Privacy Policy

Effective Date: March 7, 2026 · Last Updated: March 7, 2026

1. Introduction

This Privacy Policy ("Policy") explains how lockedin ("lockedin," "we," "us," or "our") collects, uses, stores, shares, and protects information obtained from individuals who access or use the lockedin platform, including the website located at lockedin.work, any associated mobile applications, and all related services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with the practices described here, you should discontinue use of the Service immediately.

lockedin is a career development platform that provides AI-assisted career insights, resume building tools, a mentorship marketplace, job application tracking, and collaborative workspace functionality. The nature of these services necessarily requires the processing of personal information, and this Policy is intended to give you a clear and transparent picture of those practices.

2. Information We Collect

2.1 Information You Provide Directly

When you register for an account, complete your profile, or use the various features of the Service, you may provide us with the following categories of information:

  • Account Information: name, email address, and password. If you register through a third-party authentication provider (Google, LinkedIn, or GitHub), we receive the profile information you authorize that provider to share with us.
  • Profile and Demographic Information: date of birth, phone number, mailing address (including city, state, country, and postal code), profile photograph, career stage, and professional field.
  • Resume and Career Data: resume documents you upload, the text extracted from those documents, and any structured data derived from them (work experience, education history, skills, certifications, and language proficiency). Resume versions and revision history are also retained.
  • Job Application Data: job titles, company names, application dates, application status, role types, source URLs, and any notes you attach to tracked applications.
  • Interview Records: interview dates, formats, stages, outcomes, and notes you choose to record within the Service.
  • Mentorship Information: for mentors, this includes availability schedules, timezone, session preferences, and profile details. For mentees, this includes session booking details, review ratings, and written feedback.
  • Messages and Communications: the content of messages sent through the platform's messaging features, including direct conversations between mentors and mentees.
  • Workspace and Goals Data: workspace names, descriptions, goal titles, milestone descriptions, progress logs, and documents uploaded to shared workspaces.
  • Journal Entries: any personal journal entries you write, including associated tags and privacy settings.
  • Payment Information: when you subscribe to a paid plan, payment processing is handled by Stripe, Inc. We do not store your full credit card number on our servers. We do retain your Stripe customer identifier, subscription status, plan tier, and billing period dates.
  • Feedback: ratings and messages you submit through any feedback mechanism within the Service.

2.2 Information Collected Automatically

When you interact with the Service, certain information is generated and collected automatically:

  • Session and Authentication Data: session tokens, login timestamps, and the date you last accessed the Service.
  • Usage and Feature Metrics: which features you use, how frequently, and any usage quotas associated with your subscription tier. These metrics are collected for the purpose of enforcing plan limits and improving the Service.
  • Error and Diagnostic Data: we use Sentry, a third-party error-tracking service, to capture application errors and performance data. This may include device type, browser version, operating system, IP address, and stack traces associated with errors you encounter.
  • Cookies and Local Storage: the Service uses cookies and browser local storage to maintain your authentication state and preferences. Details are provided in Section 8 below.

2.3 Information from Third-Party Sources

If you choose to connect a third-party account, we may receive information from that provider:

  • OAuth Providers (Google, LinkedIn, GitHub): your name, email address, profile image, and account identifier as authorized by you during the authentication flow.
  • Cloud Storage Providers: if you connect Google Drive, Amazon S3, or another supported cloud storage provider for resume synchronization, we store the OAuth access and refresh tokens (encrypted at rest) necessary to maintain that connection, along with sync status and folder configuration.

3. How We Use Your Information

The information collected through the Service is used for the following purposes:

  • To create and maintain your account, authenticate your identity, and provide the core functionality of the Service.
  • To extract, parse, and structure resume content so that it can be displayed, edited, and versioned within the resume builder.
  • To generate AI-powered career insights, skill gap analyses, industry trend summaries, and personalized recommendations based on your profile and career data.
  • To facilitate the mentorship marketplace, including matching mentors with mentees, scheduling sessions, and enabling in-platform communication.
  • To process subscription payments through Stripe and enforce the feature limits associated with your chosen plan.
  • To synchronize your resume documents with connected cloud storage providers at your direction.
  • To send transactional communications, including email verification codes, password reset links, session confirmations, and account notifications.
  • To monitor application performance, diagnose technical issues, and improve the reliability and security of the Service.
  • To track aggregate platform metrics (such as active user counts, session volumes, and feature adoption rates) for internal business analysis. These metrics are not sold to third parties.
  • To enforce our Terms of Service and protect the rights, safety, and property of lockedin, its users, and the public.

4. Artificial Intelligence and Automated Processing

A core component of the Service involves the use of artificial intelligence to analyze your career data and generate personalized insights. You should be aware of the following:

  • Resume text, career profile information, and related data may be submitted to third-party AI model providers (currently Google Gemini) for the purpose of generating career insights, extracting structured information from uploaded documents, and producing skill gap analyses.
  • AI-generated content, including insights, recommendations, and extracted resume data, is produced by automated systems and may contain inaccuracies. Such content does not constitute professional career advice, legal advice, or any form of guaranteed outcome.
  • Vector embeddings (mathematical representations of your content) may be generated and stored to enable semantic search and content relevance features within the Service.
  • We do not use your personal data to train general-purpose AI models. Data submitted to third-party AI providers is processed under their applicable data processing agreements and is subject to their published privacy practices.

5. Sharing and Disclosure of Information

We do not sell your personal information. Information may be shared with third parties only in the following circumstances:

  • Service Providers: we engage third-party vendors to perform functions on our behalf, including payment processing (Stripe), email delivery (Zoho), error tracking (Sentry), AI inference (Google), and cloud infrastructure providers. These vendors receive only the information necessary to perform their designated functions and are contractually obligated to protect the confidentiality of that data.
  • Mentorship Participants: if you participate in the mentorship marketplace, certain profile information (such as your name, profile image, career stage, and session history) is visible to the other party in a mentor-mentee relationship. Messages exchanged between participants are accessible to both parties in the conversation.
  • Workspace Members: information you contribute to a shared workspace (documents, goals, progress logs) is visible to other members of that workspace, subject to the permissions defined within it.
  • Cloud Storage Providers: if you enable resume synchronization, your resume files are transmitted to your designated cloud storage provider (Google Drive, Amazon S3) at your explicit direction.
  • Legal Obligations: we may disclose information if required to do so by law, regulation, legal process, or governmental request, or where disclosure is necessary to protect our rights, enforce our Terms of Service, prevent fraud, or ensure the safety of our users.
  • Business Transfers: in the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

6. Data Retention

Your personal information is retained for as long as your account remains active or as needed to provide the Service to you. Specific retention practices include:

  • Account data and profile information are retained until you delete your account or request deletion.
  • Resume versions and career data are retained to support version history functionality and are deleted upon account closure.
  • Messages between users are retained for the duration of the conversation and are subject to deletion by either participant.
  • Payment records and subscription history may be retained for a longer period as required for financial reporting, tax compliance, and dispute resolution purposes.
  • Error logs and diagnostic data collected through Sentry are retained in accordance with Sentry's data retention policies.
  • Following account deletion, we may retain anonymized or aggregated data that can no longer be used to identify you, for analytical and service-improvement purposes.

7. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information. These may include:

  • Access: you may request a copy of the personal information we hold about you.
  • Correction: you may update or correct inaccurate information through your account settings, or by contacting us directly.
  • Deletion: you may request that we delete your account and associated personal information, subject to any legal obligations that require us to retain certain records.
  • Data Portability: where technically feasible, you may request your data in a structured, machine-readable format.
  • Withdraw Consent: where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
  • Object to Processing: you may object to certain types of processing, including processing for direct marketing purposes.
  • Cloud Storage Disconnection: you may revoke the cloud storage connection at any time through your account settings. Revoking the connection does not delete files previously synced to your external storage provider.

To exercise any of these rights, contact us at locked@lockedin.work. We will respond to your request within thirty (30) days, or such shorter period as may be required by applicable law.

8. Cookies and Tracking Technologies

The Service uses cookies and similar technologies for the following purposes:

  • Essential Cookies: required for authentication, session management, and security. These cannot be disabled without impairing the core functionality of the Service.
  • Preference Cookies: used to remember your settings, such as theme preferences and onboarding state.
  • Analytical Cookies: used to collect aggregate usage data for internal service improvement. We do not use third-party advertising trackers.

You may configure your browser to refuse cookies or to alert you when cookies are being sent. Be aware that disabling essential cookies will prevent you from using authenticated features of the Service.

9. Data Security

We implement technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of sensitive data at rest (including OAuth tokens and cloud storage credentials), secure transmission over HTTPS, and access controls limiting internal access to personal data on a need-to-know basis.

No method of electronic transmission or storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

10. International Data Transfers

The Service is operated from infrastructure that may be located in multiple jurisdictions. If you access the Service from outside the country where our servers are located, your information may be transferred across international borders. By using the Service, you consent to the transfer of your information to jurisdictions that may have data protection laws different from those in your country of residence. Where required by applicable law, we will ensure appropriate safeguards are in place for such transfers.

11. Children's Privacy

The Service is not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete that information promptly. If you believe that a child under 16 has provided us with personal data, please contact us at locked@lockedin.work.

12. Third-Party Links and Services

The Service may contain links to third-party websites, services, or integrations not operated by us. This Policy does not apply to those third-party services. We are not responsible for the privacy practices of any third party, and we encourage you to review their privacy policies independently. Your interaction with any third-party service, including job listing sites accessed through tracked application URLs, is governed by that third party's own terms and privacy policy.

13. Changes to This Policy

We reserve the right to modify this Policy at any time. When changes are made, we will update the "Last Updated" date at the top of this page. If the changes are material, we will make reasonable efforts to notify you through the Service or by email. Your continued use of the Service after the effective date of any revised Policy constitutes your acceptance of the updated terms. We encourage you to review this Policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

lockedin
Email: locked@lockedin.work