Privacy Policy

careersstat is operated by CAREERSBAR LTD (company number 15319889), registered at 128 City Road, London, United Kingdom, EC1V 2NX. CAREERSBAR LTD is the data controller for personal data processed through the platform.

Data protection contact: The Director, CAREERSBAR LTD (Data Protection Officer). Email privacy@careersbar.com for any privacy enquiry or to exercise your rights.

Account data: your name, email address, organisation, role, and authentication credentials (passwords are stored as bcrypt hashes only; phone numbers, where provided, are encrypted at rest).

Billing data: subscription plan, invoices, and payment status. Card details are processed and stored by Stripe — they never touch our servers.

Usage data: pages viewed, API requests, saved projects, AI queries, and security audit logs needed to operate the platform safely and enforce plan limits.

Consent records: which policy versions you accepted, when, and from which IP address.

We do not sell personal data. Official statistics displayed in the product come from third-party open data sources, not from your account.

Contract (UK GDPR Art. 6(1)(b)): operating your account, subscription, billing, and support.

Legitimate interests (Art. 6(1)(f)): securing the service, preventing fraud and abuse, measuring and improving product performance.

Consent (Art. 6(1)(a)): marketing emails and non-essential cookies. You can withdraw consent at any time without affecting the service.

Legal obligation (Art. 6(1)(c)): tax, accounting, and responding to lawful requests.

Account data is retained while your account is active. After deletion we anonymise the account promptly and retain only what we must keep: invoicing and tax records for 6 years (HMRC requirement) and security audit logs for up to 12 months.

Data export files are deleted automatically 7 days after generation. Trial and usage counters are retained for the life of the account to enforce one-trial-per-account.

We use a small number of vetted subprocessors: Stripe (payments), OpenAI and Google Gemini (AI features), SendGrid (email), and our hosting provider. The current list with purposes and locations is maintained at /subprocessors.

Where data leaves the UK, we rely on adequacy regulations or the relevant standard contractual clauses / international data transfer addendum.

Organisation customers can request our Data Processing Agreement at /dpa.

Some features send your queries (never your password or billing data) to AI providers to generate analysis. We do not allow providers to train models on your content. Full details, including human oversight and opt-out, are in our AI Processing Policy at /ai-processing.

You have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing based on legitimate interests. Self-service tools for data export and account deletion are available in your dashboard settings.

To exercise any right, email privacy@careersbar.com. We respond within one month. You can also complain to the Information Commissioner's Office (ico.org.uk).

A plain-English summary of rights and how we honour them is published at /gdpr.

We protect data with encryption in transit, encrypted secrets at rest, role-based access control, rate limiting, CSRF protection, audit logging, and routine security review. No system is perfectly secure; we will notify you and the ICO of qualifying breaches within statutory deadlines.