Effective Date: 4/1/2025
Last Updated: 7/11/2025

website address is: https://consiliari.ai.

1. INTRODUCTION AND SCOPE

1.1 Who We Are

Consiliari AI is a product of Nova Nexus LLC, a limited liability company (“Company,” “we,” “us,” or “our”). We provide artificial intelligence-powered career coaching, strategic guidance, and professional development services through our platform, website, mobile applications, and related services (collectively, the “Service”).

1.2 Our Commitment to Privacy

We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, store, share, and protect your personal information when you use our Service. We believe in transparency and want you to understand exactly how your information is handled.

1.3 Scope and Application

This Privacy Policy applies to all personal information we collect through:

 

  • Our website at consiliari.ai and any subdomains

  • Our mobile applications

  • Our AI coaching platform and services

  • Email communications and customer support interactions

  • Third-party integrations and partnerships

  • Any other services or platforms we operate

 

This Privacy Policy applies regardless of how you access or use our Service, whether through a computer, mobile device, or any other technology.

1.4 International Compliance

We operate globally and are committed to complying with applicable data protection laws in all jurisdictions where we provide services, including but not limited to:

 

  • General Data Protection Regulation (GDPR) in the European Union

  • UK General Data Protection Regulation (UK GDPR) in the United Kingdom

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in California

  • Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada

  • Privacy Act 1988 and Australian Privacy Principles (APPs) in Australia

  • Lei Geral de Proteção de Dados (LGPD) in Brazil

  • Personal Data Protection Act (PDPA) in Singapore

  • Act on the Protection of Personal Information (APPI) in Japan

  • Other applicable privacy and data protection laws

1.5 Definitions

For the purposes of this Privacy Policy:

 

“Personal Information” or “Personal Data” means any information that identifies, relates to, describes, or could reasonably be linked with you or your household, as defined under applicable privacy laws.

 

“Sensitive Personal Information” means personal information that reveals or relates to sensitive characteristics or activities, including but not limited to racial or ethnic origin, religious beliefs, health information, sexual orientation, or precise geolocation data.

 

“Processing” means any operation performed on personal information, including collection, use, storage, disclosure, transfer, or deletion.

 

“Controller” means the entity that determines the purposes and means of processing personal information.

 

“Processor” means an entity that processes personal information on behalf of a controller.

 

“Data Subject” means an identified or identifiable individual whose personal information is processed.

 

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

 

Account Registration Information: When you create an account, we collect your name, email address, password, and any optional profile information you choose to provide, such as your job title, company, industry, career goals, and professional background.

 

Career and Professional Information: To provide personalized AI coaching, we collect detailed information about your career history, including current and previous job titles, companies, employment dates, salary information, skills, certifications, education background, career objectives, and professional challenges you’re facing.

 

Uploaded Documents and Files: You may upload documents such as resumes, cover letters, performance reviews, job descriptions, salary negotiation materials, and other career-related documents. We process the content of these documents to provide coaching and recommendations.

 

Communication and Support Information: When you contact us for customer support, participate in surveys, or communicate with us through any channel, we collect the information you provide, including your messages, feedback, questions, and any additional information you share.

 

Payment and Billing Information: For paid subscriptions, we collect billing information including your name, billing address, and payment method details. Payment processing is handled by third-party payment processors who have their own privacy policies.

 

AI Coaching Session Data: We collect and store your interactions with our AI coaching system, including questions you ask, responses you receive, coaching session transcripts, goal-setting information, progress tracking data, and feedback you provide about the coaching experience.

2.2 Information We Collect Automatically

When you use our Service, we automatically collect certain information:

 

Device and Technical Information: We collect information about the device you use to access our Service, including device type, operating system, browser type and version, screen resolution, device identifiers, and mobile network information.

 

Usage and Activity Information: We collect information about how you use our Service, including pages visited, features used, time spent on different sections, click patterns, search queries, coaching session frequency and duration, and interaction patterns with our AI system.

 

Log Information: Our servers automatically record information when you use our Service, including IP address, access times, pages requested, referring website addresses, and browser information.

 

Location Information: We may collect general location information based on your IP address to provide localized content and comply with applicable laws. We do not collect precise geolocation data unless you explicitly consent.

2.3 Information from Third-Party Sources

We may collect information about you from third-party sources:

 

Professional Networking Platforms: With your consent, we may access information from your LinkedIn profile or other professional networking platforms to enhance your career profile and provide better coaching recommendations.

 

Calendar and Productivity Applications: If you choose to integrate calendar applications or productivity tools, we may access relevant information to help with scheduling and goal tracking.

 

Public Sources: We may collect publicly available information about companies, industries, and career trends to enhance our coaching recommendations and market intelligence features.

 

Third-Party Analytics and Marketing Services: We use third-party analytics services that may collect information about your use of our Service and other websites or applications.

2.4 Sensitive Personal Information

We may collect certain categories of sensitive personal information as defined under applicable privacy laws:

 

Career and Employment Information: Information about your employment history, salary, performance reviews, and career challenges may be considered sensitive in some jurisdictions.

 

Demographic Information: If you choose to provide demographic information for diversity and inclusion purposes or to receive targeted coaching, this information may be considered sensitive.

 

Health and Wellness Information: If you share information about work-related stress, work-life balance challenges, or other health-related career concerns during coaching sessions, this may be considered sensitive health information.

 

We only collect sensitive personal information when necessary for providing our services and with appropriate consent where required by law.

 

3. HOW WE USE YOUR INFORMATION

3.1 Primary Service Purposes

We use your personal information to provide, maintain, and improve our AI-powered career coaching services:

 

Personalized AI Coaching: We analyze your career information, goals, and challenges to provide personalized coaching recommendations, career strategies, skill development suggestions, and professional guidance tailored to your specific situation and objectives.

 

Career Assessment and Analysis: We use your professional information to conduct career assessments, identify skill gaps, analyze market positioning, evaluate career progression opportunities, and provide strategic career planning recommendations.

 

Market Intelligence and Insights: We process your industry and role information to provide relevant market trends, salary benchmarking data, industry insights, job market analysis, and competitive intelligence to support your career decisions.

 

Goal Setting and Progress Tracking: We use your career objectives and progress information to help you set achievable goals, track your advancement, measure success metrics, and adjust strategies based on your progress and changing circumstances.

 

Content Personalization: We customize the content, recommendations, and user experience based on your preferences, career stage, industry, and engagement patterns to ensure the most relevant and valuable coaching experience.

3.2 Platform Operation and Improvement

Service Delivery and Functionality: We use your information to operate our platform, process your requests, manage your account, provide customer support, deliver notifications and updates, and ensure the proper functioning of all Service features.

 

AI Model Training and Improvement: We use aggregated and anonymized data to train and improve our AI coaching algorithms, enhance recommendation accuracy, develop new features, and optimize the overall coaching experience. We do not use your personal information for AI training without appropriate consent and safeguards.

 

Quality Assurance and Safety: We monitor usage patterns to ensure service quality, detect and prevent fraud or abuse, identify security threats, maintain platform safety, and comply with legal obligations and industry standards.

 

Research and Development: We conduct research using aggregated and anonymized data to develop new coaching methodologies, improve career guidance techniques, understand industry trends, and advance the field of AI-powered career development.

3.3 Communication and Engagement

Service Communications: We use your contact information to send important service-related communications, including account notifications, security alerts, billing information, policy updates, and technical announcements.

 

Marketing and Promotional Communications: With your consent, we may send marketing emails, newsletters, promotional offers, educational content, webinar invitations, and information about new features or services that may interest you.

 

Customer Support: We use your information to respond to your inquiries, resolve technical issues, provide assistance with account management, address billing questions, and deliver comprehensive customer support.

 

Community and Networking: If you participate in community features, we may use your information to facilitate networking opportunities, enable peer connections, and enhance collaborative learning experiences.

3.4 Legal and Compliance Purposes

Legal Compliance: We process your information to comply with applicable laws, regulations, legal processes, and governmental requests, including tax obligations, employment law compliance, and data protection requirements.

 

Safety and Security: We use your information to protect the safety and security of our users, prevent fraud and abuse, investigate suspicious activities, enforce our terms of service, and maintain the integrity of our platform.

 

Business Operations: We process information for legitimate business purposes, including financial reporting, business analytics, strategic planning, merger and acquisition activities, and other corporate functions.

 

4. LEGAL BASIS FOR PROCESSING

4.1 GDPR and UK GDPR Legal Bases

For users in the European Union and United Kingdom, we process your personal information based on the following legal bases under GDPR and UK GDPR:

 

Consent (Article 6(1)(a)): We rely on your explicit consent for processing sensitive personal information, marketing communications, optional data collection, third-party integrations, and any processing that requires specific consent under applicable law.

 

Contract Performance (Article 6(1)(b)): We process your information to perform our contract with you, including providing AI coaching services, managing your account, processing payments, delivering requested features, and fulfilling our service obligations.

 

Legitimate Interests (Article 6(1)(f)): We process information based on our legitimate interests in operating and improving our business, including service optimization, fraud prevention, security measures, customer support, research and development, and marketing to existing customers, provided these interests do not override your fundamental rights and freedoms.

 

Legal Obligation (Article 6(1)(c)): We process information to comply with legal obligations, including tax requirements, regulatory compliance, law enforcement requests, and other legal mandates.

 

Vital Interests (Article 6(1)(d)): In rare circumstances, we may process information to protect vital interests, such as preventing serious harm or addressing emergency situations.

 

Public Task (Article 6(1)(e)): We may process information when necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

4.2 Other Jurisdictions

For users in other jurisdictions, we process your personal information based on applicable legal frameworks:

 

CCPA/CPRA (California): We process information for disclosed business purposes, including providing services, improving operations, ensuring security, and complying with legal obligations.

 

PIPEDA (Canada): We process information with appropriate consent and for purposes that a reasonable person would consider appropriate in the circumstances.

 

Privacy Act (Australia): We process information in accordance with the Australian Privacy Principles, including with consent, for primary purposes, and for related secondary purposes.

 

LGPD (Brazil): We process information based on legal bases including consent, contract performance, legitimate interests, legal compliance, and protection of life or physical safety.

 

PDPA (Singapore): We process information with consent, for contract performance, and for other lawful purposes under the Personal Data Protection Act.

 

APPI (Japan): We process information with consent, for contract performance, and for other legitimate purposes under the Act on the Protection of Personal Information.

 

5. INFORMATION SHARING AND DISCLOSURE

5.1 Service Providers and Business Partners

We share your personal information with trusted third-party service providers who assist us in operating our business and providing our services:

 

AI and Technology Partners: We work with artificial intelligence and machine learning service providers to power our coaching algorithms, natural language processing capabilities, and recommendation engines. These partners process your information solely to provide AI services and are bound by strict confidentiality and data protection agreements.

 

Cloud Infrastructure Providers: We use cloud computing services to host our platform, store data securely, and ensure reliable service delivery. Our cloud providers maintain industry-standard security measures and comply with applicable data protection regulations.

 

Payment Processors: We share billing and payment information with payment processing companies to handle subscription payments, process refunds, and manage billing operations. These processors are PCI DSS compliant and maintain strict security standards.

 

Customer Support and Communication Tools: We use third-party tools for customer support, email delivery, and communication management. These providers have access to relevant information needed to deliver support services and communications.

 

Analytics and Performance Monitoring: We work with analytics providers to understand service usage, monitor performance, and improve user experience. These providers receive aggregated and anonymized data or limited personal information necessary for analytics purposes.

5.2 Business Transfers and Corporate Transactions

In the event of a merger, acquisition, sale of assets, bankruptcy, or other corporate transaction, your personal information may be transferred to the acquiring entity or successor organization. We will provide notice of such transfer and any changes to this Privacy Policy through our standard notification procedures.

5.3 Legal Requirements and Safety

We may disclose your personal information when required by law or when we believe disclosure is necessary to:

 

Comply with Legal Obligations: We disclose information in response to valid legal processes, including subpoenas, court orders, search warrants, and other lawful requests from government authorities or law enforcement agencies.

 

Protect Rights and Safety: We may disclose information to protect our rights, property, or safety, or the rights, property, or safety of our users or the public, including preventing fraud, investigating security incidents, and addressing threats or illegal activities.

 

Enforce Terms and Policies: We may disclose information to enforce our Terms of Service, investigate violations, and take appropriate action against users who violate our policies or engage in harmful behavior.

5.4 Consent-Based Sharing

With your explicit consent, we may share your information for additional purposes:

 

Third-Party Integrations: When you choose to connect third-party services (such as LinkedIn, calendar applications, or HR systems), we share relevant information to enable these integrations and provide enhanced functionality.

 

Networking and Community Features: If you participate in networking features or community programs, we may share certain profile information with other users to facilitate professional connections and collaborative opportunities.

 

Research and Academic Partnerships: With your consent, we may share anonymized or aggregated data with research institutions or academic partners for studies related to career development, workplace trends, or AI coaching effectiveness.

5.5 Aggregated and Anonymized Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This includes industry trends, usage statistics, research findings, and market insights that help advance the field of career development and AI coaching.

 

6. INTERNATIONAL DATA TRANSFERS

6.1 Global Operations and Data Transfers

As a global service, we may transfer your personal information to countries other than your country of residence. These transfers are necessary to provide our services, operate our business, and deliver the best possible user experience.

6.2 Adequacy Decisions and Safeguards

European Union and UK Transfers: For transfers from the EU and UK, we ensure appropriate safeguards are in place:

 

  • We transfer data to countries with adequacy decisions from the European Commission or UK authorities

  • We use Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities

  • We implement additional technical and organizational measures to ensure data protection

  • We conduct transfer impact assessments where required

 

Other International Transfers: For transfers involving other jurisdictions, we implement appropriate safeguards including:

 

  • Contractual protections with data recipients

  • Technical security measures during transmission and storage

  • Compliance with applicable cross-border transfer requirements

  • Regular monitoring and assessment of transfer arrangements

6.3 Data Localization and Residency

Where required by local laws, we maintain data residency within specific jurisdictions and comply with data localization requirements. We work with local data centers and service providers to ensure compliance with applicable regulations.

6.4 Your Rights Regarding International Transfers

You have the right to obtain information about international transfers of your personal information, including the safeguards in place. You may also have the right to object to certain transfers or request that your data be processed only within specific jurisdictions, subject to applicable law and service limitations.

 

7. DATA RETENTION AND DELETION

7.1 Retention Principles

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention practices are based on the following principles:

 

Purpose Limitation: We retain information only for the specific purposes for which it was collected and processed, and delete it when those purposes are no longer relevant or necessary.

 

Legal Compliance: We maintain information for periods required by applicable laws, regulations, and legal obligations, including tax records, employment law requirements, and regulatory compliance.

 

Business Necessity: We retain information necessary for legitimate business operations, including customer support, service improvement, fraud prevention, and security purposes.

 

User Control: We provide users with control over their data retention through account settings, deletion requests, and data portability options.

7.2 Specific Retention Periods

Account Information: We retain basic account information (name, email, account preferences) for the duration of your account plus up to 7 years after account closure for legal compliance and business record-keeping purposes.

 

Career and Coaching Data: We retain career information, coaching session data, and professional documents for the duration of your account plus up to 3 years after account closure to provide continuity of service and comply with professional service standards.

 

Communication Records: We retain customer support communications and service-related correspondence for up to 5 years to maintain service quality and resolve any ongoing issues.

 

Payment and Billing Information: We retain payment and billing records for up to 7 years as required by tax and financial regulations, or longer if required by applicable law.

 

Usage and Analytics Data: We retain aggregated usage and analytics data indefinitely for service improvement and research purposes, provided it cannot be used to identify individual users.

 

Marketing and Communication Preferences: We retain marketing preferences and communication settings until you change them or close your account, plus up to 2 years for compliance and preference management purposes.

7.3 Automated Deletion and Data Lifecycle Management

We implement automated systems to manage data lifecycle and ensure timely deletion:

 

Scheduled Deletion: We automatically delete expired data according to our retention schedules, with regular reviews to ensure compliance with retention policies.

 

Data Minimization: We regularly review stored data to identify and delete information that is no longer necessary for our stated purposes.

 

Secure Deletion: When we delete personal information, we use secure deletion methods to ensure data cannot be recovered or reconstructed.

7.4 User-Initiated Deletion

Account Deletion: You can request deletion of your account and associated personal information at any time through your account settings or by contacting our support team.

 

Selective Data Deletion: You can request deletion of specific types of information, such as uploaded documents, coaching session history, or profile information, subject to service functionality requirements.

 

Right to Erasure: Under applicable privacy laws, you may have the right to request erasure of your personal information in certain circumstances, including when the information is no longer necessary, you withdraw consent, or the processing is unlawful.

7.5 Exceptions to Deletion

We may retain certain information longer than standard retention periods when:

 

Legal Requirements: We are required by law to retain information for specific periods or for ongoing legal proceedings.

 

Safety and Security: We need to retain information to protect the safety and security of our users or to prevent fraud and abuse.

 

Legitimate Interests: We have legitimate interests in retaining information, such as for dispute resolution, regulatory compliance, or business continuity purposes.

 

Technical Limitations: Information may persist in backup systems or archives for limited periods due to technical constraints, but we ensure such information is not actively used or accessible.

 

8. YOUR PRIVACY RIGHTS

8.1 Universal Rights

Regardless of your location, you have certain fundamental rights regarding your personal information:

 

Right to Information: You have the right to know what personal information we collect, how we use it, who we share it with, and how long we retain it. This Privacy Policy provides comprehensive information about our data practices.

 

Right to Access: You can request access to the personal information we hold about you, including the right to obtain a copy of your data in a commonly used format.

 

Right to Correction: You can request correction of inaccurate or incomplete personal information. You can also update much of your information directly through your account settings.

 

Right to Deletion: You can request deletion of your personal information in certain circumstances, subject to legal requirements and legitimate business needs.

 

Right to Restrict Processing: You can request that we limit how we process your personal information in certain situations, such as when you contest the accuracy of the data or object to processing.

 

Right to Object: You can object to certain types of processing, including processing for direct marketing purposes or processing based on legitimate interests.

 

Right to Data Portability: You can request that we provide your personal information in a structured, commonly used, and machine-readable format, and you can request that we transmit this data to another service provider where technically feasible.

8.2 Consent Management

Withdrawal of Consent: Where we process your information based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

Granular Consent Controls: We provide granular controls that allow you to manage different types of consent, including marketing communications, optional data collection, and third-party integrations.

 

Consent Records: We maintain records of your consent choices and provide you with access to review and modify these choices through your account settings.

8.3 Communication Preferences

Marketing Communications: You can opt out of marketing communications at any time by using the unsubscribe link in emails, adjusting your account preferences, or contacting our support team.

 

Service Communications: While you cannot opt out of essential service communications (such as security alerts or billing notifications), you can customize the frequency and format of non-essential service communications.

 

Notification Settings: You can control various notification settings through your account preferences, including coaching reminders, progress updates, and feature announcements.

8.4 Account Management Rights

Account Access and Control: You have full control over your account information and can update, modify, or delete most information directly through your account settings.

 

Data Export: You can export your data, including career information, coaching history, and uploaded documents, through our data export tools available in your account settings.

 

Account Closure: You can close your account at any time, which will initiate the deletion process for your personal information according to our retention policies.

8.5 Exercising Your Rights

How to Make Requests: You can exercise your privacy rights by:

 

  • Using the privacy controls in your account settings

  • Contacting our Data Protection Officer at [INSERT DPO EMAIL]

  • Submitting a request through our privacy request form

  • Emailing us at [INSERT PRIVACY EMAIL]

 

Identity Verification: To protect your privacy and security, we may need to verify your identity before processing certain requests. We will use reasonable methods to verify your identity while minimizing the additional personal information we collect for verification purposes.

 

Response Timeframes: We will respond to your requests within the timeframes required by applicable law, typically within 30 days for most requests. For complex requests, we may extend this period and will notify you of any delays.

 

No Discrimination: We will not discriminate against you for exercising your privacy rights. You will not receive different pricing, service quality, or treatment based on your privacy choices.

 

9. DATA SECURITY AND PROTECTION

9.1 Security Framework

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security framework is based on industry best practices and compliance with applicable security standards.

 

Security by Design: We incorporate security considerations into every aspect of our service design and development process, ensuring that privacy and security are built into our systems from the ground up.

 

Multi-Layered Security: We employ multiple layers of security controls, including technical, administrative, and physical safeguards, to create a robust defense against various types of security threats.

 

Continuous Monitoring: We continuously monitor our systems for security threats, vulnerabilities, and suspicious activities, with automated detection and response capabilities.

 

Regular Security Assessments: We conduct regular security assessments, penetration testing, and vulnerability scans to identify and address potential security weaknesses.

9.2 Technical Safeguards

Encryption: We use strong encryption to protect your data both in transit and at rest. All data transmissions are encrypted using industry-standard protocols (TLS 1.3 or higher), and stored data is encrypted using advanced encryption standards (AES-256 or equivalent).

 

Access Controls: We implement strict access controls to ensure that only authorized personnel can access personal information, and only to the extent necessary for their job functions. Access is granted on a need-to-know basis and regularly reviewed.

 

Authentication and Authorization: We use multi-factor authentication, strong password requirements, and role-based access controls to prevent unauthorized access to our systems and your personal information.

 

Network Security: Our network infrastructure includes firewalls, intrusion detection systems, and other security measures to protect against unauthorized access and cyber attacks.

 

Secure Development Practices: We follow secure coding practices, conduct security code reviews, and use automated security testing tools to identify and fix security vulnerabilities in our software.

9.3 Administrative Safeguards

Employee Training: All employees receive comprehensive training on data protection, privacy requirements, and security best practices. We provide regular updates and specialized training for employees who handle personal information.

 

Background Checks: We conduct appropriate background checks for employees who have access to personal information, in accordance with applicable laws and regulations.

 

Incident Response: We maintain a comprehensive incident response plan that includes procedures for detecting, investigating, and responding to security incidents and data breaches.

 

Vendor Management: We carefully vet and monitor third-party service providers who have access to personal information, requiring them to maintain appropriate security measures and comply with our data protection requirements.

 

Policy and Procedure Management: We maintain detailed security policies and procedures that are regularly reviewed and updated to address evolving threats and regulatory requirements.

9.4 Physical Safeguards

Data Center Security: Our data is stored in secure data centers with physical access controls, environmental monitoring, and 24/7 security surveillance.

 

Equipment Security: We implement appropriate controls for the secure disposal and destruction of equipment and media containing personal information.

 

Facility Access Controls: Access to facilities where personal information is processed or stored is restricted to authorized personnel and monitored through access logs and security systems.

9.5 AI and Machine Learning Security

Model Security: We implement security measures to protect our AI models from adversarial attacks, data poisoning, and other AI-specific security threats.

 

Training Data Protection: We ensure that personal information used in AI training is properly anonymized, aggregated, or otherwise protected to prevent unauthorized access or misuse.

 

Output Monitoring: We monitor AI system outputs to detect and prevent the inadvertent disclosure of personal information or generation of harmful content.

9.6 Incident Response and Breach Notification

Incident Detection: We maintain systems and procedures to quickly detect security incidents and potential data breaches.

 

Incident Investigation: When a security incident occurs, we conduct thorough investigations to determine the scope, cause, and impact of the incident.

 

Breach Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and applicable regulatory authorities within the timeframes required by applicable law, typically within 72 hours of becoming aware of the breach.

 

Remediation and Prevention: We take immediate action to contain and remediate security incidents and implement additional measures to prevent similar incidents in the future.

 

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 What Are Cookies and Tracking Technologies

Cookies are small text files that are stored on your device when you visit our website or use our services. We also use similar tracking technologies such as web beacons, pixels, local storage, and software development kits (SDKs) to collect information about your interactions with our Service.

10.2 Types of Cookies We Use

Essential Cookies: These cookies are necessary for the basic functionality of our Service and cannot be disabled. They enable core features such as user authentication, security, and basic navigation.

 

Performance and Analytics Cookies: These cookies help us understand how users interact with our Service by collecting information about page visits, user flows, and feature usage. This information helps us improve our Service and user experience.

 

Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences, language settings, and customized content.

 

Marketing and Advertising Cookies: These cookies are used to deliver relevant advertisements and marketing content, track the effectiveness of marketing campaigns, and prevent the display of repetitive ads.

 

Third-Party Cookies: We may allow third-party service providers to place cookies on your device to provide analytics, advertising, and other services on our behalf.

10.3 Cookie Management and Consent

Cookie Consent: When you first visit our website, we will ask for your consent to use non-essential cookies. You can choose which categories of cookies to accept or reject.

 

Cookie Settings: You can manage your cookie preferences at any time through our cookie settings panel, which is accessible through our website footer or privacy settings.

 

Browser Controls: You can also control cookies through your browser settings. Most browsers allow you to block or delete cookies, though this may affect the functionality of our Service.

 

Opt-Out Options: For certain third-party cookies, we provide direct opt-out links or instructions for opting out of specific tracking services.

10.4 Local Storage and Other Technologies

Local Storage: We may use local storage technologies to store information locally on your device for improved performance and functionality.

 

Web Beacons and Pixels: We use web beacons and tracking pixels to monitor email opens, track user interactions, and measure the effectiveness of our communications.

 

Mobile SDKs: In our mobile applications, we may use software development kits (SDKs) that collect information about app usage, performance, and user interactions.

10.5 Cross-Device Tracking

We may use information collected from different devices to provide a consistent experience across your devices and to better understand your usage patterns. You can limit cross-device tracking through your device settings and privacy controls.

10.6 Do Not Track Signals

Currently, our Service does not respond to “Do Not Track” signals from browsers. However, you can control tracking through the cookie and privacy settings we provide.

 

11. THIRD-PARTY SERVICES AND INTEGRATIONS

11.1 Third-Party Service Providers

We work with various third-party service providers to deliver our Service and enhance your experience. These providers have access to certain personal information as necessary to perform their functions.

 

AI and Machine Learning Services: We use third-party AI services to power certain aspects of our coaching platform. These services process your information according to their own privacy policies and our data processing agreements.

 

Cloud Infrastructure: Our Service is hosted on cloud platforms that provide secure, scalable infrastructure. These providers maintain strict security standards and comply with applicable data protection regulations.

 

Payment Processing: We use third-party payment processors to handle subscription payments and billing. These processors are PCI DSS compliant and maintain their own privacy policies.

 

Analytics and Performance Monitoring: We use analytics services to understand how our Service is used and to identify areas for improvement. These services may collect usage data and technical information.

 

Customer Support Tools: We use third-party tools to provide customer support, manage communications, and track support requests.

11.2 Professional Platform Integrations

LinkedIn Integration: With your consent, we may integrate with LinkedIn to access your professional profile information and enhance your career coaching experience.

 

Calendar Applications: You may choose to connect calendar applications to help with scheduling and goal tracking. We access only the information necessary for these features.

 

HR and Productivity Systems: For enterprise customers, we may integrate with HR information systems and productivity tools to provide enhanced coaching and analytics features.

11.3 Third-Party Privacy Policies

Each third-party service provider has its own privacy policy that governs how they collect, use, and protect your information. We encourage you to review these privacy policies to understand how your information is handled by these providers.

 

Due Diligence: We conduct due diligence on third-party providers to ensure they maintain appropriate privacy and security standards.

 

Data Processing Agreements: We enter into data processing agreements with third-party providers that handle personal information on our behalf, ensuring they comply with applicable data protection requirements.

11.4 Social Media and External Links

Our Service may contain links to social media platforms and other external websites. We are not responsible for the privacy practices of these external sites, and we encourage you to review their privacy policies before providing any personal information.

11.5 Third-Party Content and Advertising

We may display content or advertisements from third parties. These third parties may use tracking technologies to collect information about your interactions with their content.

 

12. AI AND AUTOMATED DECISION-MAKING

12.1 AI-Powered Features

Our Service uses artificial intelligence and machine learning technologies to provide personalized career coaching, recommendations, and insights. Understanding how these technologies work and your rights regarding automated decision-making is important for your privacy.

 

AI Coaching System: Our AI coaching system analyzes your career information, goals, and interactions to provide personalized advice, recommendations, and strategic guidance. The AI processes your input and generates responses based on trained models and algorithms.

 

Recommendation Algorithms: We use algorithms to recommend career opportunities, skill development paths, networking connections, and other relevant content based on your profile and preferences.

 

Predictive Analytics: Our system may use predictive analytics to forecast career trends, salary projections, and market opportunities relevant to your professional development.

 

Natural Language Processing: We use natural language processing to understand and respond to your questions, analyze uploaded documents, and extract relevant information from your communications.

12.2 Human Oversight and Review

Human-in-the-Loop: While our AI system provides automated recommendations and responses, we maintain human oversight to ensure quality, accuracy, and appropriateness of AI-generated content.

 

Quality Assurance: We regularly review AI outputs and user feedback to identify and correct any issues with automated decision-making processes.

 

Escalation Procedures: Complex or sensitive situations may be escalated to human reviewers to ensure appropriate handling and personalized attention.

12.3 Your Rights Regarding Automated Decision-Making

Right to Human Review: Under certain privacy laws, you have the right to request human review of automated decisions that significantly affect you.

 

Right to Explanation: You can request information about the logic, significance, and consequences of automated decision-making processes that affect you.

 

Right to Object: You may have the right to object to automated decision-making in certain circumstances, particularly when it involves sensitive personal information or has legal or similarly significant effects.

 

Right to Correction: If you believe an automated decision is based on inaccurate information, you can request correction of the underlying data and reconsideration of the decision.

12.4 Limitations and Disclaimers

AI Limitations: Our AI system has limitations and may not always provide accurate, complete, or appropriate recommendations. AI-generated content should be considered as guidance rather than definitive advice.

 

No Guarantee of Outcomes: We do not guarantee any specific career outcomes based on AI recommendations. Career success depends on many factors beyond our AI system’s scope.

 

Human Judgment Required: Important career decisions should involve human judgment and consideration of factors that may not be captured by our AI system.

12.5 AI Training and Improvement

Model Training: We use aggregated and anonymized data to train and improve our AI models. We do not use your personal information for AI training without appropriate consent and safeguards.

 

Feedback Integration: We may use your feedback about AI recommendations to improve our algorithms and provide better coaching experiences for all users.

 

Bias Prevention: We implement measures to detect and mitigate bias in our AI systems to ensure fair and equitable treatment of all users.

 

13. CHILDREN’S PRIVACY

13.1 Age Restrictions

Our Service is not intended for children under the age of 18. We do not knowingly collect, use, or disclose personal information from children under 18 years of age. If you are under 18, please do not use our Service or provide any personal information to us.

13.2 Parental Consent

In jurisdictions where children between 13 and 18 may use career development services with parental consent, we require verifiable parental consent before collecting any personal information from such users.

13.3 Discovery of Children’s Information

If we become aware that we have collected personal information from a child under 18 without appropriate consent, we will take immediate steps to delete such information from our systems.

13.4 Educational Use

If our Service is used in educational settings where students under 18 may have access, we work with educational institutions to ensure appropriate consent and protection measures are in place.

13.5 Reporting Concerns

If you believe we have collected information from a child under 18, please contact us immediately at [INSERT PRIVACY EMAIL] so we can take appropriate action.

 

14. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

14.1 Scope and Application

This section applies to California residents and describes your rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

14.2 Categories of Personal Information We Collect

Under the CCPA, we collect the following categories of personal information:

 

Identifiers: Name, email address, account username, IP address, device identifiers, and other similar identifiers.

 

Personal Information under Cal. Civ. Code § 1798.80(e): Name, address, telephone number, employment information, education information, and financial information.

 

Protected Characteristics: Age, gender, race, ethnicity, and other characteristics protected under California or federal law (only if voluntarily provided).

 

Commercial Information: Subscription information, payment history, and records of services purchased or considered.

 

Internet or Network Activity: Browsing history on our Service, search history, and information about your interaction with our website and applications.

 

Geolocation Data: General location information derived from IP address.

 

Professional or Employment Information: Current and past job information, career history, skills, and professional goals.

 

Education Information: Educational background, certifications, and training history.

 

Inferences: Profiles reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

14.3 Sources of Personal Information

We collect personal information from:

 

  • Directly from you when you provide it to us

  • Automatically when you use our Service

  • From third parties such as professional networking platforms (with your consent)

  • From public sources and databases

14.4 Business Purposes for Collection

We collect and use personal information for the following business purposes:

 

  • Providing and maintaining our Service

  • Processing transactions and managing accounts

  • Improving and developing our Service

  • Customer support and communication

  • Marketing and advertising (with consent)

  • Security and fraud prevention

  • Legal compliance and protection of rights

14.5 Categories of Third Parties

We may share personal information with:

 

  • Service providers and contractors

  • Professional service providers (legal, accounting, consulting)

  • Technology partners and AI service providers

  • Payment processors

  • Analytics and advertising partners

  • Government agencies (when required by law)

14.6 Your California Privacy Rights

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.

 

Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions for legal compliance, security, and other legitimate purposes.

 

Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.

 

Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information. We do not sell personal information in the traditional sense, but some data sharing for advertising purposes may be considered “sharing” under the CCPA.

 

Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to purposes necessary to provide our Service.

 

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights, including by denying services, charging different prices, or providing different quality of service.

14.7 How to Exercise Your Rights

You can exercise your California privacy rights by:

 

  • Using the privacy controls in your account settings

  • Submitting a request through our online form at [INSERT URL]

  • Calling our toll-free number at [INSERT PHONE NUMBER]

  • Emailing us at [INSERT PRIVACY EMAIL]

14.8 Verification Process

To protect your privacy, we will verify your identity before processing requests. We may ask for additional information to verify your identity, and we will only use this information for verification purposes.

14.9 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We require written authorization from you and may require the agent to provide proof of their authorization.

14.10 Response Timeframes

We will respond to your requests within 45 days, with the possibility of a 45-day extension for complex requests. We will notify you if we need additional time to process your request.

14.11 Do Not Sell or Share My Personal Information

We provide a “Do Not Sell or Share My Personal Information” link on our website footer that allows you to opt out of any activities that may be considered selling or sharing under the CCPA.

 

15. EUROPEAN UNION AND UK PRIVACY RIGHTS (GDPR)

15.1 Scope and Application

This section applies to individuals in the European Union and United Kingdom and describes your rights under the General Data Protection Regulation (GDPR) and UK GDPR.

15.2 Controller Information

Nova Nexus LLC acts as the data controller for the personal information we collect and process. Our representative in the EU/UK (if applicable) can be contacted at [INSERT EU/UK REPRESENTATIVE CONTACT].

15.3 Your GDPR Rights

Right to Information (Articles 13-14): You have the right to receive clear and transparent information about how we process your personal data, as provided in this Privacy Policy.

 

Right of Access (Article 15): You have the right to obtain confirmation of whether we process your personal data and, if so, to access that data along with specific information about the processing.

 

Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data and to have incomplete personal data completed.

 

Right to Erasure (Article 17): You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the original purpose or when you withdraw consent.

 

Right to Restrict Processing (Article 18): You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or object to processing.

 

Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

 

Right to Object (Article 21): You have the right to object to processing based on legitimate interests, direct marketing, or processing for scientific/historical research or statistical purposes.

 

Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, with certain exceptions.

15.4 Lawful Basis for Processing

We process your personal data based on the following lawful bases under GDPR:

 

Consent (Article 6(1)(a)): For marketing communications, optional features, and processing that requires explicit consent.

 

Contract (Article 6(1)(b)): For providing our services, managing your account, and fulfilling our contractual obligations.

 

Legitimate Interests (Article 6(1)(f)): For service improvement, fraud prevention, security, and other legitimate business purposes, provided our interests do not override your fundamental rights.

 

Legal Obligation (Article 6(1)(c)): For compliance with legal requirements and regulatory obligations.

15.5 Special Categories of Personal Data

If we process special categories of personal data (such as health information related to work stress), we ensure we have an appropriate lawful basis under Article 9 of GDPR, such as explicit consent or processing necessary for health or social care purposes.

15.6 International Transfers

When we transfer your personal data outside the EU/UK, we ensure appropriate safeguards are in place, including:

 

  • Adequacy decisions by the European Commission or UK authorities

  • Standard Contractual Clauses (SCCs)

  • Binding Corporate Rules (where applicable)

  • Additional technical and organizational measures

15.7 Data Protection Officer

We have appointed a Data Protection Officer (DPO) who can be contacted at [INSERT DPO EMAIL] for questions about data protection and privacy.

15.8 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state or UK where you habitually reside, work, or where an alleged infringement occurred.

15.9 Exercising Your Rights

You can exercise your GDPR rights by:

 

  • Using the privacy controls in your account settings

  • Contacting our Data Protection Officer at [INSERT DPO EMAIL]

  • Submitting a request through our privacy request form

  • Writing to us at our registered address

15.10 Response Timeframes

We will respond to your requests within one month, with the possibility of a two-month extension for complex requests. We will inform you of any extension and the reasons for it.

 

16. CANADIAN PRIVACY RIGHTS (PIPEDA)

16.1 Scope and Application

This section applies to individuals in Canada and describes your rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial privacy laws.

16.2 PIPEDA Compliance

We comply with PIPEDA’s 10 Fair Information Principles:

 

Accountability: We are responsible for personal information under our control and have designated a Chief Privacy Officer accountable for our compliance with PIPEDA.

 

Identifying Purposes: We identify the purposes for which personal information is collected at or before the time of collection, as described in this Privacy Policy.

 

Consent: We obtain your knowledge and consent for the collection, use, and disclosure of personal information, except where inappropriate.

 

Limiting Collection: We limit the collection of personal information to what is necessary for the identified purposes and collect information by fair and lawful means.

 

Limiting Use, Disclosure, and Retention: We use and disclose personal information only for the purposes for which it was collected, except with your consent or as required by law. We retain information only as long as necessary.

 

Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is used.

 

Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information.

 

Openness: We make information about our policies and practices relating to personal information readily available, as provided in this Privacy Policy.

 

Individual Access: Upon request, we inform you of the existence, use, and disclosure of your personal information and give you access to that information.

 

Challenging Compliance: You can challenge our compliance with PIPEDA principles by contacting our Chief Privacy Officer.

16.3 Your Rights Under PIPEDA

Right to Access: You have the right to access your personal information and receive information about how it has been used and disclosed.

 

Right to Correction: You have the right to challenge the accuracy and completeness of your personal information and have it corrected as appropriate.

 

Right to Withdraw Consent: You can withdraw your consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.

 

Right to Complain: You can file a complaint with the Privacy Commissioner of Canada if you believe we have not complied with PIPEDA.

16.4 Consent Under PIPEDA

Meaningful Consent: We ensure that consent is meaningful by providing clear information about the purposes for which personal information is collected, used, and disclosed.

 

Form of Consent: Consent may be express or implied, depending on the circumstances and the sensitivity of the information.

 

Withdrawal of Consent: You can withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.

16.5 Cross-Border Transfers

When we transfer personal information outside Canada, we ensure appropriate protections are in place and inform you of the purposes and destinations of such transfers.

16.6 Privacy Officer Contact

Our Chief Privacy Officer can be contacted at [INSERT CPO EMAIL] for questions about our privacy practices or to exercise your rights under PIPEDA.

 

17. OTHER INTERNATIONAL PRIVACY RIGHTS

17.1 Australia – Privacy Act and Australian Privacy Principles

For Australian users, we comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs):

 

Your Rights:

 

  • Right to access your personal information

  • Right to correct inaccurate or incomplete information

  • Right to complain to the Office of the Australian Information Commissioner (OAIC)

 

Our Obligations:

 

  • Open and transparent management of personal information

  • Collection only when necessary for our functions

  • Notification of collection purposes

  • Secure handling and storage of personal information

17.2 Brazil – Lei Geral de Proteção de Dados (LGPD)

For Brazilian users, we comply with the LGPD:

 

Your Rights:

 

  • Right to confirmation of processing

  • Right to access your personal data

  • Right to correction of incomplete or inaccurate data

  • Right to anonymization, blocking, or deletion

  • Right to data portability

  • Right to information about data sharing

  • Right to revoke consent

 

Legal Bases for Processing:

 

  • Consent

  • Contract performance

  • Legal obligation

  • Legitimate interests

  • Protection of life or physical safety

17.3 Singapore – Personal Data Protection Act (PDPA)

For Singapore users, we comply with the PDPA:

 

Your Rights:

 

  • Right to access your personal data

  • Right to correct inaccurate personal data

  • Right to withdraw consent (where applicable)

 

Our Obligations:

 

  • Obtain consent for collection, use, and disclosure

  • Notify you of purposes for collection

  • Ensure accuracy of personal data

  • Protect personal data with reasonable security arrangements

17.4 Japan – Act on the Protection of Personal Information (APPI)

For Japanese users, we comply with the APPI:

 

Your Rights:

 

  • Right to disclosure of personal information

  • Right to correction or deletion

  • Right to suspension of use or provision to third parties

  • Right to complain to the Personal Information Protection Commission

 

Our Obligations:

 

  • Obtain consent for use beyond original purposes

  • Implement safety management measures

  • Provide notice of purposes for use

  • Restrict third-party provision without consent

17.5 Other Jurisdictions

We monitor and comply with privacy laws in other jurisdictions where we operate or have users. If you are located in a jurisdiction not specifically mentioned in this Privacy Policy, you may still have privacy rights under local laws, and we encourage you to contact us to learn more about how we protect your privacy.

 

18. DATA BREACH NOTIFICATION

18.1 Our Commitment to Data Security

We take data security seriously and have implemented comprehensive measures to protect your personal information. However, no system is completely secure, and we have procedures in place to respond quickly and effectively to any security incidents.

18.2 Incident Detection and Response

Monitoring and Detection: We continuously monitor our systems for security threats and potential data breaches using automated tools and security personnel.

 

Immediate Response: When a potential security incident is detected, we immediately activate our incident response team to investigate and contain the incident.

 

Assessment and Investigation: We conduct thorough investigations to determine the scope, cause, and impact of any security incident, including whether personal information was involved.

18.3 Notification Procedures

Regulatory Notification: If a data breach poses a risk to your rights and freedoms, we will notify applicable regulatory authorities within 72 hours of becoming aware of the breach, as required by applicable law.

 

Individual Notification: If a data breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, typically within 72 hours of confirming the breach.

 

Public Notification: In cases where individual notification is not possible or would require disproportionate effort, we may provide public notification through our website or other appropriate channels.

18.4 Information Included in Notifications

When we notify you of a data breach, we will include:

 

  • Description of the nature of the breach

  • Categories and approximate number of individuals affected

  • Categories and approximate number of personal data records affected

  • Likely consequences of the breach

  • Measures we have taken or propose to take to address the breach

  • Contact information for further inquiries

18.5 Remediation and Prevention

Immediate Remediation: We take immediate action to contain and remediate security incidents, including securing affected systems and preventing further unauthorized access.

 

Support for Affected Individuals: We provide appropriate support and resources for individuals affected by data breaches, which may include credit monitoring services or other protective measures.

 

Preventive Measures: We implement additional security measures and controls to prevent similar incidents in the future and regularly review and update our security practices.

18.6 Cooperation with Authorities

We cooperate fully with law enforcement and regulatory authorities in the investigation of security incidents and data breaches, providing necessary information and assistance as required by law.

 

19. CHANGES TO THIS PRIVACY POLICY

19.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We are committed to keeping you informed about any changes that may affect your privacy rights.

19.2 Types of Changes

Material Changes: Material changes that significantly affect how we collect, use, or share your personal information will be communicated with prominent notice and, where required by law, your consent.

 

Non-Material Changes: Minor changes, such as clarifications, formatting improvements, or updates to contact information, may be made without special notice.

 

Legal Requirement Changes: Changes required by new laws or regulations will be implemented as necessary to ensure compliance.

19.3 Notification Methods

Email Notification: For material changes, we will send email notifications to the address associated with your account at least 30 days before the changes take effect.

 

In-Service Notifications: We may display notifications within our Service to alert you to important privacy policy changes.

 

Website Notice: We will post notices of privacy policy changes on our website and update the “Last Updated” date at the top of this policy.

19.4 Your Options

Review and Accept: You will have the opportunity to review changes before they take effect and decide whether to continue using our Service under the updated terms.

 

Opt-Out or Object: For certain types of changes, you may have the right to opt out or object to new processing activities.

 

Account Closure: If you disagree with material changes to this Privacy Policy, you may choose to close your account before the changes take effect.

19.5 Continued Use

Your continued use of our Service after privacy policy changes take effect constitutes your acceptance of the updated policy, unless you have opted out or objected to specific changes where permitted by law.

19.6 Historical Versions

We maintain historical versions of our Privacy Policy for reference. You can request access to previous versions by contacting our privacy team.

 

20. CONTACT INFORMATION AND DATA PROTECTION OFFICER

20.1 General Privacy Inquiries

For general questions about this Privacy Policy or our privacy practices, please contact us:

 

Email: [INSERT PRIVACY EMAIL]
Phone: [INSERT PHONE NUMBER]
Mail: Nova Nexus LLC
[INSERT MAILING ADDRESS]

20.2 Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection compliance and serve as a point of contact for privacy-related matters:

 

Data Protection Officer

Email: privacy@consiliari.ai
Phone: +1-939-383-3027

Mail: Data Protection Officer
Nova Nexus LLC
100 Cecilio Urbina St, Unit 213 Guaynabo, PR 00970

20.3 Regional Representatives

x

20.4 Privacy Rights Requests

To exercise your privacy rights or submit privacy-related requests:

Email: privacy@consiliari.ai
Phone: +1-939-383-3027

20.5 Regulatory Authorities

If you believe we have not adequately addressed your privacy concerns, you may contact the relevant regulatory authority:

 

European Union: Your local Data Protection Authority
United Kingdom: Information Commissioner’s Office (ICO)
California: California Privacy Protection Agency
Canada: Office of the Privacy Commissioner of Canada
Australia: Office of the Australian Information Commissioner

20.6 Response Timeframes

We strive to respond to all privacy inquiries promptly:

 

  • General inquiries: Within 5 business days

  • Privacy rights requests: Within 30 days (or as required by applicable law)

  • Urgent security matters: Within 24 hours

 

 

This Privacy Policy is effective as of 4/1/2025 and was last updated on 7/11/2025

 

© 2025 Nova Nexus LLC. All rights reserved.