choose to exclude your anonymized data from being used to improve our AI models through your account privacy settings.
• Data portability: You can export your resumes, cover letters, and other career documents you have created on our platform in standard, portable formats at any time.
• Withdraw consent: Where we rely on your consent to process your data, you may withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of any processing conducted prior to your withdrawal.

9. Data Security

We take the security of your personal information seriously and implement technical and organizational measures to protect it:

• Encryption at rest: All personal data stored on our servers is encrypted using AES-256 encryption.
• Encryption in transit: All data transmitted between your device and our servers is protected using TLS 1.3 encryption, ensuring that your information cannot be intercepted during transmission.
• Regular security audits: We conduct regular security assessments and vulnerability testing of our systems.
• Role-based access controls: Access to your personal data within our organization is restricted to authorized personnel who need it to perform their job functions, through role-based access controls.
• Secure infrastructure: Our platform is hosted on Amazon Web Services (AWS), which provides physical and network security with redundant data centers.
• Incident response: We maintain incident response procedures to quickly detect, contain, and remediate any security incidents. In the event of a data breach that affects your personal information, we will notify you promptly in accordance with applicable law.

10. Cookies & Tracking

We use cookies and similar technologies (including localStorage) in a limited and transparent manner. Below is a detailed breakdown of the cookies and storage mechanisms used on our platform, organized by category.

You can manage your cookie preferences at any time using our Cookie Preferences panel accessible from the footer of every page. Disabling analytics or marketing cookies will not affect your ability to use Exibell's core features.

11. Children's Privacy

Exibell is designed for professionals and is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that information from our servers. If you believe that a child under 16 has provided us with personal information, please contact us at support@exibell.com so we can take appropriate action.

12. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer your data internationally, we put safeguards in place to protect your information, including standard contractual clauses, data processing agreements, and compliance with applicable data transfer regulations such as GDPR.

13. Educational and Professional Data Protections

Exibell serves students, professionals, and career changers at any stage. The following protections apply to your career and educational data:

• Your career data belongs to you. All career documents you create on Exibell (resumes, cover letters, portfolios, skill assessments) remain your property. We will never share, sell, or disclose these documents to employers, recruiters, or any third party without your explicit consent.
• Performance data is private. We do not share your course completion records, skill assessment results, interview practice performance, or any other progress data with employers, educational institutions, or any external party unless you explicitly authorize it.
• FERPA compliance for institutional users: If you access Exibell through a university, college, or educational institution license, additional protections apply under the Family Educational Rights and Privacy Act (FERPA). Your educational records are protected, and your institution may only access anonymized, aggregated usage statistics—never individual user data.
• No mandatory data sharing: No employer, educational institution, or organization can require you to share your Exibell-generated career documents, interview performance data, or skill assessment results as a condition of employment, enrollment, or participation.
• Portable credentials: Course completion certificates and skill badges earned on Exibell are portable and remain in your account regardless of how you accessed the platform or whether an institutional license expires.
• We support the Student Privacy Pledge and are committed to handling all user career and educational data responsibly and transparently.

14. Anti-Spam and Communication Practices

We take a strong stance against unsolicited communications:

• We comply with the CAN-SPAM Act, CASL (Canada), and equivalent international anti-spam regulations.
• You will never receive spam from Exibell. Every marketing email includes a one-click unsubscribe link.
• We do not sell or share your email address with third-party marketers.
• Transactional emails (password resets, subscription confirmations, security alerts) cannot be unsubscribed from as they are essential to your account security.
• If you join our newsletter or career tips mailing list, you can opt out at any time without affecting your access to the platform.
• We limit marketing emails to a reasonable frequency and clearly label all promotional content.

15. Accessibility Commitment

We believe career growth tools should be accessible to everyone:

• We are committed to making Exibell accessible in accordance with WCAG 2.1 Level AA guidelines.
• Our platform is designed to work with screen readers, keyboard navigation, and assistive technologies.
• We test our AI career tools for accessibility across devices and browsers.
• If you encounter any accessibility barriers on our platform, please contact accessibility@exibell.com and we will work to resolve the issue promptly.
• We conduct regular accessibility audits and continuously improve our platform's usability for all users.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make material changes to this policy, we will notify you by email at the address associated with your account and by posting a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of Exibell after the effective date of the revised policy constitutes your acceptance of the updated terms. We encourage you to review this policy periodically to stay informed about how we protect your information.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

• Email: support@exibell.com
• Data Protection Officer: support@exibell.com

We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.