Privacy Policy
Effective Date: 23 March 2026
UpConext Pty Ltd (“UpConext”, “we”, “us”, or “our”) is committed to protecting your privacy in accordance with the Privacy Act 1988(Cth) and the Australian Privacy Principles (APPs). This Policy outlines our “Trust-First” data architecture.
1. Information We Collect & Encryption
1.1 Account Data: Collected via Clerk (Email, Name, Avatar).
1.2 Career Profile & Resume Data: We extract structured data from your professional history.
1.3 Encryption Standard: All raw resume text is encrypted at rest using AES-256-GCM and protected in transit via TLS 1.3. We do not store original PDF files after extraction.
1.4 Sensitive Information Warning:UpConext does not require, nor do we intentionally process, “Sensitive Information” (e.g., health, religion, or political affiliation). You are responsible for redacting such information from your resume before upload.
2. The “No-Training” Guarantee
2.1 Enterprise API Tiers: We exclusively utilize the Enterprise/API tiers of our Third-Party AI Providers (OpenAI API, Google Vertex AI, Anthropic Console).
2.2 Data Siloing: Under our enterprise agreements, your Resume Data and AI Interaction Data are NEVER used to train the global machine learning models of these providers. Your data remains siloed to your specific service instance.
3. Third-Party Disclosure & Cross-Border Flows (APP 8.1)
To provide the Service, we disclose data to the following sub-processors. We have performed due diligence to ensure these providers meet SOC2 Type II or ISO 27001 global security benchmarks:
| Provider | Primary Location | Purpose | Data Safeguard |
|---|---|---|---|
| Clerk / Convex | USA | Auth & Database | SOC2 / AES-256 Encryption |
| OpenAI / Google | USA | AI Processing | API Enterprise Terms (No-Training) |
| Anthropic / Perplexity | USA | AI Tutoring | API Console Terms |
| Vercel | USA | Hosting/Analytics | De-identified/Anonymized |
4. Data Minimization & Purge Policy
4.1 12-Month Inactivity Purge: To minimize the risk of data exposure, accounts that remain inactive (no login) for a period of twelve (12) consecutive months will have their Personally Identifiable Information (PII) and Resume Data permanently deleted.
4.2 Anonymized Trends: We may retain de-identified, aggregated metadata (e.g., general skill trends) for service improvement, as this data no longer identifies you.
5. Communications & the Spam Act 2003 (Cth)
5.1 Transactional Emails:We will send essential service emails (e.g., “Your Pulse is Ready”) which do not require an opt-out.
5.2 Marketing Emails:We will only send “New Feature” or promotional updates if you have explicitly Opted-In at registration. All marketing emails include a 1-Click Unsubscribe mechanism.
6. Your Rights & Complaints
6.1 Access & Correction: You have the right to access and correct your personal information under APPs 12 and 13.
6.2 Complaints: If you believe we have breached the APPs, contact our Privacy Officer at privacy@upconext.com. We will respond within 30 days. If unsatisfied, you may escalate to the Office of the Australian Information Commissioner (OAIC).
7. Data Breach Notification
In accordance with the Notifiable Data Breaches (NDB) scheme, we will notify you and the OAIC if we experience a data breach likely to result in serious harm.
8. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights of access/correction, or want to make a formal complaint, please contact us at privacy@upconext.com.