GDPR Compliance
Last Updated: November 10, 2025
General Data Protection Regulation (GDPR) Information for EU Users
Your Rights Under GDPR
If you are located in the European Economic Area (EEA), you have specific data protection rights under the General Data Protection Regulation (GDPR). NEXT Career Intelligence is committed to complying with GDPR and respecting your data privacy rights.
1. Your GDPR Rights
π Right to Access (Article 15)
You have the right to request a copy of your personal data we hold. This includes:
- Profile information and account details
- Resume content and work history
- Application tracking data
- AI interaction history
- Payment and subscription history
How to exercise: Visit your Account Settings or email privacy@nextcareer.ai
Response time: Within 30 days (may be extended to 60 days for complex requests)
βοΈ Right to Rectification (Article 16)
You have the right to correct inaccurate or incomplete personal data.
How to exercise: Update your information directly in your Account Settings or contact support
ποΈ Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to request deletion of your personal data when:
- The data is no longer necessary for the purposes it was collected
- You withdraw consent and there's no other legal basis
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Exceptions: We may retain certain data when required by law (e.g., financial records for tax purposes) or for legitimate interests (e.g., defending legal claims).
Anonymized data: RFT training data is anonymized and cannot be linked back to you, so it cannot be deleted under GDPR.
How to exercise: Visit Account Settings β Delete Account or email privacy@nextcareer.ai
Timeline: Data deleted within 30 days
βΈοΈ Right to Restriction of Processing (Article 18)
You have the right to request we limit how we use your data when:
- You contest the accuracy of your data
- Processing is unlawful but you don't want data deleted
- We no longer need the data but you need it for legal claims
- You've objected to processing and await verification of legitimate grounds
How to exercise: Email privacy@nextcareer.ai with specific restrictions requested
π¦ Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON) and transmit it to another service.
What's included:
- Profile and account data
- Resume content (original + tailored versions)
- Application tracking history
- Career goals and preferences
How to exercise: Visit Account Settings β Export Data or email privacy@nextcareer.ai
Format: JSON file download
β Right to Object (Article 21)
You have the right to object to processing of your personal data for:
- Direct marketing: You can opt-out of marketing emails at any time (unsubscribe link)
- Profiling: Object to automated decision-making based on your data
- Legitimate interests: Object to processing based on our legitimate interests
How to exercise: Email privacy@nextcareer.ai or update notification preferences in settings
π€ Rights Related to Automated Decision-Making and Profiling (Article 22)
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
NEXT's AI Usage:
- Our AI provides suggestions, not automated decisions
- All final decisions (resume content, applications) are made by you
- You can always request human review of AI recommendations
π« Right to Withdraw Consent (Article 7)
Where we process your data based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
How to exercise: Update preferences in Account Settings or email privacy@nextcareer.ai
2. Legal Basis for Processing Your Data
Under GDPR, we must have a legal basis to process your personal data. We process your data based on:
| Purpose | Legal Basis |
|---|---|
| Providing our Services (resume tailoring, job matching) | Contract Performance (Article 6(1)(b)) |
| Payment processing, subscription management | Contract Performance (Article 6(1)(b)) |
| Improving AI models (RFT training) | Legitimate Interests (Article 6(1)(f)) |
| Analytics and platform improvement | Legitimate Interests (Article 6(1)(f)) |
| Marketing communications (if you opt-in) | Consent (Article 6(1)(a)) |
| Fraud prevention, security, legal obligations | Legal Obligation (Article 6(1)(c)) |
3. International Data Transfers
Your data may be transferred to and processed in countries outside the EEA, including the United States. We ensure adequate safeguards through:
- Standard Contractual Clauses (SCCs): Approved by the European Commission for data transfers
- Data Processing Agreements: Signed with all third-party vendors (Supabase, Google, Stripe)
- Adequate Protection: Ensuring recipients provide adequate data protection
4. Data Retention
We retain your data only as long as necessary for the purposes described in our Privacy Policy:
- Active accounts: Data retained while account is active
- Deleted accounts: Most data deleted within 30 days
- Billing records: Retained for 7 years (tax/legal requirements)
- Anonymized RFT data: Retained indefinitely (cannot be linked to you)
5. How to Exercise Your Rights
π§ Contact Us
To exercise any of your GDPR rights, please contact us:
Email: privacy@nextcareer.ai
Subject Line: "GDPR Request - [Your Right]"
Response Time: Within 30 days (may be extended to 60 days for complex requests)
Required Information
To verify your identity and process your request, please provide:
- Full name
- Email address associated with your account
- Specific right you wish to exercise
- Any additional details to help locate your data
We Will:
- Confirm receipt of your request within 72 hours
- Verify your identity to prevent unauthorized data disclosure
- Respond to your request within 30 days (or explain any delay)
- Provide information free of charge (unless request is excessive)
6. Right to Lodge a Complaint
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection authority (DPA).
EU Data Protection Authorities:
- Find your DPA: European Data Protection Board - List of Members
We encourage you to contact us first (privacy@nextcareer.ai) so we can address your concerns directly.
7. Contact Information
NEXT Career Intelligence
Data Protection Contact:
Email: privacy@nextcareer.ai
Support: hello@nextcareer.ai
Response Time: Within 30 days
This GDPR information page was last updated on November 10, 2025. For complete privacy information, please review our Privacy Policy.