Back to Sphericsx
Sphericsx

Privacy Policy

Effective Date: [Effective Date]·Last Updated: [Last Updated]

This Privacy Policy describes how Sphericsx("we," "us," or "our") collects, uses, stores, and shares your personal data when you use the Sphericsx's Darwin platform ("Platform"). Please read this policy carefully. By using the Platform, you acknowledge that you have read and understood this policy.

1. Introduction

Sphericsx operates the Darwin AI-powered Career Analysis Platform, accessible at [https://sphericsx.com]. This Privacy Policy applies to all users of the Platform globally and governs the collection, processing, storage, and transfer of personal data.

Where applicable, this policy is intended to comply with the General Data Protection Regulation (GDPR), India's Digital Personal Data Protection (DPDP) Act 2023, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), and other applicable data protection laws. The specific rights available to you may depend on your jurisdiction.

2. Definitions

Personal Data
Any information relating to an identified or identifiable natural person.
Processing
Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Data Controller
The entity that determines the purposes and means of processing personal data. For this Platform, that is Darwin.
Data Processor
A third party that processes personal data on behalf of the Data Controller.
User
Any individual who creates an account or otherwise uses the Platform.
Platform
The Darwin website, web application, APIs, and related services.

3. Data We Collect

We collect the following categories of personal data:

3.1 Account Information

When you register, we collect your name, email address, profile photo (where provided), and authentication identifiers (such as a Firebase UID or OAuth provider ID). If you sign up via Google OAuth, we receive the data your OAuth provider shares with us, subject to your consent settings with that provider.

3.2 GitHub Data

If you connect your GitHub account, we access only the data you explicitly authorise via GitHub's OAuth permission scopes. This may include your GitHub username, public repositories, repository metadata, programming languages used, commit statistics, organisation membership, and repository URLs. We do not access private repositories unless you explicitly grant that permission.

3.3 LinkedIn Data

Where you choose to connect LinkedIn or import LinkedIn profile data, we may access your profile information, skills, work experience, education history, and certifications, strictly to the extent authorised by you. Darwin complies with LinkedIn's Platform Policies and accesses only data explicitly permitted by the user and by LinkedIn's terms.

3.4 Resume Information

When you upload a resume (PDF or DOCX format) or build a resume using the Platform, we collect and process the contents of that document, which may include your name, contact details, work experience, education, skills, certifications, and projects. This data is used solely to provide career analysis and resume improvement features.

3.5 Career Analysis Data

We store AI-generated outputs produced in connection with your use of the Platform, including hireability scores, skill gap analyses, ATS compatibility reports, career roadmaps, learning recommendations, interview preparation guidance, and progress history. These outputs are derived from data you provide and are associated with your account.

3.6 Usage Data

We automatically collect technical and behavioural data when you use the Platform, including your IP address, browser type and version, device type, operating system, session duration, pages visited, features used, and error logs. This data is used for security, analytics, and product improvement purposes.

3.7 Cookies and Similar Technologies

We use the following categories of cookies:

  • Essential cookies: Required for the Platform to function, including session management and authentication.
  • Analytics cookies: Used to understand how users interact with the Platform (e.g., via Google Analytics or PostHog).
  • Functional cookies: Used to remember your preferences and settings.
  • Preference cookies: Used to store user interface preferences such as theme selection.

You may manage cookie preferences through your browser settings or any cookie consent mechanism we provide. Disabling essential cookies may affect Platform functionality.

4. Purpose of Processing

We process your personal data for the following purposes:

  • Account creation and authentication: To create and manage your account and verify your identity.
  • AI-powered career analysis: To generate hireability scores, skill gap analyses, ATS reports, and career roadmaps based on data you provide.
  • Resume improvement: To analyse uploaded resumes and provide actionable improvement suggestions.
  • Career recommendations: To deliver personalised learning and career development recommendations.
  • Product improvement: To understand how the Platform is used and improve its features and performance.
  • Fraud prevention and security: To detect, investigate, and prevent fraudulent activity and security incidents.
  • Customer support: To respond to your enquiries and resolve issues.
  • Analytics: To measure Platform usage and performance using analytics tools.
  • Communications: To send you service-related notifications, updates, and, where you have consented, marketing communications.
  • Legal compliance: To comply with applicable laws, regulations, and legal obligations.

5. AI Processing Disclosure

Darwin uses artificial intelligence and machine learning models to analyse the data you provide, including your resume, GitHub activity, and career profile, in order to generate insights, scores, and recommendations.

You should be aware of the following:

  • AI-generated insights are recommendations only and do not constitute guarantees of employment outcomes, career progression, or hiring decisions.
  • AI outputs may contain inaccuracies, errors, or biases. You should exercise independent judgement before acting on any AI-generated recommendation.
  • You remain solely responsible for your career decisions. Darwin does not make employment decisions on your behalf.
  • Where AI processing involves automated decision-making that produces significant effects on you, you may have the right to request human review, subject to applicable law.

6. Third-Party Services

The Platform integrates with or relies upon third-party service providers. These providers process data on our behalf or in connection with your use of the Platform. Current and potential integrations include:

ProviderPurposePrivacy Policy
GitHubRepository data access via OAuthgithub.com/privacy
LinkedInProfile data import (where permitted)linkedin.com/legal/privacy-policy
Google (OAuth & Analytics)Authentication and usage analyticspolicies.google.com/privacy
OpenAI / AI ProvidersAI model inference for career analysis[Provider privacy policy]
PostHogProduct analytics and session insightsposthog.com/privacy
ResendTransactional email deliveryresend.com/privacy
Cloud Hosting ProvidersInfrastructure and data storage[Provider privacy policy]
Payment ProcessorsSubscription billing (e.g., Stripe)[Provider privacy policy]
Firebase (Google)Authentication and session managementfirebase.google.com/support/privacy

This list may change as our service providers change. We will update this policy to reflect material changes.

7. Data Sharing

We do not sell your personal data. We may share your data in the following limited circumstances:

  • Service providers: We share data with third-party processors who assist us in operating the Platform (see Section 6). These processors are contractually bound to process data only as instructed and to maintain appropriate security measures.
  • Legal authorities: We may disclose data where required by law, court order, or governmental authority, or where we believe disclosure is necessary to protect our legal rights or the safety of any person.
  • Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the successor entity. We will notify you of any such transfer and any material changes to this policy.
  • User-authorised sharing: We may share data with third parties where you have explicitly authorised us to do so.

No sale of personal data: Darwin does not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes. If this practice ever changes, we will provide prominent notice and, where required by law, obtain your consent before doing so.

8. Data Retention

Data CategoryRetention Period
Account dataRetained for the duration of your account. Deleted within 30 days of account deletion, subject to legal holds.
Resume filesRetained while your account is active. Deleted upon account deletion or upon your request.
Career analysis historyRetained while your account is active. Deleted upon account deletion.
Usage logsRetained for up to 12 months for security and analytics purposes, then deleted or anonymised.
Backup dataBackups may retain data for up to 90 days after deletion from live systems.
Legal hold dataWhere required by law or legal proceedings, data may be retained beyond the above periods.

9. Your Rights

Depending on your jurisdiction and applicable law, you may have some or all of the following rights regarding your personal data. The availability of these rights varies by location.

  • Right to access: You may request a copy of the personal data we hold about you.
  • Right to correction: You may request that we correct inaccurate or incomplete personal data.
  • Right to deletion: You may request that we delete your personal data, subject to legal retention obligations.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Right to object: Where applicable, you may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to data portability: Where applicable, you may request your data in a structured, machine-readable format.
  • Right to lodge a complaint: You may lodge a complaint with the relevant data protection authority in your jurisdiction (e.g., a supervisory authority under GDPR, or the Data Protection Board of India under the DPDP Act).

To exercise any of these rights, please contact us at [[email protected]]. We will respond within the timeframe required by applicable law.

10. Security

We implement administrative, technical, and organisational measures designed to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include:

  • Encryption of data in transit using TLS/HTTPS.
  • Encryption of data at rest where supported by our infrastructure providers.
  • Secure authentication mechanisms, including Firebase Authentication.
  • Role-based access controls limiting data access to authorised personnel.
  • Audit logging of access to sensitive systems.
  • Regular security reviews and vulnerability assessments.

No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially reasonable means to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

Darwin operates globally and may process your data in countries other than your country of residence, including countries where our cloud infrastructure and third-party service providers are located. These countries may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal data internationally, we take steps to ensure that appropriate safeguards are in place as required by applicable law, such as standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

12. Children's Privacy

The Platform is not directed at children. We do not knowingly collect personal data from individuals below the minimum age required by applicable law (generally 13 years of age, or a higher age where required by local law, such as 16 years in certain jurisdictions under GDPR). If you believe we have inadvertently collected data from a child, please contact us immediately at [[email protected]] and we will take steps to delete such data.

13. Account Deletion

You may delete your account at any time through the Platform settings or by contacting us at [[email protected]].

Upon account deletion:

  • Your profile, resume data, and career analysis history will be scheduled for deletion within 30 days.
  • Backup copies may persist for up to 90 days before being purged.
  • Certain data may be retained where required by law, to resolve disputes, enforce our agreements, or for legitimate security purposes.
  • Anonymised or aggregated data derived from your usage may be retained indefinitely as it no longer identifies you.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

  • Posting the updated policy on the Platform with a revised "Last Updated" date.
  • Sending an email notification to the address associated with your account, where required by law or where the changes are material.

Your continued use of the Platform after the effective date of any updated policy constitutes your acceptance of the changes, to the extent permitted by applicable law.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy enquiries[[email protected]]
Contact form[https://sphericsx.com/contact]
Registered address[Registered Address]

This Privacy Policy is a draft document intended for legal review prior to publication. It does not constitute legal advice. Sphericsx recommends that this document be reviewed by qualified legal counsel before it is made publicly available.