Privacy Policy

Information we collect

When you create an account, we collect your email address, name, and authentication credentials through our identity provider (Clerk). If you complete the onboarding process, we collect additional career context including your current role, target role, experience level, location, and study preferences.

When you complete the RIASEC career personality assessment, we store your responses and computed scores. If you complete scenario exercises, we store your written responses, evaluation results, and behavioral dimension scores. This behavioral data is the core of your DecipherU profile.

We automatically collect basic usage data including pages visited, features used, and session duration to improve the platform experience.

How we use your information

Your career context and behavioral data are used to personalize career recommendations, match you with relevant certification paths, and generate scenario exercises calibrated to your skill level.

If you opt into the employer matching program, an anonymized version of your behavioral profile may be shared with employers who have submitted matching scenarios. Your identity is never revealed to employers unless you explicitly choose to do so.

We use aggregated, de-identified data to improve our assessment algorithms, generate community insights displayed on career and certification guides, and conduct research on cybersecurity career development patterns.

Data storage and security

Your data is stored in a PostgreSQL database hosted by Supabase in the United States (West US, Oregon region). All data is encrypted in transit using TLS and at rest using AES-256. Authentication is managed by Clerk, which maintains its own security certifications.

Your rights

You can access, update, or delete your personal data at any time from your account dashboard. If you delete your account, all associated personal data, behavioral scores, and scenario responses are permanently removed from our systems within 30 days.

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to object to processing. If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what data we collect and the right to request deletion.

Third-party services

We use the following third-party services that may process your data: Clerk (authentication), Supabase (database), Vercel (hosting), Anthropic (AI-powered content synthesis and scenario evaluation), and Stripe (payment processing, when applicable). Each of these providers maintains their own privacy policies and security practices.

Cookies

We use essential cookies required for authentication and session management. We do not use advertising cookies or sell your data to third parties. If we implement analytics in the future, you will be given the option to opt out.

Data we never sell

We do not sell, rent, or trade your personal information or behavioral data to any third party under any circumstances. Your data is used exclusively to provide and improve the DecipherU service.

Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the platform before the changes take effect.

Contact

For privacy-related questions or requests, contact us at privacy@decipheru.com.