Privacy Policy & Non-Disclosure Agreement

BioCareerAI LLC ("BioCareerAI," "we," "us," or "our") is a limited liability company incorporated in the United States, operating an AI-powered career intelligence and hiring platform for the life sciences, biotech, and pharmaceutical industries.

Platform: www.biocareerai.com · Contact: hello@biocareerai.com · Location: Boston / Cambridge, MA, USA

We collect the following categories of information:

• ·Account data: Full name, email address, and password (hashed — never stored in plain text).
• ·Professional profile data: Resume/CV content, work history, education, skills, publications, and career genome derived from your uploaded documents.
• ·Usage data: Pages visited, features used, job applications submitted, match scores viewed, and session metadata.
• ·Communication data: Messages sent through our internal messaging system and AI consultation queries (which are strictly private to you — see Section 7).
• ·Payment data: Subscription and billing information processed through Stripe. We do not store full card numbers.
• ·Technical data: IP address, browser type, operating system, and referral source for security and analytics.

We use your data solely to operate and improve BioCareerAI:

• ·To create and maintain your account and professional profile.
• ·To generate AI-powered job match scores and career genome analysis.
• ·To surface relevant opportunities from our live life sciences registry.
• ·To provide enterprise hiring teams with candidate fit scoring only when you apply to their roles.
• ·To deliver industry news ranked by relevance to your career profile.
• ·To process subscription payments and manage your account tier.
• ·To improve our AI models using aggregated, de-identified data only.

We do not use your data for advertising. We do not sell your data. We do not share your personal information with third parties except as described in Section 5.

We share data only with trusted service providers necessary to operate the platform:

• ·Amazon Web Services (AWS): Cloud infrastructure and database hosting. Data stored in US-East-2 (Ohio). Encrypted at rest and in transit.
• ·Stripe: Payment processing. PCI-DSS Level 1 compliant. Subject to Stripe's Privacy Policy.
• ·OpenAI / Anthropic: AI processing for resume analysis and matching. Data transmitted over encrypted connections under enterprise data protection agreements.
• ·Resend: Transactional email delivery (account confirmations, notifications).
• ·Vercel: Frontend hosting and global content delivery.

We do not share data with advertising networks, social media platforms, data brokers, or any third party for commercial purposes.

• ·Active accounts: Data retained for the duration of your account.
• ·After deletion: Personal data purged within 30 days. Anonymized aggregated data may be retained for research.
• ·Backups: Encrypted backups retained for up to 90 days then permanently deleted.
• ·Right to erasure: Email hello@biocareerai.com with subject "Data Deletion Request." We confirm deletion within 14 business days.
• ·Data export: You may request a copy of all your personal data in JSON format at any time.

• ·Private AI consultations: Messages sent to our AI assistant within conversations are never transmitted to the other participant. They exist only in your session context.
• ·Resume genome analysis: Your CV is processed to extract skills, career stage, and domain expertise. This is stored in your profile and used solely for matching.
• ·Match scores: Your fit scores are visible only to you unless you explicitly apply to a role.
• ·AI training: Individual profiles are never used to train AI models without explicit opt-in consent. Only anonymized, aggregated patterns are used to improve matching accuracy.
• ·Data integrity: Our AI systems distinguish between information explicitly stated in your documents and analytical signals derived from them. Your verified credentials (degree, employer, dates) are always preserved accurately.

• ·All data transmitted over TLS 1.2+ encrypted connections (HTTPS enforced everywhere).
• ·Passwords hashed using bcrypt. Plain-text passwords are never stored or logged.
• ·Session tokens are cryptographically random HttpOnly cookies with automatic expiry.
• ·Database restricted to application servers within a private AWS VPC. No public endpoints.
• ·Regular security reviews and vulnerability assessments conducted.
• ·In the event of a breach affecting your data, we will notify you within 72 hours.

You have the following rights regarding your personal data:

• ·Access: Request a copy of all personal data we hold.
• ·Rectification: Correct inaccurate or incomplete data.
• ·Erasure: Request deletion ("right to be forgotten").
• ·Portability: Receive your data in JSON/CSV format.
• ·Objection: Object to processing for certain purposes.
• ·Restriction: Request limited processing in certain circumstances.

To exercise any right: hello@biocareerai.com. We respond within 30 days.

BioCareerAI is currently in Beta. This means:

• ·Features, pricing, and terms may change with reasonable notice to registered users.
• ·You may encounter bugs. Report issues to hello@biocareerai.com.
• ·Beta participants agree to provide good-faith feedback to help improve the platform.
• ·All confidentiality and data protection obligations apply in full during beta.

This Privacy Policy and NDA are governed by the laws of the Commonwealth of Massachusetts, United States, without regard to conflict of law principles. Any disputes shall be subject to the exclusive jurisdiction of state and federal courts in Suffolk County, Massachusetts.

Material changes will be communicated via email at least 14 days before taking effect. Continued use after the effective date constitutes acceptance. The current version is always at www.biocareerai.com/privacy.