Privacy Policy

The data controller that determines the purposes and means of processing your personal data in JobPath is the legal entity below. For data-processing questions and to exercise your rights, use the contacts listed.

• Legal name: Digital Force Technologies L.L.C - S.P.C
• Trade licence number: CN-1660456 (Abu Dhabi Department of Economic Development, UAE)
• Registered address: Mussafah Industrial Area, Plot 13, M-44, Abu Dhabi, United Arab Emirates
• Privacy contact: support@jobpath.world; DPO and legal matters — hello@jobpath.world

To run the service we need only the minimum:

• Email and name — at signup and in your profile
• Resume data you upload or import yourself (from HH.ru)
• Service usage history: AI copilot sessions, sent auto-applications, mock-interview results
• Technical data: IP address, browser/device type, timestamps — for security and stability
• Payment data — handled by payment providers (Platega, Heleket); card details never reach us, we only store the fact and amount of payment

Collected data is used strictly for:

• Running the AI copilot on the call: transcripts are sent to the LLM in the moment and not stored
• AI resume analysis and generating tailored resumes/cover letters
• Sending auto-applications on HH.ru on your behalf (via your personal token)
• Account, billing and product update notifications (you can opt out of product-update emails on request)
• Preventing fraud and abuse (e.g. mass free-tier signups)

The AI copilot processes interview audio in real time — transcripts are streamed to the LLM in a few-second batches and are not kept on our servers. After the session ends, a text summary is available (if you opted in), but the audio file and full transcript are not.

We do not sell or rent your personal data. Sharing happens only in these cases:

• Job platforms (HH.ru) — only on your direct initiative via OAuth
• Cloud providers (Hetzner, Gcore) — for hosting and delivering the service
• LLM providers (OpenAI, Anthropic, xAI) — for the AI copilot, over a secure API channel
• Law enforcement — only on a lawful request, and with notice to you unless legally prohibited

Security is foundational:

• TLS 1.3 on every connection, HSTS enabled
• Application-level encryption of sensitive data (integration access tokens, keys)
• LLM traffic isolated, request bodies not logged
• Employee access on a need-to-know basis with audit logs
• Regular security audits and dependency updates

Under Russian Federal Law 152-FZ and GDPR, you have the right to:

• Receive a copy of all your data (Export in settings or by request)
• Correct inaccurate profile data
• Delete your account — on request we deactivate it and remove related data within 90 days (except records we must keep by law — see "How long we retain data")
• Withdraw consent and cancel your subscription
• Opt out of marketing communications

We use necessary cookies for authentication and functional cookies for theme/language memory. Analytics — Yandex Metrica — can be disabled via the consent banner. See the Cookie Policy for details.

Account data is kept for the lifetime of the account plus up to 90 days after deletion (for fraud prevention and billing obligations). AI copilot session logs and summaries — for the lifetime of your account. Financial transaction records — at least 3 years (Russian tax-code requirement for legal entities).

We will notify you by email at least 30 days before any substantial change. Minor edits (typos, wording) are published immediately, with the 'Last updated' date refreshed at the top of the page.

Data deletion requests, complaints and clarifications — support@jobpath.world. DPO and legal questions — hello@jobpath.world. We respond within 72 hours.