AI use disclosure

Purpose

Govern how HiringCoachAI uses large-language-model (LLM) and other AI services to deliver product features, and define the controls that protect user data and output quality.

Principles

1. Disclosed. Users are notified that AI is used to draft content via the first-visit cookie/privacy banner, the privacy policy, and the AI Disclosure page (/ai-disclosure). The disclosure page enumerates each AI feature and the data it sends. 2. No training on customer data. We rely on each provider's contractual no-training default in their then-current standard API terms rather than separate enterprise no-training amendments. 3. Minimized retention. Where the provider supports code-level controls, we pass per-request flags. We have not signed Zero Data Retention amendments with any AI provider; each provider's then-current standard API retention windows apply. 4. Human-reviewable. Resume, cover-letter, pitch, and similar drafting outputs are intended for user review and editing before use. Other AI outputs, such as scoring, transcription, task breakdowns, and value-proposition suggestions, are informational aids. 5. Metadata-only logging. When AI calls are logged internally, only metadata is recorded (model, endpoint, token counts, timing): never the prompt text or the model's response.

When AI runs

AI calls happen in two ways:

• User-initiated. The user clicks an AI action such as Generate, Optimize, Coach, or Refine. The data needed for that action is sent to the AI provider.
• Anticipatory. Some flows pre-compute AI results in the background so they are ready when the user needs them. For example, entering or saving job-description data may automatically trigger a Fit Analysis so it is available when the user opens the job. The same no-training posture and provider-retention limits described elsewhere in this policy apply.

The non-AI parts of the product (manual editing, file management, account settings) never invoke AI.

Models and vendors

See the AI model inventory for the authoritative list, including each provider's API endpoints. In summary: OpenAI (primary), Perplexity (research), ElevenLabs (text-to-speech), Deepgram (speech-to-text), Google Cloud Text-to-Speech.

Data sent

Across our AI-assisted features, the inputs we may send to a provider include the user's resume text, job descriptions the user has selected or entered, manual inputs the user types into a feature (interview answers, pitch text, custom-question responses, etc.), and minimal contextual metadata (target role, company name, tone). Voice features additionally send the user's recorded audio (input) or the text we generate for playback (output). General user file uploads are not live in production yet.

The exact data depends on the feature. The model-and-data-class summary per feature is published in the AI model inventory; the per-feature input mapping is reviewed at the implementation layer. Higher-education reviewers needing a per-feature mapping at procurement time can request the current snapshot through [email protected].

Prohibited uses

Users may not submit to AI features:

• Protected Health Information (see the deployment model; PHI is contractually prohibited)
• Payment card data
• Government-issued IDs, SSN, driver's license numbers
• Information belonging to third parties without consent
• Content intended to deceive, harass, or defame

Staff may not submit production customer data to AI tools outside the approved processor list at the sub-processors.

Academic integrity

HiringCoachAI is designed for career-services use cases — drafting application materials, preparing for interviews, and developing professional pitches. It is not designed for coursework, graded academic submissions, or content used to fulfill academic requirements. Whether the use of AI-assisted tools in any specific academic context is permitted is governed by the institution's own academic-integrity policies; institutions deploying HiringCoachAI in any setting adjacent to coursework should consult their academic-integrity office before in-scope use.

Controls

At the API gateway

• LLM calls are routed through Vercel AI Gateway or directly to the provider.
• store: false passed on OpenAI Chat Completions and Responses API calls so generated responses are not stored as OpenAI application state for later retrieval. An automated check runs in local compliance checks and the scheduled/manual security workflow to verify covered OpenAI Chat Completions or Responses requests include store: false and Deepgram transcription requests include redact=true.
• Prompt-injection and jailbreak detection are applied to AI requests where the safety-check option is enabled.
• Prompts sanitized (zero-width characters, control characters) on a feature-specific basis, not universally.

Output handling

• Output handling: Current output controls are scoped AI features, user review before reliance, reporting/escalation, and feature-specific guardrails. These are the output controls represented for the current service.

Retention

• OpenAI: Per-request store: false flag on Chat Completions and Responses API calls prevents generated responses from being stored as OpenAI application state for later retrieval. No Zero Data Retention amendment is in place: OpenAI's then-current standard API abuse-monitoring retention window applies. We rely on OpenAI's then-current standard API terms for the no-training default; we do not have access to provider-side abuse-monitoring logs.
• Perplexity: Standard API terms; provider default retention applies. No enterprise DPA executed.
• ElevenLabs: Standard API terms; provider default retention applies.
• Deepgram: Per-request redact=true to redact sensitive number-like entities from transcripts, such as payment cards and Social Security numbers; provider default retention otherwise applies.
• Google Cloud Text-to-Speech: Standard API terms; provider default retention applies.
• Our internal AI call audit retains metadata (no prompts, no completions): target retention 1 year, enforced by a scheduled retention runner.

Notice

We provide layered notice so the user is informed of AI processing without an interrupting consent gate. The lawful basis for AI processing is contract performance: the user is asking us to deliver a feature (resume draft, fit analysis, etc.) that requires the call. Notice is provided via:

• First-visit banner. The cookie/privacy banner shown to every visitor on first load names AI use explicitly and links to /ai-disclosure. This is the canonical first-touch notice and runs before any tracking or AI call.
• Privacy Policy describes AI processing, providers, retention, and the user's rights.
• AI Disclosure page at /ai-disclosure, linked from the first-visit banner and the global footer on every page; enumerates each AI feature, the data sent, and the trigger (user-initiated or anticipatory).

How a user avoids AI processing

There is no product-wide in-product "disable AI" toggle. AI is part of how AI-assisted features work; the user-facing choice is to invoke an AI-assisted feature or use non-AI product areas. AI runs when the user uses an AI-assisted feature, either by clicking an AI action or by entering data into a flow that pre-computes AI results, such as job-description data triggering Fit Analysis. A user who wishes to avoid AI processing can:

• Avoid entering data into AI-assisted features (resume optimization, cover letter generation, fit analysis, pitch studio, interview coaching, voice features, company intel).
• Use only the manual-editing, file-management, and account-settings parts of the product, which never invoke AI.
• Export their data via account export (where available).
• Delete their account via the account page, which removes their data per the standard deletion flow.

Human review

• Resume, cover-letter, pitch, and similar drafting outputs are intended for user review and editing before use.
• Scoring, transcription, task breakdowns, and value-proposition suggestions are informational aids and should be reviewed before reliance.
• No AI output is sent to third parties (e.g., email) without explicit user action.

What we do not do

• We do not make automated decisions with legal or similarly significant effects about users (Art. 22 GDPR).
• We do not create or store voiceprints or other biometric identifiers. Audio recorded for interview-practice features is sent to our transcription provider for transient processing, is not retained as audio by HiringCoachAI after the transcript is produced, and is not used to derive a biometric template or otherwise identify the speaker.
• We do not publish AI-generated content that identifies an individual user without that user's explicit action. AI-assisted aggregate insights (e.g., trends across many anonymized users) and AI-assisted product-marketing content may be published; neither identifies an individual user.
• We do not claim AI outputs are authoritative facts. Generated drafts, scores, transcripts, and suggestions should be reviewed before reliance.
• We do not use AI to profile users for targeted advertising.

High-risk uses

HECVAT 4.1.5 includes a High-Risk Evaluation tab; we classify our AI uses as moderate risk because:

• No automated decision-making with legal or similarly significant effects (Art. 22 GDPR)
• No content generation shown to the public under HiringCoachAI's name
• User retains editorial control over drafting outputs; other generated outputs are informational aids

If we ever introduce a high-risk feature (e.g., automated candidate rejection, public publishing), it is gated on a DPIA and consent update.

Regulatory classification (employment AI)

HiringCoachAI's AI-assisted features — including resume-vs-job-description fit analysis, interview-practice scoring, and pitch feedback — are consumer-facing self-assessment tools used at the user's request to evaluate the user's own materials. The user is the data subject and the decision-maker. HiringCoachAI is not engaged by an employer, recruiter, or staffing agency to evaluate, rank, filter, or select candidates, and does not produce an employment decision about the user.

Where an institution (such as a university career-services office) is contractually authorized under a sponsored-program agreement to view participant content — including AI-assisted fit scores, drafts, and feedback — for the purpose of coaching or advising individual participants, that authorized view is informational support to the participant. It does not constitute an employment decision, a selection decision, or a consequential decision about the participant. The participant remains the data subject; the institution does not use the AI output to make hiring, admission, ranking, or allocation decisions about the participant.

On that basis:

• EU AI Act Annex III §4 (AI systems intended for the recruitment or selection of natural persons, including to analyse and filter job applications and evaluate candidates) addresses systems deployed by recruiters or employers to make selection decisions. HiringCoachAI's consumer self-assessment use, and authorized institutional coaching use, are outside this scope.
• Colorado SB24-205 (consequential decisions — including employment — by deployers of high-risk AI systems) addresses deployers making the consequential decision. Neither the user evaluating their own materials nor an institutional advisor coaching that user constitutes such a deployer.

If HiringCoachAI is ever engaged for in-product candidate evaluation by an employer, recruiter, or staffing agency, or by an institution to use AI outputs in selection, ranking, or allocation decisions about participants (for example, to determine access to employer introductions, scholarships, or program admission), those deployments are outside the standard service and require a separate Data Processing Agreement and a high-risk AI assessment before any in-scope participant data is processed.

Bias and fairness

The bias-evaluation methodology is documented at the AI bias evaluation page. The first automated baseline run was completed on 2026-05-07 and a remediation rerun was completed on 2026-05-14; both are retained as internal evidence. The latest live run showed no threshold exceeded across the expanded suite: no demographic or name-derived references, no candidate-name leakage, no format or generation failures, same-evidence structured score range within threshold, and passing positive controls.

Accountability

• Privacy Officer / data-protection contact maintains this policy and handles user concerns ([email protected]).
• Engineering implements and maintains the controls.
• Users retain ownership of their content and outputs.

Review

This policy is reviewed annually and on introduction of a new model, vendor, or feature class.

Related

• AI model inventory
• AI bias evaluation
• Privacy policy
• Sub-processors
• Data classification