Privacy Policy
Version 2.1 — Effective 14 July 2026
Profiled is currently in beta. Material changes to this policy will be communicated by email. See §17 for the version history.
1. Introduction
Profiled (“we,” “us,” “our”) is operated by Profiled Careers Pty Ltd (ABN 89 698 676 309), a company registered in New South Wales, Australia. This policy explains how we collect, use, store, share, and protect personal information when you use profiled.careers or any related service (the “Service”). Profiled is currently in closed beta, offered by invitation to residents of Australia. We have written this policy to a global standard — the protections below apply to everyone who uses Profiled — but until public launch the Service is not directed to users outside Australia. We are committed to transparency: Profiled is built on the principle that candidates should own their professional narrative, and that includes how their data is handled.
2. Information we collect
2.1 From account holders. Account details (name, email, authentication via our sign-in provider); profile content you add (experience, skills, education, portfolio, FAQ responses, values, gaps and weaknesses, AI instructions); private context you mark as private (for example, why you left a role or an honest self-assessment) — used to inform the AI, never displayed to visitors; voice recordings and transcriptsif you use voice features (see §6); communications with us, including support conversations; and your subscription selection. Payment card details are collected by Stripe on Stripe-hosted pages and never touch our servers.
2.2 Documents you upload. Résumés are parsed in memory to build your profile and the file is then discarded — we do not store your résumé file. Only a technical fingerprint and filename are kept in our security log.
2.3 Collected automatically. Device and connection data (IP address, browser, operating system), usage data (pages, features, timestamps, referrers), and the items described in §10 (Cookies).
2.4 From visitors and other non-account holders. If you chat with a candidate’s profile or request a fit assessment without an account, we process the messages and job descriptions you submit, plus a one-way hashed fingerprint derived from your IP address for abuse prevention — we do not store your raw IP against your messages. These records are purged on the schedule in §8. If you join our newsletter or recruiter waitlist, we hold the email and name you give us until you ask us to remove them (unsubscribe links, or support@profiledcareers.com). If a referrer invites you by email, we hold the invitation email address for the life of the invitation.
2.5 From third parties. If you sign in with a social provider (Google or GitHub) we receive your name, email, and profile photo. We never receive your social password.
2.6 Feedback and surveys.If you complete a satisfaction survey, or send us a suggestion or feature request, we collect your responses — the ratings you give, the features you tell us you use or would like help with, any free-text comments, and a snapshot of your plan tier at the time — so we can understand how the Service is working for you and improve it. Survey responses are used in aggregate and to follow up on specific feedback; they are never shown on your public profile.
2.7 Testimonials.If you choose to submit a testimonial, we collect the testimonial text, the display name and profession or business name you provide, an optional link, and an optional photo or logo you upload. We record your explicit consent to publish it. Testimonials are reviewed before publication; approved testimonials are displayed publicly, and you can withdraw a testimonial at any time (see §3 and §8).
3. How we use information
To provide the Service (hosting your profile, powering AI conversations, fit assessments, voice features, and support); to operate subscriptions and, when live, the referral program; to improve the Service through first-party analytics; to communicate (transactional email always; marketing only with consent, with working unsubscribe on every message); to prevent abuse and enforce our Terms; and to meet legal obligations. Recruiters on paid tiers can view, assess, and contact you strictly according to your visibility settings; their obligations — including deletion duties when you erase your profile — are in §11 of our Terms of Service.
Testimonials. Testimonials you submit and consent to publish are displayed publicly on profiled.careers and on our marketing website at profiledcareers.com, and may be quoted in our marketing materials. We display only the name, profession or business name, testimonial text, optional link, and optional image you provided for that purpose — never your private profile content. You can withdraw a published testimonial at any time from your dashboard; we remove it from our own surfaces promptly, and it clears from any cached copy on our marketing website within 24 hours.
4. Legal bases (EEA/UK users)
Where the GDPR or UK GDPR applies, we process personal data on the bases of consent (withdrawable at any time), performance of a contract, legitimate interests (service improvement, security, abuse prevention — balanced against your rights), and legal obligation.
5. AI data practices
Profiled is an AI-native platform. Anthropic (Claude)powers all text AI: profile conversations, fit assessments, résumé extraction, and our support assistant. OpenAIpowers voice sessions (§6) and the text embeddings behind search. When a visitor interacts with your profile, your public content and private context are sent to the AI provider as grounding for the response.
No model training. Our providers process your data under data processing agreements or equivalent contractual terms that prohibit using it to train their models, and we have disabled every optional data-sharing setting on our provider accounts.
Private context.The AI is instructed to synthesise private context rather than quote it, and it is never displayed to visitors. AI systems can behave unexpectedly, and we cannot guarantee with absolute certainty that fragments of private context never appear in AI output — we explain how we minimise this risk in our AI Disclosure Statement, and you control how much private context you share.
Accuracy.AI output can contain mistakes. Fit assessments and profile answers are honest by design — including honestly negative — but they are informational, not guarantees.
6. Voice data
Voice features are optional; everything on Profiled can be done by text. When you use voice, your audio streams directly from your browser to our voice provider over an encrypted connection — it is never routed through or stored on Profiled’s servers. Your speech is transcribed during the session and the transcript is saved to your account. We do not create voiceprints, we do not use your voice to identify you, and we do not use AI to infer emotions from your voice. Transcripts are retained for 12 months unless you delete them sooner — you can delete any transcript, or all of them, at Dashboard → Settings → Data. Voice session records (dates and minutes used) are retained as billing records. If our backup voice infrastructure is engaged, audio is relayed in real time through LiveKit and processed for transcription and speech synthesis by Deepgram and Cartesia — in-flight only, never stored. See the Sub-processors page for all voice providers.
7. Sub-processors
We share personal information with a small set of service providers under data processing agreements or equivalent contractual terms that limit their use of your data to serving us — never their own marketing, advertising, or model training. The authoritative list — every provider, what they process, and where — is maintained at our dedicated Sub-processors page. We do not sell personal information to anyone.
8. Data retention
Account and profile data: until you delete items or your account. Visitor chat records: message content and visitor identifiers are purged 12 months after the session (records are kept in de-identified form for counts). Fit assessments:the submitted job description is purged 12 months after the assessment; the verdict is retained for the candidate’s analytics until account deletion. Voice transcripts:12 months, deletable earlier (§6). Survey and feedback responses: 24 months, then deleted; de-identified aggregate statistics may be kept. Testimonials:kept while published and until you withdraw them or delete your account, whichever comes first — withdrawal removes the testimonial from our surfaces and clears it from our marketing website’s cache within 24 hours. Billing records: 7 years, as tax law requires. Security audit logs: retained for security and compliance; they cannot be edited, and when you delete your account your identity within them is replaced with an irreversible hash. Data exports: download links expire and export files are deleted after 7 days.
Account deletion. Request deletion at Dashboard → Settings → Data. Requests enter a 14-day grace window during which you can cancel; after it ends, deletion of your personal data is completed within 30 days. Some data may persist in encrypted backups for up to 90 days before being permanently purged. A small set of records survives deletion in de-identified or lawful-basis form: hashed email-suppression entries (so we never email you again), pseudonymised security logs, deletion tombstones proving the erasure happened, and de-identified analytics. Newsletter and waitlist entries are separate from accounts — unsubscribe or ask and we remove them.
9. Your rights
9.1 Self-serve, for everyone: access and portability— export your data (JSON + CSV bundle) at Dashboard → Settings → Data (one export per day; files kept 7 days); correction— edit your profile directly, or email privacy@ for anything you can’t edit; deletion— the account-deletion flow above, plus per-item deletion of voice transcripts and support conversation data; marketing opt-out— one-click unsubscribe on every non-essential email, enforced by a suppression list on every send.
9.2 EEA/UK users (GDPR).The rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), and portability (Art. 20) are fulfilled through the self-serve surfaces above. For restriction of processing (Art. 18) or objection to legitimate-interest processing (Art. 21), email privacy@profiledcareers.com — we handle these individually and will restrict or cease processing unless compelling legitimate grounds apply. Automated decision-making (Art. 22): fit assessments are informational decision support only; Profiled makes no automated decisions with legal or similarly significant effects about you, and our Terms prohibit recruiters from using a fit score as the sole basis for rejecting a candidate. You may lodge a complaint with your data protection authority (ICO for the UK).
9.3 California residents (CCPA/CPRA). You have the rights to know, to delete, to opt out of sale or sharing, and to non-discrimination. Profiled does not sell or share personal information as the CCPA defines those terms.
9.4 Australian residents. You have rights under the Australian Privacy Principles to access and correct your personal information, and to complain to us and then to the OAIC if you believe we have breached the APPs.
We aim to respond to privacy requests within 30 days.
10. Cookies and similar technologies
The only cookies Profiled sets are essential: authentication and session cookies from our sign-in provider, Clerk. We use no advertising cookies and no third-party analytics cookies. Our own analytics use a cookieless, first-party beacon that stores no identifier in your browser and honours Global Privacy Control and Do-Not-Track signals. We record errors through Sentry to keep the Service working (operational telemetry; session replay is off). Your cookie-notice acknowledgement is stored locally on your device and recorded on our servers with a timestamp, IP address, and browser details as evidence of the notice. If we ever introduce optional cookies, we will ask for your consent before setting them.
11. Do Not Sell My Personal Information
Profiled does notsell your personal information to third parties. We do not share your data for cross-context behavioural advertising. This commitment applies regardless of whether you have submitted a “Do Not Sell” request. If our practices change in the future, we will update this section and provide a mechanism to opt out before any such sharing begins.
12. Data security
Encryption in transit (TLS 1.2+) and at rest; row-level security in our database so users can only reach their own data; rate limiting on public and API endpoints; access controls on production systems; append-only security audit logging. No method of transmission or storage is 100% secure; if a breach affects your personal data we will notify you in accordance with applicable law, including the Australian Notifiable Data Breaches scheme.
13. International data transfers
Profiled Careers Pty Ltd is an Australian company, and our infrastructure is hosted in the United States: our database and file storage run in AWS us-east-1 (via Supabase), our application on Vercel (US-East primary, global edge network), and our voice failover worker on Fly.io in Ashburn, Virginia. By using Profiled you understand that your personal information is processed in the United States and in other countries where our providers operate. Transfers are protected through data processing agreements or equivalent contractual terms and, where required by law, standard contractual clauses.
14. Age
Profiled is for professionals. You must be at least 18 to use the Service; we do not knowingly collect personal information from anyone under 18, and account creation requires an explicit 18-or-older attestation. If you believe someone under 18 has provided us personal information, contact us and we will delete it.
15. Changes to this policy
We may update this policy as Profiled evolves. Material changes are notified by email, and where our Terms of Service require it, you will be asked to review and accept before the change applies to you. The current version and effective date always appear at the top of this page.
16. Contact
Email: privacy@profiledcareers.com · Privacy Contact:Martin Aranovitch, Profiled Careers Pty Ltd · Postal: PO Box 80, Blackheath NSW 2785, Australia.
17. Changelog
- v2.1 — 14 July 2026: Added disclosure of our community features. Satisfaction surveys and feedback (§2.6) are collected to improve the Service and retained for 24 months (§8). Testimonials (§2.7) are collected only with your explicit consent and, once approved, are displayed publicly on profiled.careers and on our marketing website at profiledcareers.com; they can be withdrawn at any time and clear from the marketing website’s cache within 24 hours (§3, §8). No changes to any existing data-collection, retention, or sharing practice.
- v2.0 — 11 July 2026: Complete revision to match the platform as built. Added: voice data section (browser-direct architecture; no voiceprints; no emotion inference; 12-month user-deletable transcripts), visitor and non-account-holder section, named hosting regions, and a link to the new AI Disclosure Statement. Corrected: AI provider roles (Anthropic — text; OpenAI — voice and embeddings), retention schedule (visitor chat and fit-assessment inputs now purge at 12 months; audit logs described accurately as append-only), cookies section (essential cookies only; cookieless analytics), and minimum age (18, previously 16). Rights section rewritten to describe the self-serve mechanisms that actually exist. Section numbering revised.
- v1.2 — 11 July 2026: Corrected the named operating entity. Profiled is operated by Profiled Careers Pty Ltd (ACN 698 676 309), registered in New South Wales, Australia. Earlier versions named “Imaginapps Pty Ltd”, a pre-incorporation placeholder; no company of that name was ever incorporated. Contact details updated to PO Box 80, Blackheath NSW 2785. No changes to data collection, retention, or sharing practices.
- v1.1 — 20 May 2026: Sub-processor list extracted to a dedicated page at /sub-processors (now the authoritative reference); LiveKit + Fly.io added to the list (previously implicit via voice infrastructure description). §8.2 EEA/UK rights expanded with explicit GDPR Article 15-22 citations and direct links to the dashboard self-service surfaces. §8.1 updated with direct links to the deletion + export flow. No changes to data collection, retention, or sharing practices.
- v1.0 — 16 April 2026: Initial publication.