Privacy Policy

For privacy inquiries, contact us at [email protected] or call 786-280-0764. Visit our Trust Center for security documentation.

Quick Reference

1. Introduction

Prentus, Inc. ("Prentus," "we," "us," or "our") operates an AI-powered career services platform for educational institutions, workforce development organizations, and employers. This Privacy Policy explains how we collect, use, share, store, and protect personal information when you use the Prentus platform, website, Chrome Extension, APIs, and related services (collectively, the "Platform").

This Policy applies to:

• Members/Students — individuals who use the Platform for career development (all users are 18 or older)
• Institutional Administrators and Advisors — staff of educational institutions that license the Platform
• Employers — companies and recruiters that access the Platform to source talent and post jobs
• Website Visitors — anyone who visits prentus.com without creating an account

This Policy does not apply to third-party services linked from the Platform. The Platform is operated from the United States and is primarily intended for users in the United States. We do not actively market to or serve users in the European Union, United Kingdom, or European Economic Area.

By using the Platform, you agree to the collection and use of your information as described in this Policy.

2. Who Controls Your Data

2.1 Prentus as Data Controller

For information we collect directly from you as a website visitor, employer, or individual member, Prentus is the data controller.

2.2 Institutions as Data Controllers

When an educational institution (our customer) deploys the Platform for its students and staff, the institution is the data controller for that student and staff personal data. Prentus acts as a service provider processing that data on the institution's behalf. If you have questions about how your institution handles your data, contact your institution directly.

2.3 Questions About This Policy

For all privacy inquiries, contact us at [email protected] or call 786-280-0764.

3. Information We Collect

3.1 Information You Provide Directly

Account Information:

• Full name, email address, password (hashed; never stored in plain text)
• Phone number (for SMS and notification features)
• Profile photo
• Physical address (where provided for contact purposes)

Career Profile Data:

• Professional summary and career goals
• Work experience (employer names, job titles, dates, responsibilities, accomplishments)
• Education history (institutions, degrees, graduation dates, GPA if provided)
• Skills, certifications, and professional courses
• Target role, industry, and job preferences (location, salary expectations, work arrangement)
• Demographic information (race/ethnicity, gender, veteran status, disability status, LGBTQ+ status) — entirely voluntary and used only for equity and compliance reporting

Career Documents:

• Resume content and all saved versions
• Cover letter content and all saved versions
• LinkedIn profile data (when you connect your LinkedIn account)

Job Search Activity:

• Jobs saved, tracked, or applied to through the Platform
• Application stage information (applied, phone screen, interview, offer, hired, rejected)
• Offer details (employer, title, compensation, start date) when voluntarily provided
• Networking contacts added to the Networking Tracker
• Saved job searches and job preferences

Communications:

• Messages exchanged with advisors or employers through the Platform
• Survey and check-in responses
• Support requests and feedback submissions

AI Interaction Data:

• Prompts and conversation content submitted to the AI Career Advisor
• Voice recordings and transcripts from AI Mock Interview sessions
• AI-generated content you accept, edit, or save (resumes, cover letters, emails, interview answers)

Institution/Employer Information:

• Organization name, size, industry, website
• Recruiter or administrator contact details
• Job posting content and candidate notes
• Billing information (processed and stored by Stripe; Prentus stores only billing address, last 4 digits of card, and card type)

3.2 Information We Collect Automatically

Usage Data:

• Pages viewed, features used, and time spent on the Platform
• Click patterns, navigation paths, and feature interaction logs (e.g., mock interviews completed, resumes submitted, jobs applied)
• Search queries submitted within the Platform

Device and Technical Data:

• IP address and approximate geographic location derived from IP
• Browser type, version, and settings
• Operating system and device type
• Screen resolution and language preferences
• Referring URLs

Log Data:

• Server request logs (timestamp, endpoint accessed, HTTP response codes)
• Error logs and crash reports (processed by Sentry)
• Performance monitoring data

See Section 9 for information about cookies and tracking technologies.

3.3 Information We Collect from Third Parties

LinkedIn:

When you authorize the LinkedIn integration, we collect profile data including: headline, summary, work experience, education, skills, profile photo, profile URL, and public connection count. We may periodically re-sync this data. We use this data to populate your Prentus career profile and to detect employment changes for outcome tracking.

Proxycurl:

We use Proxycurl, a LinkedIn profile enrichment service, to supplement LinkedIn profile data and verify employment information. Proxycurl retrieves publicly available LinkedIn profile data. By connecting your LinkedIn account or enabling outcome tracking, you consent to this enrichment process.

Google:

When you connect Google Calendar, we access calendar event data (titles, times, attendees) for scheduling features. We do not store Google Calendar content beyond what is necessary to render scheduling. Google Workspace is used for institutional SSO authentication where enabled.

Identity Providers (SSO):

When your Institution enables SAML 2.0-based SSO, we receive attributes from your institution's identity provider such as name, email, student ID, department, and program enrollment.

Job Aggregation Services:

We receive job listing data from third-party job APIs (via ProAPIs/RapidAPI) to populate the Platform's job board. This data does not include your personal information.

Payment Processors:

Stripe provides payment confirmation, subscription status, and limited billing data. We do not receive or store your full credit card number.

Employers:

Employers may provide candidate notes, interview feedback, hiring decisions, and application status updates through the Platform, which are associated with your Member profile.

Institutions:

Educational institutions may upload student roster data, program enrollment information, graduation dates, academic standing, and other information they are authorized to share with us under FERPA or applicable state law.

4. How We Use Your Information

4.1 Providing and Operating the Platform

• Creating and managing your account
• Providing career coaching, resume tools, job search, and AI features
• Processing payments and managing subscriptions
• Personalizing job recommendations and AI coaching context
• Enabling Institution features including student directory, advising tools, and outcome tracking
• Sending transactional communications (account confirmations, security alerts, receipts)
• Providing customer support

4.2 AI Feature Operation

• Processing your voice input for real-time speech-to-text transcription during AI Mock Interviews
• Generating AI-assisted resume content, cover letters, interview feedback, and career coaching responses using models provided by OpenAI, Anthropic, and Google (Gemini)
• Analyzing your LinkedIn profile and resume to generate improvement recommendations
• Generating job application answers through the Chrome Extension
• Detecting employment changes via LinkedIn monitoring and Proxycurl enrichment

4.3 Outcome Tracking

• Monitoring your LinkedIn profile (when connected) for employment changes
• Creating outcome records when employment is detected or self-reported
• Enabling your Institution to confirm, verify, and report on employment outcomes for accreditation, compliance, and program improvement purposes
• Generating aggregate statistics on employment rates and salaries for institutional reporting (NACE-compatible)

4.4 Communications

• Transactional emails via Postmark (password resets, notifications, receipts)
• Advisor messages and broadcast communications from your Institution
• Product updates and feature announcements (you may opt out)
• Job match and career milestone notifications (you may opt out)
• SMS messages via Twilio where you have provided your phone number and consented

4.5 Analytics and Product Development

• Analyzing aggregate usage patterns to improve Platform features
• Creating anonymized benchmarks on employment outcomes, student engagement, and platform effectiveness
• Conducting A/B testing to improve user experience
• Training and improving AI models using anonymized and aggregated data (see Section 13)
• Error tracking and diagnostics via Sentry

4.6 Security and Fraud Prevention

• Detecting, investigating, and preventing fraudulent or abusive activity
• Maintaining Platform security and integrity
• Conducting security audits in connection with our SOC 2 Type II certification program

4.7 Legal and Compliance

• Complying with applicable laws and regulations
• Responding to lawful legal process (subpoenas, court orders)
• Enforcing our Terms of Service
• Protecting the rights, property, and safety of Prentus, our users, and the public

5. How We Share Your Information

5.1 With Your Institution

If you are a Member who joined through an Institution, we share your career profile, activity data, career materials, job search activity, and outcome information with your Institution's authorized administrators and advisors. Your Institution is the data controller for this data and is responsible for its use in accordance with applicable law, including FERPA.

Your Institution can see:

• Your full career profile (experience, education, skills, summary)
• Career document status (submitted, approved, needs revision)
• Job search activity (applications, stage progress, offers — where self-reported)
• Mock interview completion records
• Platform engagement metrics (last login, activity frequency)
• Outcome records (employment status, salary where provided)

Your Institution cannot see (by default):

• Private advisor message content (where configured as private)
• Your Chrome Extension browsing activity
• The verbatim content of your AI coaching conversations (session completion data only, unless your institution has configured otherwise)

5.2 With Employers

Subject to your Institution's privacy settings and your profile approval status, Employer partners of your Institution may view:

• Your career profile, resume, and career summary
• Your target role, skills, and job preferences
• Your program and expected graduation date

Employers do not receive access to your personal contact information (unless you choose to share it), compensation data you have not disclosed, private advisor notes, or your full application history.

Anonymized Mode: If your Institution has enabled the unbiased talent presentation feature, employers see your profile without your name, photo, or institution name during initial screening.

Talent Links: Your Institution may include your profile in a curated Talent Link shared with an employer. Your Institution controls this feature and is responsible for its appropriate use.

5.3 With Service Providers

We share personal information with third-party service providers that process it on our behalf in order to provide the Platform. See Section 6 for our complete subprocessor list. We require subprocessors to process data only as directed and to maintain appropriate security measures.

5.4 Aggregated and Anonymized Data

We may share aggregated, de-identified data (which cannot reasonably be used to identify you) with institutional partners for benchmarking, with researchers for career services research, and in public reports and marketing materials.

5.5 Business Transfers

If Prentus is involved in a merger, acquisition, asset sale, financing, bankruptcy, or similar corporate event, your information may be transferred to the acquiring or successor entity. We will provide advance notice of any such transfer as required by applicable law.

5.6 Legal Requirements

We may disclose your information where required or permitted by law, including in response to valid legal process, to comply with legal obligations, to enforce our Terms, or to protect the rights and safety of Prentus, our users, or the public. We will, where legally permissible, notify you before disclosing your information in response to legal process.

5.7 With Your Consent

We may share your information for any other purpose with your explicit prior consent.

6. Subprocessors

Our complete, current list of subprocessors is maintained and updated at trust.prentus.com/subprocessors. The following are key subprocessors that may process personal data:

Each subprocessor's privacy practices are governed by their own terms and privacy policies. We link to our Trust Center above, which is kept up to date as providers change.

We will provide at least thirty (30) days' advance notice of material changes to subprocessors that may adversely affect the processing of your personal data, where required by applicable law or contract.

7. Data Retention

We retain personal information for as long as necessary to provide the Platform and fulfill the purposes described in this Policy, subject to legal and contractual obligations.

We may retain certain data longer if required by ongoing litigation, regulatory investigation, or legal obligation. When retention periods expire, data is deleted or anonymized in accordance with our data destruction procedures.

Institutional Data: Data controlled by an Institution is retained per the terms of the applicable subscription agreement and is deleted or returned upon termination as specified therein.

8. Your Rights and Choices

8.1 Access

You may request a copy of the personal information we hold about you through your account settings or by contacting us.

8.2 Correction

You may update or correct inaccurate personal information through your account settings at any time. For information uploaded by your Institution, contact your Institution to request corrections.

8.3 Deletion

You may request deletion of your personal data by contacting us at [email protected]. We will delete your data subject to: (a) legal retention requirements; (b) data required for ongoing institutional accreditation; and (c) where your data is controlled by an Institution (which must be directed separately).

8.4 Data Portability

You may request a copy of your personal data in a structured, machine-readable format.

8.5 Opt-Out of Marketing Communications

You may opt out of marketing emails by clicking "Unsubscribe" in any marketing email or updating your notification preferences in account settings. You cannot opt out of transactional communications necessary for Platform operation.

8.6 SMS Opt-Out

Reply "STOP" to any SMS message from Prentus to opt out. Standard message and data rates may apply. Reply "HELP" for help.

8.7 LinkedIn Disconnection

You may disconnect your LinkedIn account at any time through account settings. This stops future syncs; previously synced data remains in your Prentus profile until you request deletion.

8.8 AI Mock Interview Opt-Out

You may simply decline to use the AI Mock Interview feature. If you have used the feature and wish to request deletion of your voice recordings or transcripts before the standard retention period, contact [email protected].

8.9 Chrome Extension

You may uninstall the Chrome Extension at any time through your browser's extension manager. Uninstalling does not delete data already synced to your Prentus account.

8.10 How to Submit Requests

Contact us at:

• Email: [email protected]
• Phone: 786-280-0764
• Mail: Prentus, Inc., Attn: Privacy, 2905 Cascada Isles Way, Hollywood, FL 33024

We will respond within thirty (30) days (or the timeframe required by applicable law). We may need to verify your identity before fulfilling your request. We will not discriminate against you for exercising your privacy rights.

9. Cookies and Tracking Technologies

9.1 What We Use

9.2 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies will impair Platform functionality. Most browsers allow you to view, delete, and block cookies.

9.3 Google Analytics

We use Google Analytics on our marketing website (prentus.com) to understand visitor behavior. Google Analytics data is subject to Google's Privacy Policy. You may opt out using the Google Analytics Opt-out Browser Add-on.

9.4 Do Not Track

Prentus does not currently respond to browser "Do Not Track" signals, consistent with common industry practice. We will update this Policy if our practices change.

10. Security and SOC 2

Prentus maintains a SOC 2 Type II certified information security program, currently under audit for renewal. Our security controls include:

• Encryption — all data in transit is encrypted via TLS 1.2+; data at rest is encrypted via AES-256 or equivalent
• Authentication — password hashing, optional two-factor authentication, SAML 2.0 SSO
• Access controls — role-based access control; production data access restricted to authorized personnel
• Audit logging — all significant administrative actions are logged
• Endpoint security — full device encryption, anti-malware controls
• Incident response — formal breach detection and response procedures
• Continuous monitoring — security controls monitored continuously via our security compliance program (Sprinto)
• Business continuity — documented disaster recovery and business continuity plans

Our full security posture, controls documentation, and compliance reports (available under NDA) are maintained at trust.prentus.com.

No security measure is 100% effective. Despite our efforts, we cannot guarantee that unauthorized third parties will never circumvent our security measures. In the event of a security breach, we will notify you and applicable regulators as required by applicable law.

To report a security vulnerability, email [email protected] with "Security Vulnerability" in the subject line.

11. California Residents — CCPA and CPRA

This section supplements our general Privacy Policy for California residents and describes rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

11.1 Applicability

We provide this section as a best practice for California users. Prentus may not currently meet the statutory thresholds that trigger CCPA obligations (annual gross revenue exceeding $25 million; purchase/sale/receipt/sharing of personal information of 100,000+ California consumers or households; or derivation of 50%+ of annual revenue from selling personal information). Regardless, we are committed to transparency and honor the rights below.

11.2 Categories of Personal Information Collected (Last 12 Months)

11.3 We Do Not Sell or Share Personal Information

We do not sell your personal information as defined under the CCPA. We do not share personal information for cross-context behavioral advertising.

11.4 Your California Rights

• Right to Know — request disclosure of the categories and specific pieces of personal information we have collected, the sources, our business purpose, and the categories of third parties with whom we share
• Right to Delete — request deletion of personal information we have collected, subject to certain exceptions
• Right to Correct — request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing — not applicable; we do not sell or share personal information
• Right to Limit Use of Sensitive Personal Information — we use Sensitive Personal Information only for purposes permitted by CPRA Section 1798.121
• Right to Non-Discrimination — we will not discriminate against you for exercising any of the above rights

11.5 How to Submit a California Privacy Request

• Email: [email protected] with subject line "California Privacy Rights Request"
• Phone: 786-280-0764

We will verify your identity and respond within 45 days (extendable by an additional 45 days with notice). You may designate an authorized agent; agents must provide written authorization and we may require direct identity verification from you.

12. Education Records and FERPA

12.1 Prentus as School Official

For Institutions subject to FERPA, Prentus is designated as a "school official" with a "legitimate educational interest" as defined under FERPA (34 C.F.R. § 99.31(a)(1)). In this capacity, Prentus:

• Processes Educational Records only at the direction of and for the benefit of the disclosing Institution;
• Does not use Educational Records for purposes other than providing the Platform to the Institution;
• Does not re-disclose Educational Records to third parties without required authorization from the Institution or student; and
• Maintains appropriate technical and organizational security measures to protect Educational Records.

12.2 Institution Responsibility

Institutions are the data controllers for Educational Records and are responsible for ensuring their use of Prentus complies with FERPA, including obtaining any required student consents where the "school official" exception does not apply.

12.3 Student Rights

Students have the right under FERPA to inspect and review their Educational Records maintained by their Institution. Requests to inspect records should be directed to your Institution's registrar.

12.4 State Student Privacy Laws

We comply with applicable state student data privacy laws, including but not limited to:

• California: Student Online Personal Information Protection Act (SOPIPA)
• New York: Education Law § 2-d
• Illinois: Student Online Personal Protection Act (SOPPA)
• Colorado: Student Data Transparency and Security Act
• Other states: We comply with equivalent state laws where applicable

Institutions are responsible for ensuring compliance with the student privacy laws applicable to their jurisdiction. We will execute applicable state-required data processing agreements or student data privacy agreements upon request.

13. AI and Automated Processing

13.1 How We Use AI

The Platform uses AI language models from OpenAI, Anthropic, and Google (Gemini) to provide the following features:

13.2 AI Limitations

All AI-generated outputs are advisory and for informational purposes only. AI systems:

• May produce inaccurate, outdated, or contextually inappropriate content
• May reflect biases present in training data
• Should never be the sole basis for consequential career, hiring, or educational decisions

Prentus expressly disclaims liability for decisions made in sole reliance on AI-generated outputs.

13.3 AI Training

We may use anonymized, aggregated, and de-identified Platform data to train, fine-tune, and evaluate AI models used in the Platform. We do not use individually identifiable personal data to train AI models for purposes unrelated to providing the Platform. We do not use Educational Records covered by FERPA for AI training without authorization from the applicable Institution.

13.4 Prompts and Third-Party AI Providers

When you interact with an AI feature, your prompt content is transmitted to one or more of our AI model providers (OpenAI, Anthropic, Google). These providers process the prompt to generate a response. Do not include sensitive personal information, passwords, financial account numbers, or confidential third-party data in AI prompts. Each provider's data handling is subject to their own terms and privacy policies, which Prentus references but does not control.

13.5 No Automated Legal Decisions

We do not use fully automated processing to make binding decisions about you that produce legal or similarly significant effects without human involvement. AI scores and assessments on the Platform are always advisory and subject to human review.

14. Voice Data and Biometric Information

14.1 AI Mock Interview Voice Processing

When you use the AI Mock Interview feature:

• Your voice is transmitted in real time for speech-to-text transcription
• Voice recordings are temporarily stored during and immediately following the session
• Voice recordings are deleted within 30 days of the session
• Session transcripts are retained for up to 1 year
• We do not create persistent voiceprints, voice templates, or biometric signatures

14.2 Illinois — Biometric Information Privacy Act (BIPA)

Illinois residents: your voice may constitute a biometric identifier under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq.

By affirmatively clicking to begin an AI Mock Interview session, you provide the written, informed consent required by BIPA. Specifically, you consent to and acknowledge:

• Collection and temporary storage of your voice data for transcription and AI feedback purposes
• Transmission of voice data to Prentus's speech processing infrastructure
• Voice data retention for no longer than 30 days following the session
• Transcript retention for no longer than 1 year
• That Prentus will not sell, lease, trade, or profit from your biometric data
• That this consent covers the purposes described in these Terms and this Policy

To withdraw consent, discontinue use of the AI Mock Interview feature and contact [email protected] to request early deletion of any retained voice data.

14.3 Other States with Biometric Privacy Laws

The following states have enacted laws that may apply to voice or biometric data:

If you are located in one of these states, we provide equivalent disclosures and honor your rights under applicable law. Contact [email protected] to exercise any biometric data rights.

15. Additional U.S. State Privacy Rights

The following states have enacted comprehensive privacy laws that provide residents with rights regarding their personal data. Prentus honors these rights for residents of all applicable states.

Rights available under most of these laws include:

• Right to Know/Access — know what personal data we hold about you
• Right to Correct — request correction of inaccurate data
• Right to Delete — request deletion of your personal data
• Right to Portability — obtain a copy of your data in a portable format
• Right to Opt-Out — opt out of the sale of personal data, targeted advertising, or profiling for decisions with significant legal or similar effects

We do not sell personal data or engage in targeted advertising as defined by these statutes.

To exercise any of these rights, regardless of your state of residence:

• Email: [email protected] — Subject: "State Privacy Rights Request — [Your State]"
• Phone: 786-280-0764

We will respond within the timeframe required by applicable law (generally 45–90 days depending on the state). We will not discriminate against you for exercising your privacy rights.

16. Contact Us

For all privacy inquiries, rights requests, security concerns, and DMCA notices:

Prentus, Inc.

Attn: Privacy

2905 Cascada Isles Way

Hollywood, FL 33024

United States

Email: [email protected]

Phone: 786-280-0764

Trust Center: trust.prentus.com

Response times:

• General privacy inquiries: within 5 business days
• Rights requests: within 30 days (or as required by applicable law)
• Security vulnerability reports: within 72 hours

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the revised Policy with an updated "Last Updated" date;
• Sending an email notification to your registered email address; and/or
• Displaying a prominent in-Platform notice.

For material changes, we will provide at least thirty (30) days' advance notice. Your continued use of the Platform after the effective date constitutes your acceptance of the changes. If you do not agree to the changes, you must stop using the Platform.

Previous versions of this Policy are available upon request.