Introduction

Welcome to Carvo AI ("Carvo," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered career copilot platform.

This Privacy Policy applies to our website at carvo.ai, our mobile applications, and all related services, features, and content (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with our policies and practices, please do not use our Services. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

Our Privacy Commitment

At Carvo, we believe privacy is a fundamental right. We design our systems with privacy in mind and are committed to transparency about our data practices.

Information We Collect

We collect information in several ways to provide and improve our Services. The types of information we collect include:

2.1 Information You Provide Directly

  • Account Information: Name, email address, password, and profile photo when you create an account
  • Career Documents: Resumes, CVs, cover letters, and other professional documents you upload
  • Professional Information: Work history, education, skills, certifications, and career goals
  • Communication Data: Messages, feedback, and correspondence with our support team
  • Payment Information: Billing address and payment method details (processed securely by our payment providers)
  • Interview Responses: Answers and recordings from mock interview sessions

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type, and unique device identifiers
  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns
  • Log Data: IP address, access times, referring URLs, and error logs
  • Location Data: General geographic location based on IP address (not precise GPS location)
  • Cookies & Similar Technologies: Information collected through cookies, pixels, and local storage

2.3 Information from Third Parties

  • Social Login Providers: Information from Google, LinkedIn, or other providers when you use social sign-in
  • Job Platforms: Job listing data from integrated career platforms and job boards
  • Analytics Providers: Aggregated usage data from analytics services
  • Public Sources: Publicly available professional information for service enhancement
Sensitive Information Notice

We do not intentionally collect sensitive personal information such as health data, political opinions, religious beliefs, or genetic information. Please do not include such information in your career documents unless necessary for your job search.

How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Services

  • Delivering our AI-powered resume optimization and career tools
  • Generating personalized career recommendations and job matches
  • Providing mock interview simulations and feedback
  • Improving and developing new features based on usage patterns
  • Fixing bugs and resolving technical issues

3.2 Personalization

  • Tailoring job recommendations to your skills and preferences
  • Customizing AI-generated content to your career goals
  • Remembering your preferences and settings
  • Providing relevant tips and suggestions

3.3 Communication

  • Sending service-related notifications and updates
  • Responding to your inquiries and support requests
  • Sending marketing communications (with your consent)
  • Notifying you about changes to our policies or Services

3.4 Security and Legal Compliance

  • Protecting against fraud, abuse, and security threats
  • Enforcing our Terms of Service and other policies
  • Complying with legal obligations and law enforcement requests
  • Protecting our rights and the rights of our users

3.5 Analytics and Research

  • Analyzing usage patterns to improve user experience
  • Conducting research on career trends and job market insights
  • Creating aggregated, anonymized data for industry reports
  • Training and improving our AI models with anonymized data

Data Sharing & Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who help us operate our business:

  • Cloud Infrastructure: Hosting and data storage providers
  • AI Services: OpenAI and other AI technology providers for content generation
  • Payment Processors: Secure payment handling services
  • Analytics: Usage analytics and performance monitoring tools
  • Customer Support: Help desk and communication platforms

4.2 Business Transfers

If Carvo is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoenas, court orders, etc.)
  • Government requests from law enforcement agencies
  • Protection of our legal rights or defense against legal claims
  • Investigation of potential violations of our Terms of Service

4.4 With Your Consent

We may share your information for other purposes with your explicit consent, such as when you choose to share your resume with potential employers through our platform.

No Data Sales

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Your data is never used for purposes unrelated to providing our Services.

AI Data Processing

Carvo uses artificial intelligence technologies to power our career assistance features. Here's how your data is processed by AI systems:

5.1 How AI Processes Your Data

  • Your resume and career documents are analyzed to provide optimization suggestions
  • Professional information is used to generate personalized recommendations
  • Interview responses are processed to provide feedback and improvement tips
  • Input prompts are sent to AI models to generate tailored content

5.2 Third-Party AI Providers

We use OpenAI's API services to power some of our AI features. When you use these features:

  • Your inputs are sent to OpenAI for processing
  • OpenAI's data usage policies apply to this processing
  • We request that OpenAI does not use your data for model training
  • Processed outputs are returned to you through our platform

5.3 AI Training

Regarding the use of your data for AI training:

  • We may use anonymized and aggregated data to improve our proprietary AI models
  • Individual personal data is not used to train AI models without consent
  • You can opt out of contributing to anonymized datasets in your account settings

5.4 AI Limitations

AI-generated content may contain errors or inaccuracies. You should always review AI outputs before using them in professional contexts. We do not guarantee the accuracy or appropriateness of AI-generated suggestions.

AI Processing Notice

When you use AI features, your data is processed by third-party AI services. While we take measures to protect your privacy, you should be aware that AI processing involves sending your data to external systems.

Data Security

We take the security of your personal information seriously and implement industry-standard measures to protect it:

6.1 Technical Safeguards

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Secure Infrastructure: We use enterprise-grade cloud providers with SOC 2 compliance
  • Access Controls: Role-based access limits data access to authorized personnel only
  • Authentication: Multi-factor authentication is available and recommended
  • Monitoring: 24/7 security monitoring and intrusion detection systems

6.2 Organizational Measures

  • Regular security training for all employees
  • Background checks for personnel with data access
  • Strict data handling and confidentiality policies
  • Periodic security audits and penetration testing
  • Incident response procedures and breach notification protocols

6.3 Your Security Responsibilities

While we work to protect your data, you also play an important role:

  • Use a strong, unique password for your Carvo account
  • Enable two-factor authentication when available
  • Keep your login credentials confidential
  • Log out from shared or public devices
  • Report any suspicious activity to our security team
Security Incident Response

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law within 72 hours of discovery.

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected:

7.1 Retention Periods

Data TypeRetention Period
Account InformationDuration of account + 30 days after deletion
Career DocumentsDuration of account + 30 days after deletion
Usage Data24 months from collection
Support Communications3 years from last interaction
Payment Records7 years (legal requirement)
Anonymized AnalyticsIndefinitely

7.2 Account Deletion

When you delete your account:

  • Your personal data is marked for deletion within 30 days
  • Backup copies are purged within 90 days
  • Anonymized data may be retained for analytics purposes
  • Some data may be retained as required by law

7.3 Data Export

You can export your data at any time through your account settings or by contacting our support team. We provide data in standard, machine-readable formats.

Your Rights & Choices

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

  • Request a copy of the personal data we hold about you
  • Receive your data in a portable, machine-readable format
  • Obtain information about how your data is processed

8.2 Correction and Deletion

  • Update or correct inaccurate personal information
  • Request deletion of your personal data ("right to be forgotten")
  • Delete your account and associated data

8.3 Restriction and Objection

  • Restrict processing of your data in certain circumstances
  • Object to processing based on legitimate interests
  • Opt out of automated decision-making and profiling

8.4 Marketing Preferences

  • Opt out of marketing emails using the unsubscribe link
  • Manage notification preferences in your account settings
  • Disable non-essential cookies through our cookie settings

8.5 How to Exercise Your Rights

To exercise any of these rights, you can:

We will respond to valid requests within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

California Residents (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected, request deletion, and opt out of the sale of personal information (which we do not do).

Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience on our platform:

9.1 Types of Cookies We Use

  • Essential Cookies: Required for basic site functionality, authentication, and security
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how users interact with our Services
  • Marketing Cookies: Used to deliver relevant advertisements (with consent)

9.2 Managing Cookies

You can control cookies through:

  • Our cookie consent banner when you first visit
  • Cookie settings in your account preferences
  • Your browser's cookie settings and privacy controls
  • Third-party opt-out tools for advertising networks

9.3 Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. Currently, there is no industry standard for responding to DNT signals. We do not currently respond to DNT signals but respect other privacy controls you may have enabled.

9.4 Third-Party Analytics

We use third-party analytics services (such as Google Analytics) to understand usage patterns. These services may use cookies and similar technologies. You can opt out of Google Analytics using their browser add-on.

Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@carvo.ai. We will take steps to delete such information from our systems.

If we discover that we have inadvertently collected information from a child under 18, we will promptly delete it and terminate any associated account.

International Data Transfers

Carvo is based in the United States. If you access our Services from outside the US, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

11.1 Transfer Safeguards

When we transfer data internationally, we use appropriate safeguards to protect your information:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with all service providers
  • Privacy Shield certifications where applicable
  • Encryption and security measures during transfer

11.2 European Users (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland:

  • Your data is protected under the General Data Protection Regulation (GDPR)
  • You have specific rights as outlined in Section 8
  • The legal basis for processing includes consent, contract performance, and legitimate interests
  • You may lodge a complaint with your local data protection authority
Global Privacy Standards

We strive to apply consistent privacy protections to all users, regardless of location. Where local laws provide additional rights, we respect and honor those rights.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

12.1 Notification of Changes

When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you by email for material changes (to the address associated with your account)
  • Display a prominent notice on our website or within the application
  • For significant changes, provide at least 30 days' notice before the changes take effect

12.2 Your Acceptance

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using our Services and may delete your account.

12.3 Previous Versions

We maintain an archive of previous versions of this Privacy Policy. If you would like to review a prior version, please contact our support team.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13.1 Privacy Inquiries

13.2 Data Protection Officer

For data protection matters, you can reach our Data Protection Officer at:

13.3 General Contact

  • Support Email: support@carvo.ai
  • Mailing Address:
    Carvo AI, Inc.
    Privacy Department
    123 Innovation Drive, Suite 400
    San Francisco, CA 94107
    United States

13.4 Response Times

  • Privacy Requests: Within 30 days (or as required by law)
  • General Inquiries: Within 5 business days
  • Urgent Security Matters: Within 24 hours