AI use disclosure

HiringCoach.ai uses AI models to help you draft resumes, cover letters, pitches, and interview answers. This page explains what that looks like under the hood.

Our principles

• No training on your data. We pass per-request flags that opt out of provider model-training programs where the provider supports them (for OpenAI, we send store: false and do not opt into stored-completions or model-improvement). We rely on each provider’s contractual no-training default in their standard API terms.
• Minimized provider retention. Where the provider supports it we configure account-level “do not save” settings (e.g., ElevenLabs, Deepgram). We have not signed Zero Data Retention amendments with any provider, so each provider’s default abuse-monitoring retention window applies (for OpenAI, this is up to 30 days under their standard API terms; we do not have access to that data).
• Draft only. AI outputs are drafts. You review and edit before they are exported, emailed, or shared.
• No prompt or completion storage on our side. When we log an AI call internally, we record only metadata (model, endpoint, token counts, timing) — never the prompt text or the model’s response.

When AI runs

AI calls happen in two ways:

• User-initiated. You click an AI action — Generate, Optimize, Coach, Refine, etc. The data needed for that action is sent to the AI provider.
• Anticipatory. Some flows pre-compute AI results in the background so they’re ready when you need them. For example, uploading a job description may automatically trigger a Fit Analysis so it’s available the moment you open the job. The same provider configuration (zero training, zero retention) applies.

The non-AI parts of the product (manual editing, file management, account settings) never invoke AI. If you want to avoid AI processing, do not upload data into AI-assisted features (resume optimization, cover letter generation, fit analysis, pitch studio, interview coaching, voice features, company intel).

Providers we use

• OpenAI — LLM generation. Called both directly via the OpenAI API and through the Vercel AI Gateway. Per-request store: false is sent on every call. Standard OpenAI API retention (up to 30 days for abuse monitoring) applies; we do not have a Zero Data Retention amendment.
• Perplexity — research-backed intelligence (optional).
• ElevenLabs — text-to-speech.
• Deepgram — speech-to-text. redact=true is sent on every request to remove PII patterns from transcripts.
• Google Cloud TTS — alternate text-to-speech.

What we send

Across our AI-assisted features, the inputs we may send to a provider include: your resume text, job descriptions you have selected or uploaded, manual inputs you type into a feature (e.g., interview answers, pitch text, custom-question responses), and minimal contextual metadata (target role, company name, tone). Voice features additionally send the audio you record (input) or the text we generate for playback (output). The exact data depends on the feature you invoke; the “Providers we use” section above lists every provider that may receive any of it.

We do not send payment data, government-issued IDs, or content you have not entered into an AI-assisted feature.

What we don't do

• We do not make automated decisions with legal or significant effects about you (Art. 22 GDPR).
• We do not publish AI-generated content that identifies you individually without your explicit action. We may publish AI-assisted aggregate insights (e.g., trends across many anonymized users) and AI-assisted marketing content about the product itself.
• We do not claim AI outputs are factual — they are drafts you review.
• We do not use AI to profile you for targeted advertising.

Prohibited inputs

Please do not submit to AI features:

• Protected Health Information (HiringCoach.ai is not a HIPAA Business Associate).
• Payment card data.
• Government-issued IDs, Social Security numbers, driver's license numbers.
• Information belonging to third parties without their consent.
• Content intended to deceive, harass, or defame.

Safety

• Input safety checks flag prompt-injection and jailbreak attempts (lib/ai/safetyGuard.js).
• Output moderation (OpenAI Moderation) blocks hate, violence, self-harm, and sexual content involving minors.

We do not apply per-output PII redaction or per-output AI labeling, and we have not yet run a formal bias evaluation. Our intended bias-evaluation methodology is documented at docs/compliance/ai-bias-evaluation.md; the first evaluation is pending.

Your choices

• Avoid AI-assisted features. See the “When AI runs” section above for the list of features that involve AI (including ones that pre-compute results in the background). The product’s non-AI workflows — manual editing, file management, account settings — never invoke AI.
• Export your data — via account export (where available).
• Delete your account — via your account page.

Further reading

• Privacy policy
• Cookie policy
• Sub-processors
• Security overview
• Trust center