Effective Date: June 25, 2026 | Version 1.2 | Last Updated: July 5, 2026
Operated by [COMPANY NAME], United Arab Emirates
1. Introduction
This Privacy Policy explains how Prentice ("we", "us", or "our"), operated by [COMPANY NAME], a company registered in the United Arab Emirates, collects, uses, stores, and protects your personal data when you use our web-based job application platform at myprentice.ai (the "Service").
We are committed to protecting your privacy and handling your personal data transparently and lawfully. This policy applies to all users of the Service regardless of location, and complies with the General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA/CPRA), Canada's PIPEDA, the Australian Privacy Act 1988, and the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL).
We obtain your consent actively, not passively. When you create an account, you must tick an unticked box confirming that you have read and agree to this Privacy Policy and our Terms of Service. Before your first resume upload, we ask you to confirm that you consent to the processing of the personal data your resume contains. You may withdraw your consent at any time as described in Section 9. If you do not agree with this policy, do not use the Service.
2. Who We Are and How to Contact Us
Product name: Prentice
Operated by: [COMPANY NAME] (to be updated upon UAE trade license issuance)
Registered address: [Registered Address, UAE] (to be updated upon trade license issuance)
Trade license number: [Trade License Number] (to be updated upon trade license issuance)
Privacy contact: privacy@myprentice.ai
For privacy-related questions, requests, or complaints, contact us at privacy@myprentice.ai. We respond to all requests within 30 days.
3. Personal Data We Collect
3.1 Account and Identity Data
-
Full name
-
Email address
-
Password (stored in encrypted, hashed form via Clerk)
-
LinkedIn profile URL (if signing in via LinkedIn OAuth)
-
Google account information (if signing in via Google OAuth)
-
Location (country and city, as provided by you)
-
Phone number (optional)
3.2 Resume and Career Data
-
Master resume content including work history, education, skills, and achievements
-
Job descriptions submitted for tailoring
-
AI-generated resume outputs, cover letters, and application documents
-
Fit scores and gap analysis reports per job application
-
Company intelligence summaries per application
-
Interview preparation materials per application (Accelerator tier)
-
Application status updates entered by you (Applied, Interview, Offer, Rejected)
3.3 Usage and Technical Data
-
IP address
-
Browser type and version
-
Device type and operating system
-
Pages visited and features used within the Service
-
Session duration and timestamps
-
Error logs
3.4 Payment and Billing Data
We do not store your payment card details. All payment processing is handled by Paddle as our Merchant of Record. Paddle collects and processes your billing information directly under their own privacy policy. We receive only your subscription status, plan tier, and transaction history summary.
4. How We Use Your Personal Data
4.1 Providing the Service
-
Creating and managing your account
-
Processing and storing your master resume
-
Running the AI-powered job application pipeline
-
Generating and delivering downloadable resume and cover letter documents
-
Tracking your application history and status
4.2 AI Processing
Your resume content and submitted job descriptions are transmitted to Anthropic's Claude API for AI processing. This is the core mechanism by which the Service generates tailored resumes, cover letters, and related outputs. Anthropic processes this data as a data processor acting on our instructions under a data processing agreement.
We do not permit Anthropic to use your personal data to train their AI models. This restriction is governed by our API agreement with Anthropic. Your career data is used solely to generate outputs for your own use.
4.3 Payments and Billing
-
Managing your subscription tier and application credit limits
-
Processing top-up purchases
-
Sending billing-related communications
4.4 Communications
-
Transactional emails (account verification, password reset, billing receipts, document delivery)
-
Service notifications (usage limit alerts, feature updates)
-
Responses to your support requests
4.5 Security and Fraud Prevention
-
Monitoring for suspicious account activity
-
Enforcing our Terms of Service
-
Complying with applicable legal obligations
5. Legal Basis for Processing (EU and UK Users)
For users in the EU and UK, we process your data on the following legal bases under GDPR and UK GDPR:
-
Contract performance: Processing necessary to deliver the Service you subscribed to.
-
Legitimate interests: Security, fraud prevention, and service reliability, where not overridden by your rights.
-
Legal obligation: Processing required by applicable laws.
-
Consent: Where relied upon, you may withdraw at any time without affecting prior processing.
6. Third Parties Who Process Your Data
We work with the following data processors:
Anthropic (Claude API): Processes resume and job description content to generate AI outputs. United States. Data processing agreement in place. Your data is not used to train AI models.
Supabase: Stores account data, application history, and resume files. EU users hosted on EU-region infrastructure where available.
Clerk: Manages authentication, sign-up, sign-in, and OAuth integrations. United States. Data processing agreement in place.
Paddle: Processes all payments as Merchant of Record. Handles tax collection and financial compliance globally. United Kingdom. Subject to Paddle's own privacy policy.
Firecrawl: Scrapes job description content from URLs you submit. Processes only publicly available job posting content.
Vercel: Hosts the Service web application and infrastructure. United States.
Resend: Delivers transactional emails including document delivery and account notifications. United States.
We do not sell your personal data to any third party. We do not share your data with advertisers. We do not use your data for any purpose other than delivering the Service to you.
7. International Data Transfers
Your data may be transferred to and processed in countries outside your home country, including the United States and United Kingdom. We ensure appropriate safeguards are in place including:
-
Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EU
-
The UK International Data Transfer Agreement (IDTA) for transfers from the UK
-
Adequacy decisions where applicable
-
For transfers of personal data out of the United Arab Emirates, we apply safeguards consistent with the requirements of the UAE PDPL, including contractual protections with each processor listed in Section 6
8. Data Retention
Active account data: Retained for the full duration of your subscription.
Application history and documents: Retained while your account is active. On cancellation, a 90-day read-only window allows you to download your data, after which it is permanently and irreversibly deleted.
Payment records: Retained for 7 years for financial and tax compliance purposes, managed by Paddle.
Technical logs: Retained for 90 days.
You may request deletion of your account and all associated data at any time by emailing privacy@myprentice.ai. Requests are processed within 30 days.
9. Your Privacy Rights
9.1 EU and UK Users (GDPR / UK GDPR)
-
Right of access: Request a copy of personal data we hold about you.
-
Right to rectification: Request correction of inaccurate or incomplete data.
-
Right to erasure: Request deletion of your personal data ("right to be forgotten").
-
Right to restrict processing: Request that we limit how we use your data.
-
Right to data portability: Request your data in a structured, machine-readable format.
-
Right to object: Object to processing based on legitimate interests.
-
Right to withdraw consent: Where processing is consent-based, withdraw at any time.
-
Right to complain: File a complaint with your local supervisory authority.
9.2 California Users (CCPA/CPRA)
-
Right to know: Request disclosure of personal information categories collected about you.
-
Right to delete: Request deletion of personal information we collected from you.
-
Right to opt out of sale: We do not sell personal information.
-
Right to non-discrimination: We will not discriminate against you for exercising privacy rights.
-
Right to correct: Request correction of inaccurate personal information.
9.3 Canadian Users (PIPEDA)
-
Right to access your personal information held by us.
-
Right to challenge accuracy and completeness and request amendment.
-
Right to withdraw consent, subject to legal or contractual restrictions.
9.4 Australian Users (Privacy Act 1988)
-
Right to access personal information we hold about you.
-
Right to request correction of inaccurate, out-of-date, or incomplete information.
-
Right to complain to the Office of the Australian Information Commissioner (OAIC).
9.5 UAE Users (PDPL)
-
Right to be informed about the processing of your personal data.
-
Right to access, rectify, erase, and restrict processing of your personal data.
-
Right to object to processing and right to data portability.
To exercise any right, contact privacy@myprentice.ai. We verify your identity before processing requests and respond within 30 days.
10. Cookies and Tracking Technologies
Strictly necessary cookies: Required for authentication and core Service functionality. Cannot be disabled.
Analytics cookies: Anonymised usage data to understand how users interact with the Service.
Preference cookies: Remember your settings within the Service.
Non-essential cookies can be managed through our cookie preference settings. Blocking certain cookies may affect Service functionality.
11. Data Security
-
Encrypted data transmission using HTTPS/TLS
-
Encrypted storage of resume content and application data
-
Hashed and salted password storage via Clerk
-
Row-level security controls in Supabase ensuring users can only access their own data
-
Regular security monitoring and audit logging
In the event of a data breach likely to result in risk to your rights and freedoms, we will notify you and relevant regulatory authorities within the timeframes required by applicable law.
12. Children's Privacy
The Service is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware we have collected data from a minor, we will delete it immediately. Contact privacy@myprentice.ai if you believe a minor has registered.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. When we make material changes, we will notify you by email at least 14 days before changes take effect, and update the "Last Updated" date at the top of this document. Continued use of the Service after the effective date constitutes acceptance of the revised policy.
14. Contact and Complaints
Email: privacy@myprentice.ai
Response time: Within 30 days of receipt
If you are unsatisfied with our response, you may contact your local supervisory authority:
-
EU residents: Your local data protection authority. Full list at https://edpb.europa.eu
-
UK residents: Information Commissioner's Office (ICO) at https://ico.org.uk
-
California residents: California Privacy Protection Agency (CPPA) at https://cppa.ca.gov
-
Australian residents: Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au
-
UAE residents: UAE Data Office at https://uaedataoffice.ae
Prentice is operated by [COMPANY NAME], registered in the United Arab Emirates.