Skip to main content
PRIVACY

Privacy
Policy

What data we collect, how we use it, and your rights. Written in plain English so you can actually understand it.

Last Updated: February 19, 2026 · United States Only
THE SHORT VERSION

We collect your resume and job descriptions to power AI analysis. Your data is sent to Anthropic's Claude API for processing. Payments go through Stripe and never touch our servers. We do not sell your data. Ever. You can delete everything at any time. You must be 18 or older. US users only.

1 Intro 2 Collect 3 Use 4 Share 5 Retain 6 Rights 7 Security 8 Cookies 9 Children 10 US Only 11 Changes 12 Contact
1
Introduction and Scope
What this policy covers

This Privacy Policy applies to MintCareer (the "Service"), operated by MintCareer LLC ("Company," "we," "us," or "our").

Geographic scope: This Privacy Policy applies exclusively to users in the United States. MintCareer is not available to users outside the United States, and we do not knowingly collect data from non-US persons.

This Policy covers what personal information we collect, how we use it, who we share it with, your privacy rights and choices, how we protect your data, and data breach procedures.

By using MintCareer, you consent to the data practices described in this Policy. If you do not agree, please do not use the Service.

2
Information We Collect
Exactly what data we handle

2.1 Information You Provide Directly

  • Account creation: Email address, password
  • Google Sign-In: If you use Google Sign-In, we receive your name and email address from Google. We do not access your Google contacts, calendar, or other Google data.
  • Resume upload: Work history, education, skills, certifications, contact information, and any other information contained in your resume document
  • Job analysis: Job descriptions, company names, job titles you paste into the analyzer
  • Service usage: Application status updates, notes, preferences, settings
  • Support: Support inquiries, feedback, bug reports
  • Payment: Billing information (processed entirely by Stripe; credit card numbers never touch our servers)

2.2 Information Collected Automatically

Our web server (Flask on Replit) automatically logs:

  • IP address and browser user-agent string (standard web server logs)
  • Pages visited and access timestamps
  • Error logs for debugging
  • Session cookies for authentication

We use Google Analytics 4 (GA4) with IP anonymization to understand site usage patterns. GA4 may set cookies to track anonymous usage data. We do not use advertising trackers or geolocation services.

2.3 Sensitive Information Warning

SENSITIVE DATA IN RESUMES

Your resume may contain sensitive information such as Social Security numbers, dates of birth, driver's license numbers, or medical information. We strongly recommend you remove highly sensitive data (SSN, financial accounts, government IDs) before uploading. While we implement security measures, no system is 100% secure. You upload sensitive information at your own risk.

3
How We Use Your Information
What we do with your data and why

3.1 To Provide the Service

  • Analyze job descriptions against your resume using AI
  • Generate recommendations, resume bullets, and interview preparation
  • Track your job application pipeline
  • Store your analysis history for future reference
  • Personalize your experience based on your preferences

3.2 To Process AI Analysis

  • Send your resume text and job descriptions to Anthropic's Claude API
  • Receive and display AI-generated analysis results
  • Cache results to improve performance and reduce costs

3.3 To Improve the Service

  • Analyze usage patterns to fix bugs and improve features
  • Create aggregated, anonymized statistics
  • Conduct A/B testing and experimentation
  • Measure feature adoption

3.4 To Communicate with You

  • Send transactional emails (account creation, password resets, subscription confirmations)
  • Respond to support inquiries
  • Send service updates and security alerts
  • Send marketing communications (with your consent; you can unsubscribe anytime)

3.5 For Business Operations

  • Process payments and manage subscriptions via Stripe
  • Prevent fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations (tax, regulatory reporting)
  • Investigate security incidents

3.6 Legal Bases

We process your data based on: contractual necessity (to provide the Service you requested), legitimate interests (to improve the Service and prevent fraud), consent (for marketing communications), and legal obligation (to comply with US law).

4
Who We Share With
Third parties that receive your data

4.1 Service Providers

ProviderPurposeData Shared
Anthropic (Claude API)AI analysis and recommendationsResume text, job descriptions
StripePayment processingEmail, payment amount (cards go directly to Stripe)
ReplitApplication hostingAll service data (encrypted in transit)
CloudflareCDN, SSL, DDoS protectionWeb traffic (encrypted)
Google AnalyticsAnonymous site usage analyticsAnonymized page views, session data (IP anonymized)

4.2 Anthropic Claude API Disclosure

CRITICAL THIRD-PARTY DISCLOSURE

Your resume content and job descriptions are sent to Anthropic's Claude API for analysis. This is essential for the Service to function. Key facts: Anthropic is SOC 2 Type II certified. As of January 2026, Anthropic does not train models on API user data. API data may be retained by Anthropic for up to 30 days for trust and safety monitoring. Anthropic's practices may change; review their policy at anthropic.com/privacy. We have no control over Anthropic's data practices once data is transmitted. By using MintCareer, you consent to your resume being sent to Anthropic.

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you via email at least 30 days before the transfer and post a prominent notice on the Service. You will have the right to delete your account before the transfer.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or subpoena, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.

4.5 Aggregated Data

We may share aggregated or anonymized data that cannot be used to identify you, such as industry trends, usage metrics, or research findings.

4.6 We Do Not Sell Your Data

WE DO NOT SELL YOUR DATA

We do not sell, rent, or trade your personal information to third parties for their marketing purposes or for monetary compensation. We have never sold user data and have no plans to do so.

5
Data Retention
How long we keep your data

We retain your personal information only as long as necessary:

Data TypeRetention Period
Account dataWhile active, plus 90 days after deletion
Resume contentWhile active; deleted within 30 days of account deletion or explicit request
Analysis historyDuration of subscription; may be anonymized for analytics
Payment records7 years (tax and financial compliance)
Server logs12 months (security and debugging)
Backup dataUp to 90 days after deletion (encrypted backups)
Legal hold dataIndefinitely if subject to legal proceedings
6
Your Privacy Rights
What you can do with your data

6.1 Rights for All Users

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Opt-out: Unsubscribe from marketing communications at any time
  • Data portability: Request your data in a machine-readable format (JSON or CSV)

6.2 California Residents (CCPA)

CCPA RIGHTS

If you are a California resident, you have specific rights under the California Consumer Privacy Act: Right to Know (categories and specific pieces of personal information collected), Right to Delete (request deletion, subject to exceptions), Right to Non-Discrimination (we will not discriminate against you for exercising CCPA rights). Because we do not sell personal information, the right to opt-out of sale does not apply.

Note: While MintCareer may not currently meet the revenue or user thresholds that trigger mandatory CCPA compliance, we provide these rights to all users regardless.

6.3 How to Exercise Your Rights

Self-service: Use Account Settings to update or delete your information, download your data, or delete your account.

Contact us: Email privacy@mintcareer.ai with the subject line "Privacy Request" and include your name, email, and specific request. We will acknowledge receipt within 2 business days and respond within 30 days (45 days for complex requests). We may require identity verification.

7
Data Security
How we protect your information

7.1 Security Measures in Place

  • HTTPS/TLS encryption: All data in transit between your browser and our servers is encrypted, enforced through Cloudflare
  • Password hashing: Passwords are hashed using bcrypt with salt. We cannot see your password.
  • API key security: Anthropic and Stripe credentials stored as encrypted environment variables, never in code
  • Input sanitization: All user input is sanitized to prevent XSS and injection attacks
  • Rate limiting: Flask-Limiter protects against abuse and brute-force attacks
  • CSRF protection: Flask session-based CSRF protection enabled
  • Secure sessions: Cryptographically generated session tokens with expiration

For complete details, see our Security page.

7.2 No Absolute Security

IMPORTANT

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. Despite our security efforts, your data could be compromised by cyberattacks, third-party service breaches, software vulnerabilities, or other factors beyond our control. You use the Service at your own risk.

7.3 Data Breach Response

In the event of a breach affecting your personal information:

  • Within 72 hours: We will notify affected users via email with details on what data was affected, what happened, and what we are doing about it
  • Regulatory notification: We will notify relevant authorities as required by law
  • Remediation: We will implement fixes and share what we are doing to prevent future incidents

7.4 Your Security Responsibilities

You are responsible for using a strong, unique password, keeping your credentials confidential, logging out on shared devices, keeping your email account secure, and notifying us immediately of unauthorized access. See our Security page for more detail.

8
Cookies and Tracking
What cookies we use and why

8.1 Essential Cookies (Required)

  • Session cookie: Keeps you logged in during your visit
  • CSRF token: Prevents cross-site request forgery

8.2 Functional Cookies

  • Preferences: Remembers settings such as dark mode

8.3 What We Do Not Use

  • No third-party advertising cookies
  • No social media tracking pixels
  • No cross-site tracking

Analytics cookies: Google Analytics 4 sets cookies to track anonymous usage patterns. You can opt out by using a browser extension or adjusting your cookie settings.

8.4 Your Cookie Choices

You can control cookies through your browser settings (block or delete cookies). Disabling essential cookies will prevent you from using the Service.

9
Children's Privacy
MintCareer is for adults only
ADULTS ONLY: 18+

MintCareer is not intended for anyone under 18 years of age. We do not knowingly collect personal information from minors. By using MintCareer, you represent that you are at least 18 years old.

MintCareer processes resume data, employment history, and other sensitive personal information. To protect minors and comply with COPPA, we restrict the Service to adults only.

If we discover that a user is under 18, we will immediately terminate their account and delete all associated personal information.

If you believe a minor has provided us with personal information, please contact us at privacy@mintcareer.ai and we will take prompt action.

10
United States Only
Geographic restrictions on service and data

MintCareer is available exclusively to users in the United States. We do not provide service to, or knowingly collect data from, users outside the United States.

If you access MintCareer from outside the US:

  • You are violating our Terms of Service
  • We may terminate your account
  • This Privacy Policy may not comply with your local privacy laws
  • You will not have rights under GDPR, UK GDPR, or other non-US privacy regulations
  • US law governs all data processing
11
Changes to This Policy
How and when we update this policy

We may update this Privacy Policy to reflect changes in our data practices, new features, legal requirements, or security improvements.

For material changes, we will:

  • Post the updated Policy on this page with a new "Last Updated" date
  • Send an email notification to your registered email address
  • Display a prominent notice on the Service

Your continued use of MintCareer after any changes constitutes acceptance of the updated Policy.

12
Contact Us
Questions about your privacy

For questions, concerns, or requests regarding this Privacy Policy or your personal information:

MintCareer
Operated by: MintCareer LLC

Privacy inquiries: privacy@mintcareer.ai
Data rights requests: privacy@mintcareer.ai with subject line "Privacy Request"

We will acknowledge receipt within 2 business days and provide a substantive response within 30 days (45 days for complex requests).

YOUR CONSENT

By using MintCareer, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, sharing, and protection of your information as described. You specifically consent to your resume being sent to Anthropic's Claude API for AI analysis, data retention as specified in Section 5, and US jurisdiction for all data processing.

Privacy Questions?
We take every privacy inquiry seriously.
privacy@mintcareer.ai
MintCareer
Version 2.0 · Last Updated: February 19, 2026