CapCore Systems, LLC (“Company,” “we,” “our,” or “us”) is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you visit our website at capcoresystems.com or use our products and services (collectively, the “Services”), including our AI-powered career tools, specialist platforms, and subscription products.

This policy is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable data protection laws. Please read this policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the practices described herein.

1. Information We Collect

We collect information in the following categories:

1.1 Information You Provide Directly

• Account Information: Name, email address, username, and password when you create an account.
• Payment Information: Billing address, payment card details, or other payment method information processed through our third-party payment processor (Stripe). We do not store full payment card numbers on our servers.
• Profile Information: Professional details, career history, resumes, and other content you upload or input into our AI tools and specialist platforms.
• Communications: Messages, feedback, support requests, and any other information you provide when you contact us.
• User-Generated Content: Inputs, prompts, documents, and other content you submit to our AI-powered services, including ClarityOS, SmartHire Toolkit, Career Accelerator, and Business Builder tools.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, click patterns, session duration, referring URLs, and actions taken within our Services.
• Device Information: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
• Location Data: Approximate geographic location based on your IP address.
• Log Data: Server logs that record requests made to our servers, including timestamps, error logs, and system activity.

1.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activity. These include:

• Essential Cookies: Required for basic site functionality, authentication, and security. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our Services (e.g., Google Analytics, MonsterInsights).
• Functional Cookies: Remember your preferences and settings to enhance your experience.
• Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Please note that disabling certain cookies may limit functionality of our Services.

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data only when we have a valid legal basis under Article 6 of the GDPR. The legal bases we rely on include:

• Performance of a Contract (Article 6(1)(b)): Processing necessary to provide our Services, fulfill subscriptions, manage your account, and process payments.
• Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for specific purposes, such as marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including improving our Services, fraud prevention, security, and analytics, provided these interests are not overridden by your fundamental rights and freedoms.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: Provide, operate, personalize, and maintain our Services, including AI-powered career tools and specialist platforms.
• Transaction Processing: Process purchases, manage subscriptions, issue refunds, and send transaction confirmations.
• AI Service Operation: Process inputs you provide to our AI tools to generate outputs, recommendations, and analyses. See Section 11 for details on automated decision-making.
• Communication: Respond to inquiries, provide customer support, and send service-related notices (account confirmations, security alerts, policy changes).
• Marketing: Send promotional communications about our products and services where you have opted in or where we have a legitimate interest. You can unsubscribe at any time.
• Analytics and Improvement: Analyze usage patterns, conduct research, and improve the quality, functionality, and user experience of our Services.
• Security and Fraud Prevention: Detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
• Legal Compliance: Comply with applicable laws, regulations, legal processes, and enforceable governmental requests.

4. Sharing Your Information

We may share your personal information with the following categories of recipients:

• Service Providers: Third-party vendors who assist us in operating our Services, including:
  • Payment processing (Stripe)
  • Email marketing and communications (Klaviyo)
  • Website hosting and infrastructure (WordPress.com / Bluehost)
  • Analytics and performance monitoring (Google Analytics, MonsterInsights)
  • AI model providers that process your inputs to generate outputs
  These providers are contractually obligated to process your data only as necessary to provide their services and to maintain appropriate security measures.
• Legal Requirements: When required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website of any change in ownership or uses of your personal information.
• With Your Consent: We may share your information for other purposes when you have provided explicit consent.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy. Specific retention periods are as follows:

• Account Data: Retained for the duration of your active account plus 30 days after account deletion to allow for recovery.
• Transaction Records: Retained for 7 years to comply with tax and financial reporting obligations.
• AI Interaction Data: Inputs and outputs from AI tools are retained for up to 90 days for service improvement and debugging, unless you request earlier deletion.
• Marketing Data: Retained until you unsubscribe or withdraw consent, plus up to 30 days for processing the opt-out.
• Server Logs: Retained for up to 12 months for security and troubleshooting purposes.
• Cookie Data: Retention periods vary by cookie type; see our cookie descriptions above for details.

When personal data is no longer required, we securely delete or anonymize it in accordance with our data management procedures.

6. Security of Your Information

We implement reasonable and appropriate administrative, technical, and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Secure payment processing through PCI-compliant providers
• Access controls and authentication requirements for our systems
• Regular security assessments and monitoring
• Employee training on data protection practices

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. If you believe your account has been compromised, please contact us immediately.

7. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

7.1 Rights Under the GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR:

• Right of Access (Article 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data.
• Right to Erasure (Article 17): Request deletion of your personal data (“right to be forgotten”) when it is no longer necessary for the purposes collected, or when you withdraw consent.
• Right to Restriction of Processing (Article 18): Request that we restrict processing of your personal data in certain circumstances.
• Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
• Right to Object (Article 21): Object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority if you believe your rights have been violated.

7.2 Rights Under the CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
• Right to Delete: Request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. If this practice changes in the future, we will provide a clear “Do Not Sell or Share My Personal Information” link and update this policy accordingly.
• Right to Limit Use of Sensitive Personal Information: Direct us to limit the use and disclosure of your sensitive personal information to purposes necessary for providing the Services.
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising any of your CCPA/CPRA rights. We will not deny you Services, charge different prices, provide a different level of quality, or suggest that you would receive different treatment for exercising your rights.

7.3 Categories of Personal Information (California Disclosure)

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers: Name, email address, IP address, account name (collected for account management and service delivery).
• Commercial Information: Purchase history, subscription records, products or services purchased (collected for transaction processing and service delivery).
• Internet or Network Activity: Browsing history on our site, search history, interactions with our Services (collected for analytics, security, and service improvement).
• Professional or Employment Information: Career history, resumes, and professional details you provide to our AI tools (collected for service delivery).
• Inferences: Profiles and recommendations generated by our AI tools based on information you provide (generated for service delivery).

7.4 Exercising Your Rights

To exercise any of the rights described above, please contact us using one of the following methods:

• Email: privacy@capcoresystems.com
• Mail: CapCore Systems, LLC, Attn: Privacy Rights

We will respond to verifiable requests within 30 days (GDPR) or 45 days (CCPA). If we need additional time, we will inform you of the reason and extension period. We may ask you to verify your identity before processing your request to protect your privacy and security. You may also designate an authorized agent to make a request on your behalf under the CCPA.

8. International Data Transfers

CapCore Systems, LLC is based in the United States. If you access our Services from outside the United States, your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For individuals in the EEA, UK, or Switzerland, we ensure that any international transfer of personal data is protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Your explicit consent where other safeguards are not available

By using our Services, you acknowledge and consent to the transfer and processing of your data as described in this policy.

9. Cookies and Tracking Technologies

We use cookies and similar technologies as described in Section 1.3. You have the following choices regarding cookies:

• Browser Settings: Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies, accept only certain cookies, or notify you when a cookie is set.
• Opt-Out Links: For analytics cookies, you can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
• Do Not Track: Our website currently does not respond to “Do Not Track” browser signals, as there is no industry-wide standard for this technology. We will update this policy if a uniform standard is adopted.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, plugins, or services that are not operated by us. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party service you access through our platform.

11. Automated Decision-Making and AI Processing

Our Services include AI-powered tools that process your inputs to generate career recommendations, business insights, resume analyses, and other outputs. Important information about this processing:

• How It Works: When you use our AI tools (including ClarityOS, SmartHire Toolkit, Career Accelerator, and Business Builder), your inputs are processed by AI models to generate personalized outputs. This processing is integral to the service you have requested.
• Human Oversight: Our AI tools are designed to assist and augment human decision-making, not replace it. We recommend that users exercise independent judgment when acting on AI-generated recommendations.
• No Solely Automated Decisions with Legal Effect: We do not make decisions based solely on automated processing that produce legal effects or similarly significant effects concerning you without human involvement.
• Data Usage: Inputs you provide to our AI tools are used to generate your requested outputs. We may use aggregated, de-identified interaction data to improve our AI models and Services. We do not use your individual inputs to train AI models without your explicit consent.
• Your Rights: Under the GDPR, you have the right to request human intervention in automated decision-making, to express your point of view, and to contest decisions. Contact us at privacy@capcoresystems.com to exercise these rights.

For more information about our AI practices, please see our AI Use Disclosure page.

12. Children’s Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@capcoresystems.com. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to remove that information from our systems promptly.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required under GDPR Article 33.
• Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms, as required under GDPR Article 34.
• Notify affected California residents as required under California Civil Code Section 1798.82.
• Provide information about the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.

14. Do Not Sell or Share My Personal Information

CapCore Systems does not sell your personal information. We do not sell, rent, or trade personal information to third parties for monetary or other valuable consideration as defined by the CCPA/CPRA. We also do not share personal information for cross-context behavioral advertising purposes.

If our practices change in the future, we will update this policy, provide prominent notice, and offer a clear opt-out mechanism before any such change takes effect.

15. Financial Incentive Disclosure

We may offer promotional discounts, loyalty programs, or other incentive programs in connection with our Services. Participation in these programs is voluntary. The value of any financial incentive we offer is reasonably related to the value of the data you provide. You may opt out of any financial incentive program at any time by contacting us or following the instructions provided in the program terms.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on this page with a revised “Last updated” date.
• Notify registered users via email of any material changes.
• Obtain renewed consent where required by applicable law.

We encourage you to review this policy periodically to stay informed about how we protect your information.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your privacy rights, please contact us:

• Email: privacy@capcoresystems.com
• General Inquiries: hello@capcoresystems.com
• Website: capcoresystems.com/contact

For GDPR-related inquiries, you may also contact your local data protection supervisory authority.