Privacy Policy

01Who we are

AHA Match AI is a consumer career tool operated by Artmac Soft LLC, a company registered in the United States with its principal place of business at 2120 Prairie Dr, Ste 604, Prosper, TX, USA. The Services are offered globally to software and technology applicants and are not restricted to any one country or state. Contact us at [email protected].

02Information we collect

Account information. When you register, we collect your email address, name, password (hashed with bcrypt), and optional city / state / country.

Resume & profile data. When you upload a resume we store the file and extract structured fields — contact info, work history, education, skills, project roles, and location entities. You can also edit profile data manually via the Application Vault.

Job match data. Job descriptions you submit for analysis, saved listings, tracker entries, and the match scores between your profile and each job.

Authentication & sessions. Session cookies (HttpOnly, SameSite=Lax, Secure), OTP codes during email verification, and password-reset tokens.

Support & feedback. Ticket content, in-app feedback ratings, and any attachments you submit.

Technical data. Browser, OS, device type, IP address, pages visited (for analytics), and error logs — to maintain the service and improve reliability.

OAuth tokens (optional). If you connect Google Drive, we store access and refresh tokens in our database, scoped only to read the files you explicitly import. We do not browse your cloud storage otherwise.

03Chrome extension (AHA Copilot)

The AHA Copilot Chrome extension exists to auto-fill job applications on supported ATS platforms. Specifically it:

• Reads your Application Vault from the AHA Match backend (requires you to be logged in).
• Reads form field labels and structure on the current job application page to map vault data to the right fields.
• Caches vault data locally in chrome.storage.local for speed. Cache is cleared on logout.
• Stores a developer-only verbose-logging flag in chrome.storage.session (cleared when you close the browser). This is extension-controlled and not readable or writable by web pages. We never store user data here.
• Never runs on non-supported sites — it only activates on supported ATS domains.
• Never auto-submits — you always click Submit yourself.
• Never sends data to third parties — all traffic is between your browser and the AHA Match backend.

04How we use your data

• To provide the core service — AI-powered resume analysis, skill matching, and job discovery.
• To populate the Application Vault and fill job applications via the Chrome extension.
• To generate cover letters and interview prep content.
• To authenticate you and keep your account safe.
• To communicate with you about your account, security events, and support requests.
• To improve the service based on aggregate, de-identified usage patterns.
• To comply with legal obligations.

05How we share your data

We do not sell, rent, or share your personal data with advertisers, data brokers, or marketing platforms. We only share in these limited cases:

• Service providers. Infrastructure vendors bound by contract to use your data only to run the service (cloud hosting, transactional email, and optional Google Drive import when you connect it).
• Legal compliance. If required by valid legal process — subpoena, court order, or regulatory request.
• Business transfer. In the event of a merger or acquisition, with advance notice to you.

06Data retention

We retain your data for as long as your account is active. When you delete your account:

• Personal data, resumes, and profile data are deleted within 30 days.
• Support tickets are kept for 90 days for operational reasons, then deleted.
• Aggregate, de-identified analytics may be retained indefinitely.
• Records we're legally required to retain (e.g., financial) are kept for the required period.

07Cookies & tracking

We use two kinds of cookies:

• Essential cookies (session, CSRF) — required for the service to function. Cannot be disabled.
• Analytics cookies — anonymous usage metrics. We do not currently run third-party analytics like Google Analytics.

See the Cookie Policy for specifics.

08Your privacy rights

Every user can:

• Access your data in the Settings page.
• Correct your profile anytime in Settings.
• Delete your account from Settings — everything is removed within 30 days.
• Export a copy of your data by emailing [email protected].
• Disconnect integrations — revoke Google Drive access in Settings.

GDPR (European users). You have additional rights including data portability, restriction of processing, objection to processing, and the right to lodge a complaint with your local data protection authority.

CCPA (California residents). You have the right to know what data we collect, to delete your data, and to opt out of the sale of personal data. We do not sell your data, so no opt-out is needed.

09Data security

We use industry-standard controls: HTTPS/TLS in transit, bcrypt-hashed passwords, HttpOnly Secure cookies, rate limiting to stop brute-force attempts, CSRF protection on forms, and regular security updates. No system is 100% secure — if we discover a breach that affects you, we will notify you within 72 hours as required by law.

10International data transfers

Our servers are located in the United States. If you access the service from outside the US, your data will be transferred to and processed in the US.

11Children's privacy

AHA Match AI is not intended for users under 16 years of age. We do not knowingly collect data from children under 16. If you believe a child has provided us with data, please email [email protected] and we'll delete it.

12Third-party links

The service may link to third-party sites — job boards, company career pages, ATS platforms. We are not responsible for their privacy practices.

13Changes to this policy

We may update this policy over time. Material changes will be communicated via email or in-app notice at least 30 days before taking effect. The “Last updated” date above reflects the most recent revision.

14Payment processing & billing data

Billing and payment data — card or bank details, transaction IDs, billing address, tax region — is processed by Lemon Squeezy (Lemon Squeezy LLC, Wilmington, Delaware, USA), our third-party payment provider and merchant of record. We do not store full card numbers or CVV codes on our servers at any time.

When you make a purchase, we receive a minimal billing record from Lemon Squeezy that includes:

• A Lemon Squeezy subscription ID and customer ID (opaque identifiers).
• Your plan code, status, start date, and next renewal date.
• The masked last-four digits of your card or a payment-method hash, for reference only.
• Country of billing (for tax calculation).

Lemon Squeezy's handling of your payment data is governed by its own privacy policy — lemonsqueezy.com/privacy. For chargebacks, disputes, or billing-record export requests, contact us at [email protected] and we will coordinate with Lemon Squeezy on your behalf.

15Contact us

For privacy questions, data requests, or concerns:

• Email — [email protected]
• Security issues — [email protected]
• Postal address — Artmac Soft LLC, 2120 Prairie Dr, Ste 604, Prosper, TX, USA