Privacy Policy
PP260301-V1-1
1. Who We Are
FindX is operated by Novux AI Limited ("The Company", "we", "us", "our"), registered in England and Wales (Company number 16102998). We act as the data controller for personal data collected through the FindX platform. This Privacy Policy should be read alongside our Terms of Service.
For any data protection enquiries, please contact our Data Protection Officer at support@novux.ai.
2. What Data We Collect
We collect the following categories of personal data:
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email address | Account creation and authentication |
| Profile data | CV content, skills, experience, education, career preferences | Job matching, CV generation, profile scoring |
| Application data | Job applications, statuses, interview notes | Application tracking and analysis |
| Generated content | AI-generated CVs, cover letters, interview prep | Service delivery and improvement |
| Usage data | Pages visited, features used, timestamps | Service improvement and analytics |
| Device data | Browser type, operating system, IP address | Security and service delivery |
3. Lawful Basis for Processing (GDPR)
We process your personal data under the following lawful bases:
- Contract: Processing necessary to provide you with the FindX service (Article 6(1)(b) GDPR).
- Legitimate interest: Improving the service, preventing fraud, and ensuring security (Article 6(1)(f) GDPR).
- Consent: Where we ask for your explicit consent, such as for marketing communications (Article 6(1)(a) GDPR).
- Legal obligation: Where we are required to process data by law (Article 6(1)(c) GDPR).
4. How We Use Your Data
- To provide and operate the FindX platform.
- To match you with relevant job opportunities.
- To generate tailored CVs, cover letters, and interview preparation materials.
- To track your job applications and provide analysis.
- To improve our AI models and service quality (using anonymised and aggregated data).
- To communicate with you about your account and service updates.
- To ensure the security and integrity of the platform.
5. Data Sharing and Third-Party Processors
We share your data only with trusted third-party service providers who assist in operating our platform:
- Amazon Web Services (AWS): Cloud infrastructure, data storage, and computing (hosted in the EU/UK region).
- AI model providers: To generate CVs, cover letters, match scores, and other AI outputs. Data sent to AI providers is limited to what is necessary for the specific task and is not used to train third-party models.
- Email service providers: For account verification and transactional emails.
We do not sell your personal data to third parties. We do not share your data with recruiters or employers unless you explicitly choose to do so (e.g., by applying to a job).
6. Data Security
We implement industry-standard security measures aligned with SOC 2 principles to protect your data:
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Access controls and role-based permissions for all systems.
- Regular security assessments and monitoring.
- Secure authentication with passwordless OTP verification.
- Data stored in AWS infrastructure with enterprise-grade physical security.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:
- Account and profile data: Retained until you delete your account.
- Generated documents: Retained until you delete them or your account.
- Usage analytics: Anonymised and aggregated data may be retained indefinitely for service improvement.
- After account deletion: We delete your personal data within 30 days, except where retention is required by law.
8. Your Rights (GDPR)
Under the GDPR, you have the following rights:
- Access: Request a copy of your personal data.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request restriction of processing in certain circumstances.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at support@novux.ai. We will respond within 30 days.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
9. Cookies
FindX uses essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.
- Session cookies: Required for login and security. These are strictly necessary and do not require consent.
- Preference cookies: To remember your settings (e.g., dark mode). These are functional cookies.
10. International Transfers
Your data is primarily processed and stored within the United Kingdom and European Economic Area. Where data is transferred outside the UK/EEA (e.g., to AI model providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK ICO.
11. Children's Privacy
FindX is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
- Email: support@novux.ai
- Data Protection Officer: support@novux.ai
- Novux AI Limited, United Kingdom (Company number 16102998)