Democruit ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy ("Policy") explains how we collect, use, store, and share your information, including information that may identify you as an individual ("Personal Data"). This Policy complies with the requirements of the General Data Protection Regulation (GDPR). By using our Services or agreeing to this Policy as a Marketing Recipient (defined below), you consent to the practices described in this Policy.

If you have any questions about this Policy, please contact us at info@democruit.com. Capitalized terms not defined in this Policy have the meanings given to them in our Terms of Service.

This Policy also applies to individuals with whom we communicate for marketing or promotional purposes but who may not otherwise use or access our Software ("Marketing Recipients"). By agreeing to this Policy as a Marketing Recipient, you consent to the privacy practices described herein.

We use your data to provide and improve our Services. By using our Services, you agree to the collection and use of information in accordance with this Policy.

1. Information Collection and Use

We collect various types of Personal Data for different purposes to provide and improve our Services. We adhere to the data minimization principle, meaning we collect only the data necessary to deliver and support our product features, customer support, and account features, in compliance with GDPR.

2. Types of Data Collected

We collect the following types of Personal Data to provide and improve our Services:

Personal and Contact Information

While using our Services, we may ask you to provide the following Personal Data:

• Email address First name and last name
• Phone number
• Profile photo
• Links to professional websites or online profiles (e.g., LinkedIn, GitHub)
• Location Data (as defined below)
• Usage Data (as defined below)
• Device ID

If you are a Marketing Recipient, we may use your Personal Data to contact you with newsletters, marketing materials, and other information that may be of interest to you. You may opt out of these communications by following the unsubscribe link or emailing us at info@democruit.com.

Career and Application Information

This includes any information you provide to build or edit your resume, cover letter, or other application materials. It may include professional summaries, work experience, education, skills, certifications, languages, awards, references, career objectives, and similar content. You may also upload an existing resume or job description, which we may parse and store to enable AI-powered content generation.

Custom User Inputs

You may choose to add custom sections or data fields to personalize your documents. We store this information solely to deliver our Services.

Location Data

We may collect and store information about your location if you grant us permission. This data helps us provide and improve our Services. You can enable or disable location services through your device settings at any time.

Usage Data

We may collect information automatically when you visit or access our Services, including:

• Your device’s Internet Protocol (IP) address
• Browser type and version
• Pages visited, time and date of visit, and time spent on those pages
• Unique device identifiers and diagnostic data

If you access our Services via a mobile device, we may also collect:

• Mobile device type and unique ID
• Mobile operating system
• Mobile Internet browser type and IP address
• Unique device identifiers and diagnostic data

Other Data

We may also collect and store non-Personal Data that, when combined with your Personal Data, could identify you. This includes:

• Language
• Country, region, state, city, and DMA (Designated Market Area)
• Device type, operating system, and carrier
• Device ID

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to monitor activity on our Services and store certain information. Cookies are small data files that may include an anonymous unique identifier. They are sent to your browser from a website and stored on your device.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, some portions of our Services may not function properly. Below are the types of cookies we use:

• Session Cookies: To operate our Services.
• Preference Cookies: To remember your preferences and settings.
• Security Cookies: For security purposes.
• Advertising Cookies: To serve you relevant advertisements.

4. Use of Data

We use the collected data for various purposes, including:

• Providing and maintaining our Services
• Gathering analysis to improve our Services
• Providing customer support
• Notifying you about changes to our Services
• Allowing you to participate in interactive features
• Monitoring usage and addressing technical issues
• Fulfilling contractual obligations
• Sending account-related notices and updates
• Sending promotional content or marketing communications (with your consent)
• Any other purpose with your consent

4.1 AI-Powered Features

Our Services include AI-assisted tools such as resume and cover letter generation. When you use these features, the data you input (such as resume content or job descriptions) may be processed using third-party AI platforms for the purpose of generating tailored content. We do not use this data to train any external AI models, and we do not share your inputs for unrelated purposes. We ensure any third-party AI providers are bound by confidentiality agreements and are required to follow data protection standards in compliance with GDPR and CCPA.

4.2 Legal Bases for Processing Personal Data (GDPR)

We rely on the following legal bases to process your Personal Data:

• Your consent (e.g., for marketing communications)
• Performance of a contract (e.g., to deliver resume-building features)
• Compliance with legal obligations
• Our legitimate interests (e.g., improving services, preventing fraud)

5. Retention of Data

We retain your Personal Data for as long as necessary to provide the Services. If required by law, we may retain your data for a longer period. Non-Personal Data may be stored perpetually, and we may anonymize your Personal Data for long-term storage.

Usage Data is generally retained for a shorter period unless used to strengthen security or improve functionality.

6. Transfer of Data

Your information, including Personal Data, may be transferred to and maintained on computers located outside your jurisdiction, where data protection laws may differ. By using our Services, you consent to this transfer.

Information collected in the European Union ("EU") and European Economic Area ("EEA") may be transferred, stored and processed by us or third parties (as provided in this Policy) in the United States and other countries whose data protection laws may be different than the laws of your country. Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by entering into SCCs with the relevant third party. Please contact us at info@democruit.com if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA. As described in this Policy, we may share Personal Data with third parties and may be required to disclose information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

7. Disclosure of Data

• You may, now or in the future, be able to choose to voluntarily share Personal Data collected through the Services.
• To effectively provide you with the Services, and to improve their functionality, we may disclose your Personal Data to our personnel, including our employees, contractors, and agents, to the extent that such persons or entities have a need-to-know such information in furtherance of the Services.
• We work with third-party service providers to provide product analytics, customer analytics, website and application development, hosting, maintenance, data processing, customer service, payment processing, and other services for us in furtherance of the Services. These third parties may have access to or process your Personal Data as part of providing those services for us. However, we limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we have contracts in place with such vendors in line with the Article 28 requirements of GDPR, pursuant to which they are required, among other things, to maintain the confidentiality of the Personal Data to the extent required by GDPR. When you make a payment via our Services, we do not collect the financial information you provide. Rather, the information is collected by Creem, a third-party payment platform that collects a user’s name, email, credit card information, and other information a user provides to Creem. We do not share any Personal Data with Creem, and we do not receive any Personal Data from Creem. We only receive confirmation from Creem that a successful transaction was completed on payment, but no Personal Data is transferred between Creem and us. Creem may also collect data from you in the capacity of a data controller. Please see Creem’s privacy policies for more information: https://www.creem.io/privacy.
• If we sell all or substantially all of our company or its assets, including the Personal Data collected through our Services, we may transfer your information to the acquiring company.
• In addition to our practices described above, we may share your Personal Data if we have a good-faith belief that such action is necessary to (1) comply with the law (see the section below on "Government Requests"), (2) protect and defend our rights or property, or (3) prevent an emergency involving danger of death or serious physical injury to any person. We will only share your Personal Data for the foregoing reasons to the extent permitted by GDPR or other applicable data privacy laws. As described herein, our Services utilize numerous third-party services as part of their functionality. We may share your Personal Data with third parties as explained in this Policy. While we do not control how third-party service providers manage their internal systems, we contractually require them to handle your Personal Data in accordance with GDPR (where applicable), including through Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs). We encourage you to review the privacy practices of such third parties. We make no guarantees about, and assume no responsibility for, the information, services, or data/privacy practices of third parties, except to the extent required by GDPR and the SCCs.

8. Security of Data

We make reasonable efforts to protect your Personal Data and prevent its loss, misuse, or alteration. We also employ reasonable technical safeguards, such as encryption and secure hosting provided by leading third-party vendors, to protect your Personal Data. However, despite our efforts, loss, misuse, or alteration may still occur. We are not liable to our users or any third party for any such loss, misuse, or alteration, except as required by GDPR, the SCCs, or other applicable law.

8.1 Data Breach Notification

In the unlikely event of a data breach involving your Personal Data, we will notify affected users and relevant authorities within 72 hours, as required by GDPR, where the breach is likely to result in a risk to your rights and freedoms. We will take immediate steps to mitigate the breach, including securing affected systems and informing you via email or a prominent notice on our Services. Contact us at info@democruit.com for any breach-related concerns.

9. Your Data Protection Rights Under GDPR

If you are an EU or EEA resident, you have the right to:

• Access, update, or delete your Personal Data
• Request rectification or restriction of processing
• Object to processing
• Request data portability
• Withdraw consent
• Lodge a complaint with a supervisory authority in your country (e.g., the Information Commissioner’s Office in the UK or the Data Protection Authority in your EU member state)

You may request deletion of your account and associated data at any time by contacting us at info@democruit.com or using the “Delete Account” option in your account settings (where available). We will process your request within 30 days, subject to any legal or contractual obligations. To exercise these rights, contact us at info@democruit.com. You may also contact our Data Protection Officer at dpo@democruit.com.

10. California Privacy Rights (CCPA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect
• Right to request deletion of your data
• Right to opt out of the sale or sharing of personal data (Democruit does not sell or share personal data for advertising or commercial purposes)
• Right to non-discrimination when exercising your rights To make a request, contact us at info@democruit.com with "California Consumer Privacy Act (CCPA) Request" in the subject line.

11. International Users

If you are accessing our Services from outside the United States or the European Economic Area, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our servers are located and our central databases are operated. By using our Services, you consent to any transfer of your information to countries outside your country of residence.

12. Links to Other Sites

Our Services may contain links to third-party sites. We are not responsible for their content or privacy practices.

13. Children's Privacy

Our Services are not intended for users under 18. We do not knowingly collect Personal Data from children. If we become aware of such a collection, we will delete the related information.

14. User Data of Customer’s End User

If you are our Customer’s End User, your data is controlled by our Customer, not Democruit. Please review the Customer’s privacy policy for details.

15. Changes to This Policy

We may update our Policy when needed. We will notify you of any changes by posting the updated Policy on this page. We will also inform you via email and/or a prominent notice on our Services before the change takes effect, and we will update the "effective date" at the top of this Policy. You should check this Policy periodically for any changes. Any changes to this Policy are effective when posted on this page.

16. Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, please contact us at:

• 📧 info@democruit.com
• 📧 dpo@democruit.com (for privacy-related or GDPR inquiries)