Privacy Policy

1. Introduction

Quarlo Software LLC ("Quarlo," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered interview preparation platform (the "Service").

By using Quarlo, you consent to the data practices described in this policy. If you do not agree with these practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Email address (typically your college email), password (hashed), and institution affiliation.
Resume Data: When you upload a resume for interview preparation, we process and store the text content to generate personalized prep materials.
Job Information: Job descriptions, company names, and role details you provide for interview preparation.
Community Contributions: Interview questions, salary information, and interview experiences you voluntarily share with the community.
Feedback: Ratings, comments, and suggestions you provide about generated content.

2.2 Information Collected Automatically

Usage Data: Pages visited, features used, and time spent on the platform.
Device Information: Browser type, operating system, and device identifiers.
IP Address: Used for security, rate limiting, and approximate location (country/region level only).
Cookies: Session cookies for authentication and preferences. See our Cookie Policy for details.

2.3 Information from Third Parties

Your Institution: We may receive your institutional affiliation and email domain verification from partner colleges and universities.
Public Data Sources: We aggregate publicly available information about companies, job markets, and career outcomes from sources like O*NET, BLS, and public job postings.

3. How We Use Your Information

We use your information for the following purposes:

Provide the Service: Generate personalized interview preparation materials using AI based on your resume and target job.
Improve AI Quality: Analyze anonymized usage patterns and feedback to improve our AI models and recommendations.
Community Features: Display anonymized or attributed contributions to help other users prepare for interviews.
Institution Analytics: Provide aggregate, anonymized statistics to partner institutions about career outcomes and platform usage.
Security: Detect and prevent fraud, abuse, and unauthorized access.
Communication: Send service-related notifications, updates, and (with your consent) promotional materials.
Legal Compliance: Meet legal obligations and respond to lawful requests.

4. Third-Party Services and Data Sharing

We use the following third-party services to provide our platform. Your data may be processed by these providers in accordance with their privacy policies:

4.1 AI and Machine Learning

Language Model Providers: We use third-party AI services to generate interview prep content. Your resume text and job descriptions are sent to these providers' APIs. Our providers do not use API data for training their models and maintain zero-retention or minimal-retention policies.
Embedding Services: We use vector embedding services to enable semantic search functionality. These services process anonymized text snippets to create searchable representations of content.

4.2 Research and Data Enrichment

Company Research APIs: We use third-party services to gather publicly available information about employers. No personal data is shared with these services.
Interview Intelligence Services: We use search and aggregation services to gather interview-related information from public sources. No personal data is shared with these services.

4.3 Infrastructure

Database Provider: We use a cloud database service for data storage and authentication. All data is encrypted at rest and in transit. Data is stored in US regions.
Hosting Provider: We use a cloud hosting platform for web hosting and serverless functions that processes requests and serves the application.

4.4 We Do NOT Sell Your Data

Quarlo does not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share data with service providers who assist in operating our platform, and only to the extent necessary to provide the Service.

5. FERPA Compliance (For Educational Institutions)

When Quarlo provides services to colleges and universities, we act as a "school official" with a "legitimate educational interest" under the Family Educational Rights and Privacy Act (FERPA).

Direct Control: Your institution maintains control over student education records. We process data only as directed by the institution.
Limited Use: We use student data solely for the educational purposes specified in our agreement with your institution (interview preparation and career services).
No Re-disclosure: We do not disclose personally identifiable information from education records to other parties without consent, except as required by law.
Data Security: We implement appropriate technical and organizational measures to protect student records.
Data Retention: Student data is retained while enrolled plus one year, then securely deleted unless the student requests otherwise.

For questions about FERPA compliance, contact your institution's registrar or email us at privacy@quarlo.co.

6. Your Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your Rights Include:

Right to Know: Request what personal information we collect, use, disclose, and sell about you.
Right to Delete: Request deletion of your personal information, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information we maintain about you.
Right to Opt-Out: We do not sell personal information, but you may opt out of any future sales.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Right to Limit Use of Sensitive Information: Limit how we use sensitive personal information (we collect minimal sensitive data).

How to Exercise Your Rights

To exercise any of these rights, you may:

Email us at privacy@quarlo.co with "CCPA Request" in the subject line
Use the privacy controls in your account settings (coming soon)
Submit a request through our Privacy Request Form

We will verify your identity before processing requests and respond within 45 days as required by law.

Categories of Information We Collect

For CCPA disclosure purposes, we collect the following categories:

Identifiers (email, IP address)
Professional information (resume, work history)
Education information (institution, graduation status)
Internet activity (usage data, device information)
Inferences drawn from the above (career recommendations)

7. Data Retention

We retain your information as follows:

Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
Interview Preps: Retained for 2 years from creation, or until you delete them, whichever comes first.
Community Contributions: Retained indefinitely unless you request removal. Anonymized contributions may be retained after account deletion.
Usage Logs: Retained for 90 days for security purposes, then anonymized or deleted.
Legal Hold: Data may be retained longer if required for legal proceedings or regulatory compliance.

8. Security Measures

We implement industry-standard security measures to protect your information:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Access Controls: Role-based access with least-privilege principles. Row-level security enforced at the database level.
Authentication: Secure password hashing, email verification, and session management.
Monitoring: Automated threat detection and audit logging for suspicious activity.
Vendor Security: All third-party providers are SOC 2 compliant or equivalent.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. Report security concerns to legal@quarlo.co.

9. Data Breach Notification

In the event of a data breach affecting your personal information:

We will notify affected users within 72 hours of discovery
We will notify your institution (if applicable) per our FERPA agreement
We will notify relevant regulatory authorities as required by law
We will provide details on the nature of the breach and recommended actions

10. Children's Privacy

Quarlo is designed for college students and is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at privacy@quarlo.co.

Users between 13 and 18 should review this policy with a parent or guardian.

11. International Data Transfers

Quarlo is based in the United States. If you access our Service from outside the US, your information will be transferred to, stored, and processed in the United States where our servers are located.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland:

Data transfers are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission
You have additional rights under GDPR including data portability and the right to lodge a complaint with your local supervisory authority
Contact privacy@quarlo.co for GDPR-specific requests

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on this page with a new effective date
Sending an email notification for significant changes
Displaying a prominent notice in the application

Your continued use of Quarlo after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Quarlo Software LLC

Email: privacy@quarlo.co

For specific inquiries: