Privacy Policy

1. Overview

Diploy ("we," "us," or "our") provides free career exploration tools at diploy.io and an account-based career platform at app.diploy.io for CTE students, educators, and employers. Some features do not require an account; others require a free account. This policy explains what information we collect across both and how we use it.

2. Information We Collect

The information we collect depends on how you use Diploy:

• Account information — If you create an account on app.diploy.io, we collect your name, email address, and other profile information you choose to provide. This information is stored securely in our database.
• User-generated content — If you use our platform features, we may store content you create or submit, such as credentials, references, and notification preferences associated with your account.
• Usage data — Pages visited, searches performed, filters applied, and buttons clicked. This is collected through our analytics provider, PostHog.
• Session recordings — PostHog may record your browsing session to help us understand how users interact with the site. Password fields are automatically masked.
• Chat messages — If you use our AI chat assistants, your messages are stored in our database and processed by OpenAI to generate responses.
• Survey responses — If you take the Career Navigator survey, your answers are sent to the O*NET API (U.S. Department of Labor) for scoring. Your results may also be shared with OpenAI if you use the chat assistant afterward.
• IP addresses — We temporarily collect IP addresses for rate limiting purposes only. This data is stored in memory and is not persisted.
• Browser preferences — We store a small number of preferences in your browser's local storage (such as whether you dismissed the chat panel). This does not contain personal information.
• Resume content — If you use the Resume Builder, you may enter personal and professional details such as your name, email, phone number, address, work history, education, certifications, skills, projects, and awards. This information is stored only in your browser's local storage and is not sent to our servers for storage. It is cleared when you choose "Start Over."
• Voice recordings — The Resume Builder's Quick Start feature allows you to record audio (up to 5 minutes) using your device's microphone. Recordings are sent to OpenAI's Whisper API for transcription and are not stored by Diploy after the transcription is returned.
• File uploads — You may upload an existing resume (PDF, DOCX, or TXT, up to 10 MB). We extract the text content on our server, send it to OpenAI for parsing, and discard the original file. Uploaded files are not stored.
• Career summaries and job descriptions — If you use the Quick Start, AI Critique, or Job Match features, the text you provide (career summaries up to 750 words, job descriptions up to 5,000 characters) is sent to OpenAI for processing and is not stored by Diploy.

3. How We Use Your Information

• To provide and operate our career exploration tools
• To generate AI chat responses to your questions
• To generate, critique, and improve resumes using AI
• To compile and deliver downloadable resume PDFs
• To understand how users interact with the site and improve our tools
• To prevent abuse through rate limiting
• To create and maintain your account and profile
• To facilitate connections and interactions between users
• To send transactional emails related to your account activity

4. Third-Party Services

We use the following third-party services:

• OpenAI — Processes chat messages, survey results, resume content, career summaries, job descriptions, uploaded resume text, and voice recordings to power our AI assistants and Resume Builder features (Quick Start, Upload Parsing, AI Critique, Job Match, and voice transcription via Whisper).
• Vercel — Hosts the site and collects performance metrics.
• O*NET (U.S. Department of Labor) — Scores Career Navigator survey responses.
• LaTeX Compilation Service — A private microservice that receives resume content in LaTeX format and returns a compiled PDF. No resume data is stored by this service after the PDF is generated.
• Supabase — Provides authentication, database, and file storage for user accounts.
• Google — Provides OAuth sign-in as an optional authentication method.
• Resend — Delivers transactional emails related to account activity.

Each service has its own privacy policy governing how it handles data.

5. Children's Privacy

Diploy is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@diploy.io and we will take steps to remove it.

6. Data Retention

Chat messages are retained in our database to improve our services. Analytics data is retained according to PostHog's default retention settings. Rate limiting data is stored temporarily in memory and is cleared when the server restarts. Resume Builder data is stored only in your browser's local storage and is never persisted on our servers. Voice recordings, uploaded files, and text sent to AI features are processed ephemerally and discarded after a response is returned. Account data and associated content are retained as long as your account is active. You may deactivate your account at any time through your profile settings. To request permanent deletion of your data, contact us at support@diploy.io.

7. Your Choices

• You can choose not to use the AI chat features to avoid sending messages to OpenAI.
• You can use browser extensions to block analytics and session recording.
• You can clear your browser's local storage to reset stored preferences.
• You can clear your Resume Builder draft at any time by clicking "Start Over," which removes all resume data from your browser's local storage.
• You can choose not to use voice input or file upload features. All Resume Builder AI features are optional.
• You can control which parts of your profile are visible to the public through your privacy settings.
• You can deactivate your account at any time, which removes your profile from public view.
• You can request permanent deletion of your account data by contacting us.

8. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information:

California Residents (CCPA/CPRA) — Under the California Consumer Privacy Act and the California Privacy Rights Act, you have the right to:

• Know what personal information we collect, use, and disclose about you.
• Request deletion of your personal information.
• Opt out of the sale or sharing of your personal information. Note: Diploy does not sell or share your personal information for cross-context behavioral advertising.
• Not be discriminated against for exercising your privacy rights.

Other U.S. States — Residents of states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, and others) may have similar rights, including the right to access, correct, or delete personal information.

To exercise any of these rights, please contact us at support@diploy.io. We will respond to verifiable requests within the timeframe required by applicable law.

9. Security

We use reasonable measures to protect the information we collect, including HTTPS encryption for all data in transit. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. Voice recording requires explicit browser permission to access your microphone, which you can revoke at any time through your browser settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the effective date at the top of this page. Your continued use of Diploy after changes are posted constitutes your acceptance of the revised policy.

11. Contact

If you have questions about this Privacy Policy, please contact us at support@diploy.io.