Privacy Policy

**Controller:** Ergon Chat (legal entity to be defined) **Contact Email:** gabrielp.ribeiro1996@gmail.com For data protection inquiries, privacy requests, or to exercise your rights, please contact us at the email above.

We collect the following categories of personal data: **Account Information:** • Name and email address (from Google OAuth) • Profile picture (optional, from OAuth provider) • Account creation and last login dates **Content You Provide:** • Resumes and CVs you upload • Job descriptions you input • Interview recordings and transcripts (if using voice features) • Chat messages and conversation history • Job application notes and tracking data **Usage Data:** • Features used and frequency • Interview simulation sessions and duration • Error logs and performance data **Payment Information:** • Billing address • Payment method details (processed by Stripe - we don't store full card numbers) • Subscription history and transaction records

We use your personal data for the following purposes: **Service Delivery:** • Generating personalized resumes using AI • Providing interview simulations and feedback • Tracking your job applications • Analyzing skill gaps **Account Management:** • Creating and maintaining your account • Processing payments and subscriptions • Communicating about your account and service updates **Service Improvement:** • Analyzing usage patterns to improve features • Debugging and fixing technical issues • Developing new features **Legal Compliance:** • Complying with legal obligations • Responding to legal requests • Protecting against fraud and abuse

Under LGPD, we process your data based on the following legal grounds: • **Consent:** When you create an account and accept our terms • **Contract Performance:** To provide the services you subscribed to • **Legitimate Interests:** For service improvement, security, and fraud prevention • **Legal Obligation:** When required by law to retain or disclose data

We share your data with the following categories of third parties: **Service Providers (Data Processors):** | Provider | Purpose | Data Shared | |----------|---------|-------------| | **Supabase** | Database, authentication | Account data, content, usage data | | **Stripe** | Payment processing | Email, billing address, payment info | | **Google (Gemini AI)** | AI content generation | Prompts, resumes, job descriptions | **Important Notes:** • We do not sell your personal data • We do not share your data for third-party advertising • AI providers may process content to generate responses but should not use it to train models (per their enterprise terms) Each provider has their own privacy policy governing their data practices.

We retain your data as follows: • **Active Account:** Data is retained while your account is active • **After Cancellation:** Core account data retained for 30 days (for recovery) • **After Deletion Request:** Data deleted within 30 days, except where legal retention is required • **Payment Records:** Retained for 7 years for tax and legal compliance • **Anonymized Analytics:** May be retained indefinitely You can request data deletion at any time (see "Your Rights" section).

We implement appropriate technical and organizational measures to protect your data: • **Encryption:** Data encrypted in transit (TLS) and at rest • **Access Controls:** Role-based access to data systems • **Authentication:** Secure OAuth-based authentication • **Infrastructure:** Hosted on secure cloud infrastructure (Supabase/Vercel) • **Monitoring:** Security monitoring and incident response procedures While we strive to protect your data, no system is 100% secure. We cannot guarantee absolute security.

Under LGPD and other applicable laws, you have the following rights: • **Access:** Request a copy of your personal data • **Correction:** Request correction of inaccurate data • **Deletion:** Request deletion of your data ("right to be forgotten") • **Portability:** Receive your data in a structured, machine-readable format • **Objection:** Object to certain processing activities • **Revoke Consent:** Withdraw consent at any time **How to Exercise Your Rights:** Send an email to gabrielp.ribeiro1996@gmail.com with: • Subject: "Privacy Rights Request" • Your account email • The specific right you wish to exercise We will respond within 15 business days.

To delete your account and associated data: 1. Send an email to gabrielp.ribeiro1996@gmail.com 2. Subject: "Account Deletion Request" 3. Include your account email address 4. We will confirm deletion within 15 business days Note: If you have an active subscription, please cancel it first through the billing portal. Some data may be retained for legal compliance (e.g., payment records).

We use essential cookies for: • **Authentication:** Maintaining your login session • **Preferences:** Storing language and UI preferences We do not use tracking cookies for advertising purposes.

Your data may be processed in countries outside Brazil, including the United States, where our service providers are located. We ensure appropriate safeguards are in place, including: • Standard contractual clauses • Provider compliance with applicable privacy frameworks

Ergon Chat is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the platform at least 14 days before taking effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your rights: **Email:** gabrielp.ribeiro1996@gmail.com **Subject:** Privacy Inquiry **Data Protection Contact:** gabrielp.ribeiro1996@gmail.com