Privacy Policy

Your privacy and data security are fundamental to how we build and operate BioCAN's career advancement platform.

Last updated: 01/Jan/2026

1. Introduction

BioCAN (BioCareer Advancement Network) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our career development platform.

As an AI-powered career guidance platform, we handle sensitive professional and personal information. We are committed to transparency about our data practices and giving you control over your information.

2. Information We Collect

2.1 Personal Information

  • Account Information: Name, email address, profile picture (via Google OAuth)
  • Professional Details: Education, work experience, skills, career goals
  • Contact Information: Phone number, location (optional)
  • Payment Information: Transaction IDs, payment status, and subscription details (payment card details are processed directly by Cashfree's PCI-DSS compliant servers - we never store or access card numbers, CVV, or expiry dates)

2.2 Assessment and Career Data

  • Personality Assessments: MBTI results and other career assessment responses
  • Skills Evaluation: Self-reported skills and AI-analyzed competencies
  • Career Preferences: Job interests, industry preferences, salary expectations
  • Learning Progress: Course completions, skill development tracking
  • Job Application Data: Companies, positions, application dates, status updates
  • Resume Content: Education, experience, skills, certifications, projects

2.3 Usage and Technical Data

  • Platform Activity: Features used, time spent, user interactions
  • Search Data: Job searches, AI chat conversations, content preferences
  • Device Information: Browser type, device type, IP address
  • Performance Data: Page load times, error reports, feature usage
  • Automation Data: Form filling patterns, application success rates
  • Wallet Transactions: Subscription purchases, top-ups, usage credits
  • Referral Activity: Referral codes shared, sign-ups generated, rewards earned

2.4 AI Interaction Data

  • Chat History: Conversations with our AI career assistant
  • Recommendation Feedback: Ratings and responses to job suggestions
  • Learning Patterns: How you interact with our AI-powered features
  • Resume Generation Data: AI-generated resume versions and edits
  • Email Processing: Job-related email content processed for tracking (with consent)

2.5 Third-Party Integration Data

  • Gmail Data: Email content related to job applications (only with explicit OAuth consent)
  • Payment Gateway Data: Transaction IDs, payment status, subscription details (payment card information is processed directly by Cashfree - we never store or access sensitive card data)
  • OAuth Tokens: Encrypted tokens for Gmail access (stored securely)

Google OAuth and Gmail API Compliance:

  • Gmail data is accessed only with your explicit OAuth consent through Google's consent screen
  • We only access email content related to job applications for automatic tracking purposes
  • Gmail data is not used for advertising or marketing purposes
  • Gmail data is not transferred to third parties except as necessary to provide the service
  • You can revoke Gmail access at any time through your account settings or Google account settings
  • Gmail data access complies with Google API Services User Data Policy
  • We use Gmail API with restricted scopes limited to reading job-related emails only

Important: We only access third-party data with your explicit consent. You can revoke access at any time through your account settings or the third-party service.

3. How We Use Your Information

Core Services:

  • Provide personalized job recommendations
  • Generate career assessment reports
  • Create customized skill development roadmaps
  • Enable AI-powered career chat assistance
  • Track job applications automatically via Gmail integration
  • Generate and optimize resumes using AI
  • Automate job application form filling
  • Provide daily career insights and happenings
  • Manage wallet credits
  • Process referral program rewards

Platform Improvement:

  • Enhance AI recommendation algorithms
  • Improve user experience and interface
  • Develop new features and services
  • Conduct research and analytics
  • Ensure platform security and reliability
  • Provide customer support

Communication:

  • Send service updates and feature announcements
  • Provide career insights and industry news
  • Respond to your inquiries and support requests
  • Send marketing communications (with your consent)

4. AI and Machine Learning Data Usage

BioCAN uses advanced AI and machine learning technologies to provide personalized career guidance. Here's how your data is used in our AI systems:

AI Model Training:

  • Anonymized data is used to improve recommendation accuracy
  • Career outcome patterns help refine job matching algorithms
  • User feedback helps train our AI chat assistant
  • Assessment responses improve personality-job fit models

Data Protection in AI:

  • Personal identifiers are removed from training datasets
  • AI models use aggregated, not individual, data for learning
  • Sensitive information is encrypted and access-controlled
  • Model outputs are reviewed for bias and fairness

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

Service Providers:

  • Authentication: Google OAuth for secure login (complies with Google OAuth 2.0 policies)
  • Payment Processing: Cashfree for secure payment processing (PCI-DSS compliant)
  • Cloud Infrastructure: Secure hosting and data storage
  • Analytics: Usage analytics for platform improvement
  • Email Services: Gmail API for job application tracking (with explicit OAuth consent, complies with Google API Services User Data Policy)
  • AI Services: Third-party AI providers for resume generation, analysis, and career assistance
  • Job Data Providers: Third-party services for job listings and career data

Google Services Compliance:

Our use of Google OAuth and Gmail API is subject to Google's API Services User Data Policy, including the Limited Use requirements. We only access Gmail data necessary for job application tracking, do not use it for advertising, and allow you to revoke access at any time.

Payment Processing & PCI-DSS Compliance:

BioCAN uses Cashfree, a PCI-DSS Level 1 compliant payment gateway, for all payment processing. We do not store, process, or transmit credit card or debit card information on our servers.

  • Payment information is processed directly by Cashfree's secure servers
  • We only receive transaction IDs, payment status, and subscription details
  • All payment data is encrypted in transit using industry-standard SSL/TLS protocols
  • Cashfree is certified as PCI-DSS Level 1 compliant, the highest level of security certification
  • We comply with all applicable payment card industry security standards

Job Opportunities:

  • With your explicit consent, we may share your profile with potential employers
  • Job application services require sharing relevant professional information
  • Automated application features may submit your resume and profile data to employers
  • You control what information is shared and with whom
  • Gmail integration processes emails only for job tracking purposes

Gmail Data Usage Restrictions (Google Compliance):

  • Gmail data is used solely for the purpose stated: automatic job application tracking
  • Gmail data is NOT used for advertising, marketing, or any other purpose
  • Gmail data is NOT transferred, sold, or shared with third parties except as necessary to provide the tracking service
  • Gmail data access is limited to reading job-related emails only
  • We comply with Google's Limited Use requirements for Gmail API

Legal Requirements:

We may disclose information when required by law, court order, or to protect our rights and safety.

6. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards:

  • End-to-end encryption for data transmission
  • Encrypted data storage and backups
  • Secure API endpoints and authentication
  • Regular security audits and updates
  • Intrusion detection and monitoring

Access Controls:

  • Role-based access to user data
  • Multi-factor authentication for staff
  • Audit logs for all data access
  • Regular employee security training
  • Principle of least privilege

Payment Security & PCI-DSS Compliance:

BioCAN is committed to protecting your payment information. We use Cashfree, a PCI-DSS Level 1 certified payment gateway, to process all payments securely.

  • No Card Data Storage: We never store, process, or have access to your credit card numbers, CVV codes, or expiry dates
  • PCI-DSS Compliance: All payment processing is handled by Cashfree, which is certified as PCI-DSS Level 1 compliant (the highest level of security certification)
  • Encrypted Transmission: All payment data is encrypted in transit using industry-standard SSL/TLS protocols
  • Secure Processing: Payment information is processed directly on Cashfree's secure servers, never on our systems
  • Transaction Data: We only receive and store transaction IDs, payment status, and subscription details for account management purposes
  • Regular Audits: Cashfree undergoes regular security audits and maintains compliance with all payment card industry standards

For more information about Cashfree's security practices, please visit cashfree.com/security

7. Your Privacy Rights and Choices

You have several rights regarding your personal information:

Access and Control:

  • View Your Data: Access all personal information we have about you
  • Update Information: Modify your profile and preferences anytime
  • Data Export: Download your data in a portable format
  • Account Deletion: Request complete account and data removal

Communication Preferences:

  • Opt out of marketing emails while keeping service notifications
  • Control job recommendation frequency and type
  • Manage AI chat history and data usage

Data Processing:

  • Object to certain uses of your information
  • Request correction of inaccurate data
  • Limit processing for specific purposes

Gmail Data Control (Google Compliance):

In compliance with Google's API Services User Data Policy and Limited Use requirements:

  • You can revoke Gmail access at any time through your BioCAN account settings
  • You can also revoke access directly through your Google account settings
  • Upon revocation, we will immediately stop accessing your Gmail data
  • We will delete stored Gmail-related data within 30 days of revocation (except as required by law)
  • Gmail data is only used for the stated purpose: automatic job application tracking
  • Gmail data is never used for advertising or marketing purposes
  • Gmail data is not transferred to third parties except as necessary to provide the tracking service

8. Data Retention

We retain your information only as long as necessary to provide our services and fulfill the purposes described in this policy:

  • Active Accounts: Data retained while your account is active
  • Inactive Accounts: Data deleted after 2 years of inactivity
  • Assessment Results: Retained to track career progress (deletable on request)
  • AI Chat History: Retained for 1 year unless deleted earlier
  • Financial Records: Retained for 7 years for legal compliance
  • Job Application Data: Retained while account is active, deleted upon account closure
  • Resume Data: Retained for resume history and regeneration (deletable on request)
  • Gmail Integration: Email data processed in real-time, not stored long-term
  • Wallet Transactions: Retained for 7 years for financial compliance
  • Referral Data: Retained for program administration and reward processing

Upon account deletion, most data is removed immediately, with some anonymized data retained for service improvement.

9. Children's Privacy

BioCAN is designed for working professionals and individuals seeking career advancement. Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately.

10. International Data Transfers

BioCAN operates primarily in India, but we may transfer data internationally to provide our services:

  • Cloud infrastructure may be located in different countries
  • All transfers comply with applicable data protection laws
  • Appropriate safeguards are in place for international transfers
  • Data is encrypted during transfer and storage

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated via email or platform notification at least 30 days before they take effect. Your continued use of BioCAN after changes constitutes acceptance of the updated policy.

12. Contact Information

For questions about this Privacy Policy or to exercise your privacy rights, contact us:

Email: tech.biocan@gmail.com
Support: arjun@biocan.ai
Phone: +91 9044404142

Note: We are committed to responding to privacy requests within 30 days. For urgent matters, please mark your email as "Urgent Privacy Request."