JobPath

JobPath

Legal

Privacy Policy

Last updated: April 25, 2026

Short version: we don't sell your data, don't record your interview conversations, and encrypt everything we can. Details below.

Heads up: this English version is provided for convenience. The Russian original at the same path without /en remains the legally authoritative copy.

01

What data we collect

To run the service we need only the minimum:

  • Email and name — at signup and in your profile
  • Resume data you upload or import yourself (from HH.ru, LinkedIn)
  • Service usage history: AI copilot sessions, sent auto-applications, mock-interview results
  • Technical data: IP address, browser/device type, timestamps — for security and stability
  • Payment data — handled by payment providers (YooKassa, Platega); we only store the fact of payment and the last 4 digits of the card
02

How we use the data

Collected data is used strictly for:

  • Running the AI copilot on the call: transcripts are sent to the LLM in the moment and not stored
  • AI resume analysis and generating tailored resumes/cover letters
  • Sending auto-applications on HH.ru on your behalf (via your personal token)
  • Account, billing and product update notifications (you can opt out in settings)
  • Preventing fraud and abuse (e.g. mass free-tier signups)
03

We don't record your conversations

The AI copilot processes interview audio in real time — transcripts are streamed to the LLM in a few-second batches and are not kept on our servers. After the session ends, a text summary is available (if you opted in), but the audio file and full transcript are not.

04

Who we share data with

We do not sell or rent your personal data. Sharing happens only in these cases:

  • Job platforms (HH.ru, LinkedIn) — only on your direct initiative via OAuth
  • Cloud providers (Hetzner, Cloudflare) — for hosting and delivering the service
  • LLM providers (OpenAI, Anthropic) — for the AI copilot, over a secure API channel
  • Law enforcement — only on a lawful request, and with notice to you unless legally prohibited
05

How we protect your data

Security is foundational:

  • TLS 1.3 on every connection, HSTS enabled
  • Encryption at rest at the database and disk level
  • LLM traffic isolated, request bodies not logged
  • Employee access on a need-to-know basis with audit logs
  • Regular security audits and dependency updates
06

Your rights

Under Russian Federal Law 152-FZ and GDPR, you have the right to:

  • Receive a copy of all your data (Export in settings or by request)
  • Correct inaccurate profile data
  • Delete your account and all related data — removed within 30 days
  • Withdraw consent and cancel your subscription
  • Disable marketing emails and push notifications
07

Cookies and analytics

We use necessary cookies for authentication and functional cookies for theme/language memory. Analytics — Yandex Metrica — can be disabled via the consent banner. See the Cookie Policy for details.

08

How long we retain data

Account data is kept for the lifetime of the account plus 90 days after deletion (for fraud prevention and billing obligations). AI copilot session logs — 30 days. Financial transaction records — 3 years (Russian tax-code requirement for legal entities).

09

Policy changes

We will notify you by email at least 30 days before any substantial change. Minor edits (typos, wording) are published immediately, with the 'Last updated' date refreshed at the top of the page.

10

Privacy contact

Data deletion requests, complaints and clarifications — support@jobpath.world. DPO and legal questions — hello@jobpath.world. We respond within 72 hours.

We use cookies

We use cookies to improve your experience and personalize content. Learn more