Kairo-X is an AI-powered career suite that helps job seekers tailor resumes to specific job descriptions, track applications, discover new jobs, prepare for interviews, and automate outreach campaigns — all from a single dashboard.

Is there a free plan?

Yes, Kairo-X offers a free tier that includes access to core features like job tracking and basic resume tailoring. Premium plans unlock unlimited AI resume generation, advanced interview prep, and full outreach automation.

How does AI resume tailoring work?

Kairo-X analyzes a job description and your existing resume, then generates a tailored version that highlights the most relevant skills and experience. The AI scores your match percentage and suggests improvements to increase your chances.

Does Kairo-X have a Chrome extension?

Yes! The Kairo-X Chrome extension lets you save jobs from LinkedIn, Naukri, Indeed, and other job boards with one click, auto-fill application forms, and scan job-resume match scores without leaving the page.

Is my data secure on Kairo-X?

Kairo-X uses industry-standard encryption, secure authentication via Google OAuth, and never shares your data with third parties. Resume and profile data is stored securely and only accessed to power your personalized AI features.

Privacy Policy | Kairo-X

Plain-English Summary: We collect what you give us (resume, profile, job preferences) plus standard usage data. We use it to run the product — AI resume generation, job matching, interview prep, and email outreach. We do not sell your data. We use third-party AI and infrastructure providers listed below. You can delete your account and data at any time.

Contents

Who We Are Information We Collect How We Use Your Information AI & Automated Processing Third-Party Services Data Retention Data Security Your Rights Cookies & Tracking Children's Privacy International Transfers Changes to This Policy Contact Us

01Who We Are

Kairo-X ("we", "us", "our") is an AI-powered career suite accessible at www.kairox.in and via the Kairo-X Chrome Extension. We help job seekers tailor resumes, track applications, prepare for interviews, discover relevant jobs, and send outreach email outreach.

For the purposes of applicable data-protection law, Kairo-X is the data controller of personal data collected through the platform.

02Information We Collect

2.1 Information You Provide Directly

Account credentials: Name, email address, and bcrypt-hashed password (stored in the users table).
Resume & profile: Uploaded PDF or text resume, skills, preferred roles, preferred locations, social/portfolio links, and timezone (stored in user_profiles).
Job application data: Job title, company, URL, status, salary, notes, and AI match score (stored in applications).
Email campaign contacts: HR names, HR email addresses, and company names you upload for outreach campaigns. You are responsible for ensuring you have lawful grounds to use this contact data.
Salary insights: Anonymised salary range, role, and location you voluntarily submit to the Community feature (stored in community_salary_insights).
Community profile: Optional bio (up to 160 characters), visibility preferences, and opt-in leaderboard participation.
Custom API keys: Optional bring-your-own API keys for Groq, Gemini, Claude, or OpenAI — encrypted at rest using AES-256 and stored in user_api_keys.
Mock interview answers: Your typed answers and AI-generated feedback during mock interview sessions.

2.2 Information Collected Automatically

Authentication tokens: JWT session token stored in a secure, HTTP-only cookie named next-auth.session-token.
Usage counters: Daily counts of resume generations, autofill calls, and job refreshes (stored in user_usage).
Push notification subscription: Web push endpoint URL and encryption keys if you opt in to browser push notifications.
Gmail message metadata: If you connect Gmail, we store the gmailMessageId, sender domain, snippet, and subject of emails matched to your job applications. We do not store the full body of any Gmail message.
Chrome Extension activity: Job page content is extracted and sent to /api/extension/extract-jd for AI processing. The extracted text is processed server-side and never stored beyond session use.
Standard server logs: IP address, browser user-agent, referrer, and request timestamps — retained for up to 30 days.

2.3 Payment Information

We do not store your card details. Payments are processed by Razorpay (INR, ₹999 one-time) and Stripe (USD, $9.99 one-time). We store only the gateway event ID, order ID, amount, and currency for idempotency and receipt generation. Webhooks are verified via HMAC signature.

03How We Use Your Information

Core product functionality: Resume tailoring, AI match scoring, job discovery, interview prep, email outreach, and application tracking.
AI embeddings: Your resume text is chunked and embedded using Google Gemini gemini-embedding-001 (3072-dimensional vectors stored with pgvector). These embeddings are used exclusively to power semantic matching within your own account.
Job discovery: Your preferred roles and locations are used to construct Tavily search queries restricted to a fixed job-board domain allowlist. Results are scored against your resume embeddings and stored in job_listings.
Gmail outreach (gmail.send): Your connected Gmail OAuth token is used to send outreach emails on your behalf via the Gmail API. We do not read or access any inbox content for this purpose.
Gmail inbox sync (gmail.readonly): With your permission, we transiently read email headers (sender, subject, date) in-memory once per hour to detect emails related to your tracked job applications. No email body is ever read or stored. Only the message ID, sender domain, subject, and a short snippet of application-matched emails are persisted — everything else is discarded immediately after processing.
Gamification and community: Your application count, resume count, interview activity, and match score average are aggregated to compute a community score and leaderboard rank. Participation is opt-in.
Billing enforcement: Usage data is checked against plan limits (Free vs. Premium) on every relevant API call.
Security and abuse prevention: Authentication events and admin actions are logged to detect and prevent unauthorised access.
Product improvement: Aggregate, anonymised usage patterns may be reviewed internally to improve features. We do not sell or share individual-level data for this purpose.

04AI & Automated Processing

Resume generation: Your job description, resume chunks, and profile data are sent to Groq's API (llama-3.3-70b-versatile) to generate a tailored resume. Groq processes this data under its own privacy policy.
Embeddings: Resume text and job descriptions are sent to Google Gemini's API for embedding. Google processes this data under its own privacy policy.
Job search: Role and location strings are sent to the Tavily Search API to retrieve public job listings.
No profiling for advertising: AI processing is strictly functional — to improve your job search outcomes. We do not use AI to build advertising profiles.
Human review: AI-generated content (resumes, roadmaps, feedback) is delivered to you as suggestions. No AI decisions directly and automatically produce legal or similarly significant effects on you.
Tab-switch detection: During mock interviews, the number of times you switch browser tabs is counted and stored in mock_interview_attempts.tabSwitchCount to maintain assessment integrity. No screenshots or screen content are captured.

05Third-Party Services

The following third parties process data in connection with Kairo-X. Their use is governed by their respective privacy policies.

Neon (PostgreSQL hosting): All structured user data is stored on Neon's managed PostgreSQL infrastructure. Data is encrypted at rest and in transit.
Cloudinary: Uploaded resume PDFs and generated PDF resumes are stored in Cloudinary. File URLs are stored in your profile and generated_resumes table.
Groq: Used for AI text generation (resume writing, interview coaching, job match analysis). Requests include resume chunks and job descriptions.
Google (Gemini API): Used for text embedding. Requests include resume and job description text.
Google (OAuth & Gmail API): Used for authentication, Gmail scope verification, and sending outreach emails on your behalf.
Tavily: Used for job listing searches. Queries include role titles and locations.
Inngest: Used for background job orchestration. Job payloads may include user IDs and resume data references.
Razorpay: Payment processing for INR transactions.
Stripe: Payment processing for USD transactions.
Vercel: Hosting and serverless function execution for the Next.js application.

06Data Retention

Account data: Retained for the lifetime of your account. Deleting your account triggers deletion of all associated records.
Resume chunks (embeddings): Retained until you delete your resume from Settings or delete your account.
Job listings: Old listings are deleted and replaced on each job refresh cycle. No historical job listing data is retained beyond the current fetch.
Daily usage rows: Retained indefinitely for billing reconciliation but contain only counts, not content.
Server logs: Retained up to 30 days.
Payment records: Retained for 7 years for financial compliance.
Email campaign logs: Retained until you delete the campaign or your account.

07Data Security

All data in transit is encrypted via TLS/HTTPS.
Database connections use Neon's encrypted connection strings (DATABASE_URL).
Custom API keys are encrypted using AES-256 before storage.
Session cookies are marked secure: true and httpOnly: true in production.
Admin routes are protected by three independent layers: Next.js middleware, server-side layout session checks, and per-page session verification.
Extension API calls are authenticated via either the session cookie or a short-lived extension token.
Payment webhooks are verified via HMAC signature (Razorpay and Stripe).

Despite these measures, no internet transmission is 100% secure. Please use a strong, unique password and keep your Google OAuth connection secure.

08Your Rights

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Correction: Update inaccurate or incomplete data via Settings → Profile.
Deletion: Delete your account and all associated data via Settings → Account → Delete Account. This action is irreversible.
Data portability: Request an export of your resume text and application data by emailing us.
Objection / Restriction: Object to or restrict certain processing. Note that restricting core processing may prevent us from providing the service.
Withdraw consent: Disconnect Gmail at any time via Settings → Integrations. This revokes our access to your Gmail account.
Community opt-out: Disable leaderboard visibility at any time via Settings → Community.

To exercise any right, email us at privacy@kairox.in. We will respond within 30 days.

09Cookies & Tracking

We use a single first-party session cookie: next-auth.session-token. This cookie is strictly necessary for authentication and cannot be disabled without logging out.

We do not use third-party advertising cookies, cross-site tracking pixels, or analytics services that profile individual users. We may use Vercel's built-in aggregate analytics (page views, error rates) which are anonymised.

10Children's Privacy

Kairo-X is not directed at children under the age of 13 (or 16 in the EU/UK). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@kairox.in and we will delete it promptly.

11International Data Transfers

Kairo-X is operated from India (www.kairox.in). Our infrastructure providers (Neon, Vercel, Cloudinary, Groq, Google, Stripe) may process data in the United States or other countries. By using Kairo-X, you consent to these transfers. We rely on our providers' data processing agreements and standard contractual clauses where applicable.

12Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above. For material changes, we will notify you via in-app notification or email. Continued use of Kairo-X after changes take effect constitutes acceptance of the revised policy.

13Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: privacy@kairox.in
Website: www.kairox.in

We aim to respond to all privacy-related inquiries within 30 days.