# Privacy Policy

AuraCV is committed to protecting your personal information in line with the **Protection of Personal Information Act, 2013 (POPIA)** of South Africa. For the official law and regulator guidance, see **[popia.co.za](https://popia.co.za)**.

This page explains how we collect, use, store, and protect your data — and how we comply with POPIA. It is also available in the **Help center** at `/help/privacy-and-popia`. Ask **Tokugawa** (bottom-right chat) if you want a plain-language summary.

## POPIA compliance

AuraCV processes personal information as a **responsible party** under POPIA. We design our product and operations to meet POPIA's conditions for lawful processing, including:

| POPIA principle | How AuraCV applies it |
|-----------------|----------------------|
| **Accountability** | We maintain internal policies, access controls, and a point of contact for privacy enquiries. |
| **Processing limitation** | We collect only what we need to run the service (account, CV, applications, billing where applicable). |
| **Purpose specification** | Data is used to provide CV building, job search, AI assistance, subscriptions, and support — not for unrelated purposes. |
| **Further processing limitation** | We do not repurpose your CV or profile for advertising profiles sold to third parties. |
| **Information quality** | You control and can edit your CV and profile; you are responsible for accuracy before applying to employers. |
| **Openness** | This policy, our [Terms & Conditions](./terms-and-conditions.md), and Help articles describe our practices. |
| **Security safeguards** | Data is stored securely with encryption, authenticated access, and industry-standard hosting practices (see below). |
| **Data subject participation** | You may access, correct, or request deletion of your data (see **Your rights**). |
| **Cross-border transfers** | Where data is processed outside South Africa (e.g. cloud or AI infrastructure), we use providers under contractual safeguards appropriate to POPIA. |

We review our practices regularly and update this policy when our services or legal requirements change.

## What personal information we collect

Depending on how you use AuraCV, we may process:

- **Account data** — name, email address, authentication identifiers (including OAuth from Google where used), subscription status
- **Profile & CV data** — employment history, education, skills, contact details you enter, uploaded imports (PDF/DOCX), template choices
- **Job & application data** — saved jobs, application tracker entries, Auto-Apply settings (AuraPro)
- **Usage data** — feature usage, AI request counts, logs needed for security and debugging (not sold to data brokers)
- **Payment data** — AuraPro transactions are handled by **Paystack**; we receive confirmation and subscription metadata, not full card numbers stored on our servers
- **Support communications** — emails to support@auracv.net and messages you send to Tokugawa (avoid pasting sensitive ID numbers in chat)

## How we use your information

We use personal information to:

- Create and maintain your account
- Store, edit, export, and display your CVs
- Provide job listings, matching, application tracking, and Auto-Apply (AuraPro)
- Run AI features (grading, improvements, keyword checks, job match scores, Tokugawa support)
- Process AuraPro subscriptions and prevent fraud
- Send service-related emails (e.g. verification, password reset, billing receipts via Paystack)
- Improve reliability, security, and support quality

We **do not sell your personal information** to third parties for their marketing or profiling.

Free accounts may see **advertisements** served by ad networks; ad partners may use cookies or similar technologies under their own policies. **AuraPro** removes in-app ads. We do not sell your CV content or contact details to recruiters without your action (e.g. when you apply to a job).

## AI and your data — we do not train on your data

AuraCV uses **generative AI** for grading, improvements, matching, import parsing, and Tokugawa support chat.

**Important commitments:**

- Your CV, profile, and chat content are sent to generative AI **only to generate the feature you requested** (e.g. grade this CV, answer this support question).
- **We do not use your personal information or CV content to train our own models.**
- **We do not allow your data to be used to train third-party foundation models** beyond what is necessary to process your immediate request, in line with our provider agreements and product configuration.
- Generative AI outputs are suggestions — you remain responsible for verifying accuracy before sharing with employers.

If you prefer not to use generative AI features, you can still build CVs manually without running AI analyses.

## How we store and secure data

Your data is stored securely:

- **Encryption in transit** — HTTPS/TLS for browser and API traffic
- **Encryption at rest** — data at rest on our cloud infrastructure uses provider-level encryption
- **Access controls** — production access is limited to authorized personnel on a need-to-know basis
- **Authentication** — passwords hashed with modern algorithms (Argon2id); sessions protected with secure cookies
- **Backups & availability** — regular backups and monitoring to reduce data loss and downtime
- **Vendor security** — infrastructure and payment partners selected for strong security practices

No online service can guarantee absolute security. If you believe your account is compromised, email **support@auracv.net** immediately and change your password.

## Cookies and local storage

AuraCV uses:

- **Session cookies** — to keep you signed in
- **Preference storage** — e.g. dark mode, sidebar state, cached app data
- **Consent storage** — to remember that you accepted our Terms & Conditions and this privacy policy

You can clear cookies in your browser; you may need to sign in again.

## Sharing with third parties

We share data only when needed to operate the service:

| Recipient | Purpose |
|-----------|---------|
| **Cloud hosting** | Run the application and databases |
| **Paystack** | AuraPro payments and subscription billing |
| **Google** | Optional Google sign-in; AI inference when you use AI features or Tokugawa |
| **Email provider** | Transactional email (verification, support) |
| **Employers / job boards** | Only when **you** submit an application or Auto-Apply sends one on your behalf |

We require processors to protect personal information appropriately. We do not sell personal information.

## Retention

We retain your account and CV data while your account is active. If you request **account deletion**, we delete or anonymize personal data within a reasonable period per our deletion process (allow time for backups to rotate). Some billing records may be retained where law or accounting requires.

## Your rights under POPIA

As a data subject in South Africa, you may:

- **Request access** to personal information we hold about you
- **Request correction** of inaccurate or incomplete data (edit in Profile/CV builder or email support)
- **Object** to processing in certain circumstances
- **Request deletion** of your account and associated personal information
- **Withdraw consent** where processing is based on consent (e.g. marketing — service emails may still be required for account security)
- **Lodge a complaint** with the **Information Regulator** — see [popia.co.za](https://popia.co.za) for current contact details

To exercise your rights, email **support@auracv.net** from your registered email address with a clear request (e.g. "POPIA access request" or "Account deletion request").

## Children

AuraCV is intended for job seekers who can enter into a binding agreement. We do not knowingly collect personal information from children under 18 without appropriate consent.

## Changes to this policy

We may update this policy when features, providers, or legal requirements change. Material changes will be reflected on this page with an updated **Last updated** date. Continued use after notice may require renewed acceptance via the in-app consent banner.

**Last updated:** June 2026

## Contact

| Topic | Contact |
|-------|---------|
| Privacy policy enquiries | **support@auracv.net** (subject: "Privacy request") |
| Account deletion | **support@auracv.net** from your registered email |
| General support | Tokugawa in-app, **Help** (`/help`), or **support@auracv.net** |

## Related guides

- [Terms & Conditions](./terms-and-conditions.md)
- [Account & settings](./account-and-settings.md) — profile, deletion, ads
- [AI features](./ai-features.md) — how AI uses your CV for analyses
- [FAQ & troubleshooting](./faq-troubleshooting.md) — Tokugawa and support channels