Privacy Policy

Last updated: March 2026

1. Introduction

Welcome to JobTactics. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. JobTactics is a service operated by Phenomain LLC, a company registered in the State of Delaware (United States). By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following categories of information:

Account Data — your name, email address, and authentication credentials when you create an account.
Profile Data — professional information you provide, including work experience, education, skills, and career preferences.
Usage Data — information about how you interact with our platform, including pages visited, features used, and session duration.
Documents — resumes, cover letters, and other career documents you upload or generate using our tools.
Payment Data — billing information processed through our third-party payment provider. We do not store full payment card details.

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our services, including AI-powered resume optimization and career tools.
Process transactions and manage your credit balance.
Communicate with you about your account, service updates, and relevant product features.
Analyze usage patterns to improve platform performance and user experience.
Ensure platform security and prevent fraud or abuse.
Comply with legal obligations.

4. Data Storage and Security

Your data is hosted on a Tier-1 cloud provider in the United States (Boston region), operating under the EU-US Data Privacy Framework for cross-border transfers and aligned with the most demanding international standards (GDPR, LGPD, PIPEDA, CCPA). We implement industry-standard security measures to protect your personal information, including:

Encryption at rest and in transit (TLS 1.3).
Regular security audits and vulnerability assessments.
Access controls limiting employee access to personal data on a need-to-know basis.
Automated backups with encryption.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your data only in the following circumstances:

AI Providers — we send anonymized or pseudonymized content to AI language model providers to power our resume and career tools. No personally identifiable information is shared beyond what is necessary for the service.
Payment Processors — billing data is shared with our payment provider to process transactions securely.
Legal Requirements — we may disclose information if required by law, regulation, or legal process.

6. Your Rights (GDPR)

As a user based in the European Economic Area, or as any user of our platform, you have the following rights:

Right to Access — request a copy of all personal data we hold about you.
Right to Rectification — request correction of inaccurate or incomplete data.
Right to Erasure — request deletion of your personal data and account.
Right to Portability — receive your data in a structured, machine-readable format.
Right to Restriction — request that we limit the processing of your data.
Right to Object — object to specific types of data processing.

To exercise any of these rights, visit your account settings or contact us at privacy@jobtactics.io.

7. Cookies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how our platform is used. For detailed information about the cookies we use, please refer to our Cookie Policy.

8. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., transaction records for tax purposes). Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytics purposes.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

10. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at:

privacy@jobtactics.io

Cookie Policy

1. What Are Cookies

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work efficiently, provide a better user experience, and supply information to the site owners. Cookies can be "persistent" (remaining on your device until deleted) or "session" cookies (deleted when you close your browser).

2. Cookies We Use

JobTactics uses the following categories of cookies:

Essential Cookies

These cookies are strictly necessary for the operation of our platform. They cannot be disabled.

Cookie	Purpose	Duration
session_id	Maintains your authenticated session	Session
auth_token	Stores your authentication token securely	7 days
csrf_token	Protects against cross-site request forgery	Session

Analytics Cookies

These cookies help us understand how visitors interact with our platform by collecting anonymous usage data. This information is used to improve our services.

Cookie	Purpose	Duration
_analytics_id	Anonymous visitor identification for usage statistics	1 year
_analytics_session	Groups page views into a single session	30 minutes

Preference Cookies

These cookies remember your choices and preferences to provide a more personalized experience.

Cookie	Purpose	Duration
locale	Stores your preferred language	1 year
theme	Stores your preferred color theme (light/dark)	1 year

Marketing & Advertising Cookies

Subject to your consent, we set advertising and conversion-measurement cookies from the following partners. These cookies let us measure the performance of our campaigns and optimize our advertising. They are never set before you opt in.

Google Analytics 4 / Google Ads — audience measurement and conversion tracking for our advertising. Privacy policy: policies.google.com/privacy
Meta (Facebook, Instagram) — ad delivery and conversion measurement on Facebook and Instagram. Privacy policy: facebook.com/privacy/policy
TikTok — ad delivery and conversion measurement on TikTok. Privacy policy: tiktok.com/legal/privacy-policy
LinkedIn — ad delivery and conversion measurement on LinkedIn. Privacy policy: linkedin.com/legal/privacy-policy

You can grant or withdraw your consent at any time via the cookie banner. Conversion events sent server-side are only transmitted for users who consented to marketing cookies.

3. Third-Party Cookies

Some cookies are set by third-party services that we use to operate and improve our platform:

Analytics Provider — we use a privacy-focused analytics service to understand usage patterns. Data is anonymized and processed under GDPR-aligned safeguards.
Payment Processor — our payment provider may set cookies to process transactions securely and prevent fraud.

4. Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

View which cookies are stored on your device.
Delete all or specific cookies.
Block cookies from specific or all websites.
Set preferences for first-party vs. third-party cookies.

Please note that disabling essential cookies may prevent you from using certain features of JobTactics, such as maintaining your login session.

For instructions on managing cookies in popular browsers:

5. Changes to This Policy

We may update this Cookie Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page and notify you via email for material changes.

6. Contact

If you have questions about our use of cookies, please contact us at:

privacy@jobtactics.io

Data Retention Schedule

In accordance with the storage limitation principle (GDPR Article 5.1.e), we only retain personal data for as long as necessary for the purposes described in our Privacy Policy and our GDPR notice. The table below summarizes the indicative applicable periods.

1. Retention periods

The following periods apply, subject to legal retention obligations and ongoing disputes:

Data category	Retention period
Account and profile	For the lifetime of the account; deleted ~30 days after account deletion
Generated documents (resumes, letters, reports)	For the lifetime of the account; deleted upon account deletion
AI interview recordings and analyses	12 months after the interview, then automatically deleted
Credit transactions and payments	Period required by applicable accounting and tax obligations
Security and audit logs	Limited period necessary for security and compliance, then purged
Consent evidence	Retained as long as necessary to demonstrate compliance (GDPR Art. 7.1)
B2B end-user data	According to the controller customer's instructions and the signed agreement

2. Deletion and anonymization

Upon expiry of the applicable periods, data is securely deleted or irreversibly anonymized. Backups are purged according to a controlled rotation cycle.

3. Your rights

You may request early deletion of your data at any time from your account or via our Data Protection Officer, as detailed in our GDPR notice. The periods specific to AI interviews are set out in the biometric consent notice.

4. Contact

For any question about retention periods, contact our Data Protection Officer:

dpo@jobtactics.io

Consent Notice — Biometric Data

The JobTactics AI interview feature may, when you use it, process your voice and emotional indicators derived from your speech. This data constitutes sensitive data within the meaning of Article 9 of the GDPR. This notice supplements our Privacy Policy and our GDPR notice.

1. Optional nature

Voice and emotional analysis is strictly optional. It is only enabled if you give explicit, specific and separate consent when launching an AI interview. You can use the platform without ever enabling this feature, and refusing it only affects this feature, not your access to the service.

2. Data processed

When you consent, we process:

The audio recording of your mock interview session.
The text transcription of that recording.
Derived expression indicators (pace, clarity, emotional tone) generated for educational feedback purposes.

3. Purpose

This data is used exclusively to provide you with personalized feedback on your interview preparation. It is never used for advertising, never shared with employers, and never used for automated decision-making producing legal effects.

4. Retention period

Audio recordings and associated analyses are retained for twelve (12) months after the interview, then automatically deleted. You may request earlier deletion at any time from your account or by contacting us.

5. Sub-processors

Voice processing and analysis may involve specialized providers, listed by category on our Sub-processors page, under appropriate contractual safeguards and governed international transfers.

6. Withdrawal of consent

You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal. Withdrawal stops any new biometric processing and, on request, deletes the data already collected.

7. Your rights

You have the rights of access, rectification, erasure, restriction and portability, exercisable from your account settings or via our Data Protection Officer, as detailed in our GDPR notice.

8. Contact

For any question about the processing of your biometric data or to exercise your rights, contact our Data Protection Officer:

dpo@jobtactics.io

Security & Breach Notification

Protecting the data entrusted to us is a priority. This policy describes our high-level security commitments and our breach notification procedure. It supplements our Privacy Policy and our Data Processing Agreement.

1. Security measures

We implement appropriate technical and organizational measures, including:

Encryption of data at rest and in transit.
Role-based access control and least-privilege principle.
Logging of sensitive operations and audit trails.
Strengthened authentication for privileged accounts.
Regular backups and continuity plan.

2. Organization

Access to personal data is strictly limited to people who need it to provide the service, subject to confidentiality obligations. Our providers are selected and contractually bound with security requirements at least equivalent.

3. Breach notification

In the event of a personal data breach likely to result in a risk to individuals:

We notify the competent supervisory authority without undue delay, in accordance with the GDPR (Article 33).
We inform the data subjects without undue delay where the risk is high (Article 34).
For data processed on behalf of a business customer, we notify the customer without undue delay so it can fulfill its own obligations.

4. Responsible disclosure

If you believe you have identified a vulnerability or security incident, we invite you to report it responsibly and confidentially via the contact details below. We undertake to review any good-faith report and not to take action against researchers acting ethically.

5. Limitations

No security measure can guarantee absolute protection. We strive to apply the state of the art and to continuously improve our safeguards, but cannot guarantee the total absence of risk.

6. Security contact

To report an incident or vulnerability, or for any security question, contact:

dpo@jobtactics.io