Effective: 9th May 2025
Personal Information: We collect personal information that you voluntarily provide, including your full name, email address, phone number, resume or CV content, cover letter content, employment history, educational background, and any additional information you input into your profile. This information allows the extension to deliver its core functionalities and cater to your specific job search needs. Additionally, we gather your job preferences, such as target roles, locations, industries, and other customizable profile settings to further personalize your experience.
Technical and Usage Data: When you interact with our platform or browser extension, we collect technical and usage data, including device details like model, operating system, and browser type, along with IP address and geolocation data. We track how you interact with our tools, such as saved job applications, clicked job postings, and activity timelines, to measure the effectiveness of the extension and improve future features. Error reports and crash logs are automatically collected to identify and resolve issues, ensuring the extension works smoothly.
Permissions: The extension requires specific permissions to deliver its functionalities effectively, such as access to read and modify data on job application websites (enabling the autofill feature) and storage permissions to save your preferences and session data. This ensures a seamless and personalized experience whenever you use the extension.
Browser Data: We may collect basic browser data when you use the extension, such as the URLs of job application pages you visit, your browser type, version, and operating system details. This information helps us troubleshoot issues and optimize the extension for various devices and platforms. If you register using third-party login credentials, such as LinkedIn or Google, we may also collect profile details like your name, username, and email address, depending on your privacy settings with those platforms.
Usage Analytics: To improve the functionality of the extension and prioritize new features, we integrate usage analytics through tools like Snowplow. These analytics help us track user engagement anonymously and monitor feature interactions, allowing us to enhance the user experience. We also collect technical data, such as device identifiers and network information, to improve troubleshooting processes and optimize data transfers.
Tracking Technologies: We use tracking technologies to manage user sessions and monitor feature usage within the extension. Cookies and local storage are used to securely save your session data and preferences, while web beacons embedded within the extension help us track how users interact with specific features.
Tracking Technologies: We use tracking technologies to manage user sessions and monitor feature usage within the extension. Cookies and local storage are used to securely save your session data and preferences, while web beacons embedded within the extension help us track how users interact with specific features.
Automatically Collected Information: We automatically gather certain information when you access, use, or navigate the services. Although this data does not directly identify you, it may include details such as your IP address, device and browser specifications, operating system, language settings, referring URLs, device name, geographic location, and other information about how and when you interact with our services. This data is primarily collected to ensure the security and functionality of our services and to support internal analytics and reporting efforts.
Payment Data: If you choose to make a purchase through our platform, we collect the necessary payment data to process your transaction, including your billing address, payment card details (which are securely handled by third-party providers), and transaction history related to subscriptions or services. All payment data is processed and stored securely by Stripe.
Data Retention: We retain the data we collect for as long as your account is active or as required to provide our services. You can manage or request the deletion of your data by contacting us directly.
It is essential to provide accurate and up-to-date information to ensure the optimal delivery of our services. If there are any changes to your personal information, we encourage you to update your profile or notify us promptly.
Service Provision: We use your personal information to provide the services you request, such as automatically filling out job applications, customizing your job search experience, and providing tailored job recommendations. This allows us to fulfill your needs and deliver a personalized, efficient experience.
Account Management: Your data is processed to facilitate account creation, authentication, and ongoing management. This ensures your account remains functional and secure, allowing you to access and use the platform without issues. Additionally, we may use your personal data to respond to inquiries and offer support, resolving any concerns you may have.
Quality Improvement: To improve our platform, we analyze usage data to identify trends, address performance issues, and enhance features. This helps us promptly address bugs and technical challenges, ensuring smooth operation over time. We may also request feedback to understand your experience and gather insights for improvement.
Administrative Communication: We collect administrative information to keep you informed about updates, changes to terms and policies, and new features or services. This ensures you stay updated on important changes affecting your use of the platform. Similarly, we process your data to fulfill and manage orders, payments, and transactions, ensuring seamless processing of purchases or subscriptions.
Legal Compliance: For legal reasons, we may process your data to respond to legal requests, such as subpoenas, or to protect against fraud. This includes ensuring compliance with relevant laws and regulations, protecting both the platform and users.
Marketing and Communication: We may use your data to send promotional content or updates about our services. If you opt in, we may deliver targeted advertising based on your interests or location. You can always opt-out of marketing communications at any time. If you choose to share a testimonial, we will seek your permission to use it publicly.
Platform Security: We process your data to secure our platform, including fraud prevention and monitoring efforts, ensuring a safe experience for all users. In certain cases, we may use your data to enforce our terms and policies, ensuring compliance.
Business Analysis: We may aggregate and anonymize data to perform business analyses, evaluate trends, and improve marketing strategies. Any such use will ensure that no personal data is identifiable, and we will only use personally identifiable information with your explicit consent.
Ultimately, the collection and processing of your data enable us to provide a better, safer, and more efficient service while respecting your rights and complying with data protection laws.
The primary legal bases we rely on are as follows:
In summary, we ensure that your personal information is processed only on valid legal grounds, and we take all necessary measures to protect your rights and comply with data protection laws. Should you have any concerns about the processing of your personal information or wish to exercise your rights, please refer to the relevant sections of this Privacy Policy or contact us directly.
Hosting and Infrastructure: We work with Vercel and AWS to securely host our application. Vercel has access to all stored data, including user profiles, transaction records, and usage history.
Analytics: We rely on Snowplow for analytics services to collect anonymized usage data, which helps us improve performance and user experience. The data shared with Snowplow includes anonymized usage information, such as user interaction with the extension over time, enabling us to optimize features and track engagement.
Email Communications: We partner with Mailchimp to manage our email communications, including transactional emails and updates. We share user email addresses and names with Mailchimp to ensure timely and accurate delivery of service-related information.
Payment Processing: Stripe handles our payment processing, securely managing billing information, including credit card details and payment history, to process subscription payments and financial transactions.
AI-Driven Suggestions: We integrate Gemini AI and OpenAI API to provide AI-driven suggestions and enhancements in resumes and cover letters. We adhere to data minimization principles, sending only the necessary text data required for generating AI suggestions, ensuring that personal identifiers are omitted or minimized. The data exchange is one-way, with user-inputted text sent for processing and the API providing a response without storing the data.
Tracking Technologies: Selected third-party vendors may use tracking technologies, such as cookies, on our services. These vendors collect data on how you interact with our services over time, helping us analyze user behavior, track engagement, determine content popularity, and improve the overall online experience.
Business Transactions: We may share or transfer your personal information in connection with mergers, sales of company assets, financing, or acquisitions of all or part of our business. We will make reasonable efforts to ensure the new entity adheres to this Privacy Policy and safeguards your information.
Advertising: Third-party advertising companies may serve relevant ads when you visit our services. They may use information about your visits to our website and other websites through web cookies and other tracking technologies to deliver targeted advertisements based on your interests.
Affiliates: We may share your data with our affiliates, including our parent company, subsidiaries, joint venture partners, or other companies under common control. Our affiliates are required to honor this Privacy Policy when handling your personal information.
Business Partners: We may share your data with business partners to offer you products, services, or promotions. These partners may use your data to present personalized offers or information related to career development or job opportunities. Unless explicitly described in this Privacy Policy, we do not sell, rent, or trade your personal information for promotional purposes to third parties.
Testimonials: We may display user testimonials on our website to showcase experiences with our services. These testimonials may include your name, job title, and feedback. By submitting a testimonial, you consent to its use for promotional purposes, such as on our website or social media. Testimonials may be edited for clarity but will retain their original meaning. If you wish to modify or remove your testimonial, contact us, and we will address your request promptly. Please note that testimonials are publicly visible, so avoid including sensitive or confidential information.
International Transfers: We may transfer your data to service providers located outside your country of residence. We ensure compliance with data protection laws and implement appropriate safeguards, such as Standard Contractual Clauses (SCCs), to protect your data during international transfers.
AI Integration: Our AI Products leverage third-party service providers, including the OpenAI API, to provide advanced capabilities such as AI-driven suggestions for resumes and cover letters. These AI integrations comply with the policies of the third-party providers we collaborate with and adhere to the terms outlined in this Privacy Notice. Users must ensure that their interactions with AI Products comply with the terms of service of both Sunday Morning and the respective third-party providers.
Core Functions: Our AI Products are specifically designed to support three core functions support:
Data Processing: We integrate with third-party APIs to deliver our AI-powered features efficiently and securely. For instance, the OpenAI API powers the platform’s intelligent suggestions for resumes and cover letters. Only the necessary text data required for generating these recommendations is transmitted, and personal identifiers are minimized to ensure privacy. Data exchange follows a one-way pattern, where user-provided data is sent for processing, and the AI-generated response is returned to the platform without retaining unnecessary personal information, reflecting our commitment to data minimization and privacy.
Security Protocols: To ensure the security of user data during interactions with AI tools, we employ robust protocols. All communications with APIs are encrypted over HTTPS, protecting data in transit from unauthorized access. API keys, essential for connecting to platforms like OpenAI, are stored securely and rotated regularly to enhance security. Furthermore, the processing of user data adheres to the data usage policies of third-party API providers, ensuring compliance and protecting user privacy.
Data Management: All personal information processed through our AI Products is managed in accordance with this Privacy Notice and contractual agreements with third-party providers. These agreements establish high-security standards and implement stringent safeguards to protect personal information throughout the processing lifecycle, underscoring our commitment to data protection and user trust.
User Choice: We recognize the importance of user choice and provide options to opt out of the AI-powered features. If you prefer not to use these tools, you can log in to your Sunday Morning account and update your preferences in the account settings to disable AI-powered functionalities.
By offering cutting-edge AI-driven services while upholding strict privacy standards, we aim to deliver a secure and personalized experience, empowering users to maintain control over their data usage.
Data Encryption: To protect your data during transmission, we use advanced encryption protocols such as Transport Layer Security (TLS) and Secure Socket Layer (SSL). These protocols ensure that your data is encrypted both in transit and at rest, making it inaccessible to unauthorized parties.
Access Control: Administrative access to sensitive data is strictly controlled through two-factor authentication, adding an extra layer of security to our systems.
Security Audits: We regularly conduct security audits and vulnerability assessments to identify potential risks and address them proactively, ensuring our security protocols remain robust and up-to-date.
Secure Coding Practices: We adhere to secure coding practices during the development of our platform, which minimizes vulnerabilities and reinforces the protection of your information.
Limitations: While we strive to apply the highest industry standards and make every reasonable effort to safeguard your data, no method of transmission over the internet or electronic storage can be guaranteed to be 100% secure. Consequently, while we work diligently to protect your personal information, we cannot provide an absolute guarantee against unauthorized access, hacking, or other breaches.
User Recommendations: To maximize your security, we recommend accessing our services within a secure environment and exercising caution when sharing sensitive information online.
Should you have any concerns about the safety of your data or require further assistance, our dedicated team is always ready to help.
Data Storage: Personal data collected through our services is securely stored in our databases, ensuring reliable and efficient data management. Temporary data and preferences are held on your browser via local storage and cookies to facilitate a seamless and personalized user experience.
Data Retention: Data retention periods are carefully structured. Personal data remains stored as long as your account is active. For users who request data deletion or close their accounts, we promptly remove their information from active systems. Backup systems containing your data are purged securely within 30 days. Anonymized usage data used for analytical purposes may be retained for up to 24 months before it is permanently erased.
Data Deletion: Users can initiate data deletion through their account settings at any time. Our process ensures the complete removal of your data from both active and archived systems, in strict adherence to our protocols and privacy standards.
Our practices for storing, retaining, and deleting your data are guided by our commitment to security, transparency, and compliance with industry-leading standards and legal obligations. This ensures the protection of your personal information while maintaining your control over its use and duration.
General Privacy Rights: Depending on the laws applicable in your region, your privacy rights may include the following:
Access to Information: You have the right to request confirmation about whether we process your personal information. If so, you are entitled to a copy of the data we hold about you, along with information on how it is processed.
Correction (Rectification) of Information: If your personal data is inaccurate or incomplete, you can request its correction or completion. This can typically be done via your account settings or by contacting us.
Erasure (Right to Be Forgotten): You may request the deletion of your personal data in specific circumstances, such as when the data is no longer necessary for the purposes for which it was collected, you withdraw consent, or the processing is unlawful. Note that certain legal obligations may prevent us from fully erasing your data immediately.
Restriction of Processing: You can request that we limit the processing of your personal data in cases such as:
Data Portability: For data collected based on your consent or a contract, you can request your information in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another service provider where technically feasible.
Withdrawal of Consent: If processing is based on your consent, you have the right to withdraw it at any time. Withdrawal does not affect the lawfulness of processing conducted before your withdrawal.
Objection to Processing: You have the right to object to the processing of your personal data in certain cases, such as:
Automated Decision-Making and Profiling: You have the right not to be subjected to decisions made solely based on automated processing (including profiling) that significantly affect you. Exceptions include decisions necessary for a contract, authorized by law, or made with your explicit consent, with safeguards in place to protect your rights.
Lodging Complaints: If you believe your personal data is processed unlawfully, you have the right to file a complaint with a relevant data protection authority in your country or region.
Region-Specific Rights:
HOW TO EXERCISE YOUR RIGHTS: To exercise any of these rights, please contact us through the following methods: • Email: info@discoversm.com • Mailing Address: Flat 35, Folberth House, New Horizons Court, Brentford • Phone: +44 7496 056374 For specific requests (e.g., data access or deletion), we may ask for additional verification to ensure the security of your personal information.
Marketing Opt-Outs: You can unsubscribe from marketing and promotional communications at any time by:
Cookies and Tracking Technologies: Most web browsers accept cookies by default. You can set your browser to refuse cookies or to alert you when cookies are being sent. However, disabling cookies may affect certain features of our services.
By using our services, you represent that you are at least 13 years of age or the minimum age of majority recognized by applicable law in your jurisdiction. During account creation, we require users to confirm their age as part of our verification process to prevent unauthorized access by minors.
If we become aware that we have inadvertently collected personal data from a child under 13 years of age without proper consent, we will take immediate steps to delete the information from our systems. Parents or guardians who believe that their child under the age of 13 may have provided us with personal information are encouraged to contact us promptly at info@discoversm.com so that we can address the issue and ensure the data is removed.
In jurisdictions where children aged 13 to 16 may require parental consent to use certain services, we may request verifiable parental consent in compliance with applicable legal requirements. Parents who wish to review, modify, or delete the data collected from their child may contact us directly.
Protecting the privacy of young users is of utmost importance to us, and we encourage parents and guardians to monitor their children’s online activity to ensure their safety and compliance with age restrictions.