Privacy Policy

BioCareerAI LLC ("BioCareerAI," "we," "us," or "our") is a limited liability company incorporated in the United States, operating an AI-powered career intelligence and hiring platform for the life sciences, biotech, and pharmaceutical industries.

Platform: www.biocareerai.com · Contact: hello@biocareerai.com · Location: Boston / Cambridge, MA, USA

When you create an account, we record your acceptance of these terms including the timestamp, version, and your IP address at the time of acceptance. This audit trail is maintained for compliance purposes and is not shared with third parties.

By creating an account, you represent that you are at least 18 years of age (or the minimum age required by applicable law in your jurisdiction).

We collect the following categories of information:

• ·Account data: Full name, email address, and password (hashed — never stored in plain text).
• ·Professional profile data: Resume/CV content, work history, education, skills, publications, and career genome derived from your uploaded documents.
• ·Usage data: Pages visited, features used, job applications submitted, match scores viewed, and session metadata.
• ·Communication data: Messages sent through our internal messaging system and AI consultation queries. These are stored securely and accessible primarily to you, with limited access by authorized personnel as necessary to operate, secure, and maintain the service.
• ·Payment data: Subscription and billing information processed through Stripe. We do not store full card numbers.
• ·Technical data: IP address, browser type, operating system, and referral source for security and analytics.
• ·Cookies: We use cookies and similar technologies for session management and analytics. Session cookies are HttpOnly and expire automatically.
• ·Mobile device data: When you use our iOS or Android app, we collect a device push notification token (only if you grant permission) to send job alerts and messages to your device. We do not collect your device's permanent hardware identifiers.

We use your data solely to operate and improve BioCareerAI:

• ·To create and maintain your account and professional profile.
• ·To generate AI-powered job match scores and career genome analysis.
• ·To surface relevant opportunities from our live life sciences registry.
• ·To provide enterprise hiring teams with candidate fit scoring only when you apply to their roles.
• ·To deliver industry news ranked by relevance to your career profile.
• ·To process subscription payments and manage your account tier.
• ·To improve our platform using aggregated or de-identified data where feasible and permitted.

We do not use your data for advertising. We do not sell your data. We do not share your personal information with third parties except as described in Section 5 or as required by law.

We share data only with service providers necessary to operate the platform. We use these providers under contractual and technical safeguards designed to protect personal data. We do not share data with advertising networks, social media platforms, data brokers, or any third party for commercial purposes.

We may update or replace service providers from time to time to support platform operations. Primary storage is in the United States. Certain providers may process data in other jurisdictions as necessary to deliver their services.

• ·Active accounts: Data retained for the duration of your account.
• ·After account deletion: Active personal data removed within 30 days. Confirmation provided upon request.
• ·Encrypted backups: Retained for up to 90 days on a rolling schedule, then permanently deleted. Backup systems are not actively processed during the retention period.
• ·Anonymized data: Aggregated, de-identified data may be retained for platform improvement.
• ·Right to erasure: Email hello@biocareerai.com with subject "Data Deletion Request." We begin processing within 5 business days.
• ·Data export: Request a copy of your personal data in JSON format at any time.

• ·Platform messages: Messages are stored securely and accessible only to you, except as required to operate and maintain the service.
• ·Resume genome analysis: Your CV is processed to extract skills, career stage, and domain expertise. Stored in your profile and used solely for matching and career intelligence.
• ·Match scores: Your fit scores are visible only to you unless you explicitly apply to a role.
• ·AI training: We do not use identifiable individual profiles to train AI models. Platform improvement uses aggregated or de-identified data where feasible and permitted.
• ·Data integrity: Our AI systems distinguish between information explicitly stated in your documents and analytical signals derived from them.

• ·All data transmitted over TLS 1.2+ encrypted connections (HTTPS enforced everywhere).
• ·Passwords hashed using bcrypt. Plain-text passwords are never stored or logged.
• ·Session tokens are cryptographically random HttpOnly cookies with automatic expiry.
• ·Database (AWS RDS) encrypted at rest with AWS KMS and hosted in a private VPC — no public endpoints.
• ·AWS CloudTrail audit logging enabled with KMS encryption and log file validation.
• ·Sensitive credentials encrypted before storage using symmetric encryption.
• ·In the event of a data breach, we will notify affected users without undue delay and in accordance with applicable legal requirements.
• ·Periodic security reviews and vulnerability remediation conducted. We follow industry-standard security practices appropriate for our platform stage. Security measures are continuously reviewed and updated.

You have the following rights regarding your personal data:

• ·Access: Request a copy of all personal data we hold.
• ·Rectification: Correct inaccurate or incomplete data.
• ·Erasure: Request deletion of your personal data.
• ·Portability: Receive your data in JSON format.
• ·Objection: Object to processing for certain purposes.
• ·Restriction: Request limited processing in certain circumstances.

To exercise any right: hello@biocareerai.com. We respond as soon as reasonably practicable and in accordance with applicable law, typically within 30 days.

If you are a California resident, the CCPA and CPRA grant you the following additional rights:

• ·Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties.
• ·Right to Delete: Request deletion of personal information we have collected, subject to legal exceptions.
• ·Right to Correct: Request correction of inaccurate personal information.
• ·Right to Opt-Out of Sale or Sharing: Because we do not sell or share personal information as defined by CCPA/CPRA, we do not currently provide a sale or sharing opt-out mechanism. We will update this section if our practices change.
• ·Right to Limit Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide the platform services.
• ·Non-Discrimination: We will not discriminate against you for exercising any CCPA/CPRA rights.

We honor Global Privacy Control (GPC) signals as an opt-out of data sale or sharing, although we do not currently sell or share personal information as defined by CCPA/CPRA.

To submit a California rights request: hello@biocareerai.com — subject: "CCPA Rights Request". We respond within 45 days.

We may ask you to verify your identity before fulfilling your request. You may also submit a request through an authorized agent with written permission. We will not discriminate against you for exercising your rights.

For users in the European Economic Area (EEA) and United Kingdom, we rely on the following legal bases under GDPR Article 6:

• ·Contract (Art. 6(1)(b)): Account management, job matching, genome analysis, and payment processing — necessary to perform the services you signed up for.
• ·Legitimate Interests (Art. 6(1)(f)): Platform security, fraud prevention, and service improvement using aggregated or de-identified data.
• ·Legal Obligation (Art. 6(1)(c)): Compliance with applicable law and lawful requests from authorities.

Primary storage occurs in the United States. You have the right to lodge a complaint with your local data protection supervisory authority.

When you use the BioCareerAI iOS or Android app, we collect additional information to operate and improve the mobile experience:

• ·Push notification token: A device-specific token generated by Apple (APNs) or Google (FCM) and stored on our servers only if you grant notification permission. Used solely to deliver job alerts, message notifications, and platform updates. You can revoke permission at any time in your device settings.
• ·In-app usage events: We record interactions within the mobile app such as screens viewed, jobs tapped or saved, news articles read, and features used. This data is linked to your account and used to personalize your job matches, news feed, and career recommendations — similar to how we use usage data on the web platform.
• ·Session data: App open and close events and session duration, used to understand platform engagement and improve performance.

We do not collect your precise GPS location, contacts, photos, or any data unrelated to your use of the BioCareerAI platform. Mobile usage data is subject to the same data retention, security, and sharing practices described in this policy. You may request deletion of your mobile usage data by contacting hello@biocareerai.com.

BioCareerAI is currently in Beta. This means:

• ·Features, pricing, and terms may change with reasonable notice to registered users.
• ·You may encounter bugs. Report issues to hello@biocareerai.com.
• ·Beta participants agree to provide good-faith feedback to help improve the platform.
• ·All data protection obligations described in this policy apply in full during beta.

This Privacy Policy is governed by the laws of the Commonwealth of Massachusetts, United States, without regard to conflict of law principles. Any disputes shall be subject to the exclusive jurisdiction of state and federal courts in Suffolk County, Massachusetts.

We may update this Privacy Policy from time to time. We will make reasonable efforts to provide advance notice of material changes where required by applicable law. Continued use after notification constitutes acceptance. The current version is always at www.biocareerai.com/privacy.

Enterprise customers processing personal data through BioCareerAI's platform may request execution of our Data Processing Agreement (DPA) to satisfy GDPR Article 28 and similar requirements under applicable data protection laws.

• ·DPA available at: www.biocareerai.com/dpa
• ·To execute a DPA: hello@biocareerai.com — subject: "DPA Execution Request"
• ·EU Standard Contractual Clauses (SCCs) available upon request for EEA transfers