Jump to…
Privacy Policy
Effective Date: April 27, 2026 Last Updated: April 27, 2026
MathRhythm LLC ("MathRhythm," "we," "us") operates the website and services at node.coach (the "Service"). This Privacy Policy explains what personal information we collect, how we use and share it, and your rights.
If you do not agree with this Policy, do not use the Service.
Summary (plain English):
- We store your account, résumé, AI dialogue, and community activity.
- Your résumé, analysis, and private dialogue are private to you — we do not sell them, share them with employers, or use them to train AI models.
- Your community posts are public — they are meant to be seen.
- We use trusted service providers (Google Cloud, Firebase, an AI model provider) to operate the Service.
- You can access, correct, delete, or export your data at any time.
#1. Who We Are (Controller)
MathRhythm LLC A California limited liability company 2520 Venture Oaks Way, Suite 120 Sacramento, CA 95833, United States privacy@node.coach
For EU/UK users, MathRhythm is the data controller under the GDPR and UK GDPR. A representative in the EU/UK will be designated if and when required by Article 27 GDPR.
#2. Personal Information We Collect
2.1 Information You Provide
| Category | Examples |
|---|---|
| Account information | Email, username, password (hashed), profile metadata |
| Google Sign-In (optional) | Name, email, profile image from your Google account |
| Résumé content | The PDF you upload and the text extracted from it: name, contact details, employment history, education, skills, certifications, publications, patents |
| AI dialogue | Your messages to the AI Companion and the AI's responses |
| Community content | Posts, comments, votes, saved items, flags |
| Communications | Emails and messages you send us, feedback, bug reports |
2.2 Information We Collect Automatically
| Category | Examples |
|---|---|
| Device & log data | IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, time of access |
| Usage data | Feature usage, search queries inside the Service, error events |
| Cookies & similar | Session cookies, authentication cookies, limited analytics (see Cookie Notice) |
We do not use advertising trackers, behavioral advertising cookies, or third-party ad pixels.
2.3 Sensitive Personal Information
A résumé may include information that qualifies as "sensitive personal information" under some laws, such as your precise location history (from employment), nationality (from education), or other background details. We process this information solely to provide the Résumé Tool and related features to you, and only with your explicit upload. We do not use it for any purpose other than the Service.
We do not knowingly collect: government-issued ID numbers, financial account numbers, health or medical information, biometric identifiers for identification, racial or ethnic origin, religious beliefs, genetic data, sex-life or sexual-orientation information, or children's information (users under 13 are not permitted).
If your résumé happens to contain such information, we will process it as ordinary résumé content solely for the Service and will not separately infer or categorize it.
2.4 Information We Do Not Collect
We do not buy personal information from data brokers. We do not enrich your profile with third-party demographic data.
#3. How We Use Personal Information
We use personal information to:
- Provide the Service. Create and manage your account; parse your résumé; generate AI dialogue responses; display Community content; maintain your Dossier.
- Secure and improve the Service. Detect fraud, abuse, and security threats; debug; improve features and performance (using aggregated or de-identified data where possible).
- Communicate with you. Respond to inquiries; send transactional messages; send beta-program updates (you can unsubscribe).
- Comply with legal obligations. Respond to lawful requests; enforce our Terms; exercise or defend legal claims.
- With your consent. For any other purpose we disclose and you agree to.
Legal Bases (GDPR / UK GDPR)
For users in the EU, UK, or other jurisdictions where a legal basis is required, we rely on:
- Performance of a contract (Art. 6(1)(b)): to provide the Service you requested.
- Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent fraud, maintain quality, and understand how our Service is used. You may object (Section 9).
- Consent (Art. 6(1)(a)): for non-essential cookies, optional communications, or other uses we explicitly disclose.
- Legal obligation (Art. 6(1)(c)): to comply with applicable laws.
#4. How We Share Personal Information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.
We share personal information only in the following limited circumstances:
4.1 Service Providers ("Sub-processors")
We use trusted third parties who process data on our behalf under written agreements that restrict their use of the data to providing services to us:
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| Google Cloud Platform / Firebase | Hosting, authentication, database, storage | All categories | United States |
| Google Cloud — Vertex AI (Gemini) | Résumé analysis and AI dialogue generation | Résumé text, dialogue prompts | United States |
| Anthropic (Claude API) [if enabled] | AI dialogue generation | Dialogue prompts | United States |
| Email provider [e.g., Postmark / AWS SES] | Transactional emails | Email address, name | United States |
| Error monitoring [e.g., Sentry] | Debugging | Log data, limited user identifiers | United States |
| Customer support [e.g., Plain or email] | Respond to inquiries | Content of your messages | United States |
We contractually require these providers not to use your Private Content to train their AI models and to delete it consistent with our retention schedule. A current list of sub-processors is available on request at privacy@node.coach.
4.2 Public Content
Content you post to the Community (posts, comments, votes, profile metadata you choose to display) is visible to other users and, if publicly accessible, to anyone with the link or via search engines. Consider carefully what you post.
4.3 Legal and Safety
We may disclose personal information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, court order, or valid government request; (b) enforce our Terms; (c) protect the rights, property, or safety of MathRhythm, our users, or others; or (d) detect or prevent fraud or security issues.
4.4 Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred. We will notify you by email or prominent notice before the transfer and any material change in how your information is handled.
4.5 With Your Consent
We will share in any other way with your consent.
#5. International Data Transfers
The Service is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the United States.
For transfers of personal information from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on:
- The European Commission's Standard Contractual Clauses ("SCCs") or the UK equivalent; and
- Supplementary measures where appropriate (encryption in transit and at rest, access controls, vendor due diligence).
You may request a copy of the SCCs by emailing privacy@node.coach.
#6. How Long We Keep Personal Information
| Data | Retention |
|---|---|
| Account information | Until account deletion, then up to 30 days for system removal |
| Résumé (PDF) and parsed content | Until you delete or replace it, then up to 30 days for system removal |
| AI dialogue sessions | Until you delete or 24 months of inactivity, whichever is first |
| Community content | Until you delete the post/comment; may persist where other users have interacted (e.g., quoted replies) |
| Log data | 90 days; longer for security incidents under investigation |
| DSAR and legal request records | 2 years for audit and legal-hold purposes |
| Backups | Encrypted and rotated; deletion propagates within 35 days |
We may retain information longer where necessary to comply with legal obligations, resolve disputes, or enforce our agreements.
#7. Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including:
- Encryption in transit (TLS) and at rest;
- Role-based access controls on our production systems;
- Firestore Security Rules that restrict your Private Content so only you can read or modify it;
- Vendor security review before onboarding sub-processors;
- Periodic access audits and credential rotation.
No system is perfectly secure. You are responsible for keeping your password confidential. If you believe your account has been compromised, contact security@node.coach immediately.
In the event of a data breach affecting your personal information, we will notify affected users and applicable authorities consistent with law (including California Civil Code § 1798.82 and, for EU/UK users, Articles 33–34 GDPR).
#8. Your Privacy Choices and Rights
You have rights under applicable privacy laws. We honor these rights regardless of where you live, to the extent reasonably possible.
8.1 Rights You Have
| Right | What it means |
|---|---|
| Access | Get a copy of the personal information we hold about you. |
| Correction | Correct inaccurate or incomplete information. |
| Deletion | Delete personal information, subject to legal retention. |
| Portability | Receive a copy of your information in a structured, machine-readable format (JSON). |
| Opt-out of sale/sharing | We do not sell or share for cross-context behavioral advertising. This right is effectively moot, but we honor the signal. |
| Opt-out of targeted advertising or profiling | We do not engage in either. |
| Withdraw consent | Where we rely on consent, you may withdraw it at any time. |
| Object or restrict processing | Where we rely on legitimate interests, you may object. |
| Lodge a complaint | With your data protection authority (EU/UK) or the California Privacy Protection Agency. |
| Non-discrimination | We will not discriminate against you for exercising these rights. |
8.2 How to Exercise Your Rights
- From your account: Most requests can be handled from your account settings (export, delete, correct).
- By email: Send a request to privacy@node.coach. We will verify your identity (usually by confirming you can access the email on file) and respond:
- Within 45 days for CCPA/CPRA requests (one 45-day extension possible);
- Within 30 days for GDPR/UK GDPR requests (one 60-day extension possible).
We will honor verifiable requests free of charge, except where a request is manifestly unfounded or excessive.
8.3 Authorized Agents (California)
You may use an authorized agent to submit a request. We require the agent to provide written proof of authorization and may separately verify your identity.
8.4 Shine the Light (California Civil Code § 1798.83)
California residents may request information about our disclosures of certain categories of personal information to third parties for those parties' direct marketing purposes. We do not currently engage in such disclosures.
8.5 Global Privacy Control (GPC)
We recognize the Global Privacy Control browser signal where legally required. Because we do not sell or share personal information, receiving a GPC signal results in confirmation that no opt-out action is required.
8.6 Do Not Track
We do not respond to "Do Not Track" browser signals, as no common standard exists.
#9. CCPA/CPRA Specific Disclosures (California Residents)
9.1 Categories of Personal Information Collected in the Past 12 Months
Using the categories defined in Cal. Civ. Code § 1798.140:
- Identifiers (name, email, IP, account ID)
- Customer Records (information in your résumé such as contact details and work history)
- Internet or Network Activity (log and usage data)
- Professional or Employment Information (from résumé)
- Education Information (from résumé)
- Inferences drawn to generate AI career analyses (visible only to you)
- Sensitive Personal Information — only to the extent your résumé or input contains it, and processed solely to provide the Service
We collect these from you directly or from third parties you direct us to (e.g., Google when you sign in).
9.2 Purposes
As described in Section 3.
9.3 Sale or Sharing
We do not "sell" or "share" personal information as those terms are defined in CCPA/CPRA, including for cross-context behavioral advertising.
9.4 "Do Not Sell or Share My Personal Information"
Because we do not sell or share, no opt-out is necessary. If you still wish to submit an opt-out preference, visit /ccpa-rights or email privacy@node.coach.
9.5 Limit Use of Sensitive Personal Information
We use sensitive personal information only for the permitted purposes described in Section 2.3 and do not use it for advertising, profiling, or inference about characteristics. Accordingly, the right to "limit" does not apply.
9.6 Retention
See Section 6.
#10. EU/UK/Swiss Users — Additional Disclosures
In addition to Sections 3, 4, 5, and 8:
- Representative under Art. 27 GDPR: We will designate an EU representative if we regularly offer the Service to or monitor the behavior of individuals in the EU in a manner that triggers the requirement. Users may contact privacy@node.coach in the meantime.
- Supervisory authority: You may lodge a complaint with the data protection authority in your country of residence, place of work, or place of the alleged infringement.
- Automated decision-making: The AI Companion generates informational text. We do not make legal or similarly significant decisions about you using solely automated means. The AI does not hire, reject, score, or rank you for any employment decision.
#11. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided information, contact privacy@node.coach and we will delete it. Users aged 13–17 are not permitted to use the Service (minimum age is 18 per the Terms).
#12. AI Features
Because our Service includes AI-based features, we disclose additional information in the AI Transparency Notice, including which systems generate what kind of output, what inputs are used, and what limits apply. That notice is incorporated by reference.
We do not use your Private Content (résumé, analysis, dialogue) to train or fine-tune AI models, and we contractually prohibit our AI model providers from doing so.
#13. Links to Third-Party Services
The Service may link to third-party websites, services, or content. Their privacy practices are their own and we are not responsible for them. Review their privacy policies before providing information.
#14. Changes to This Policy
We may update this Policy. If we make material changes, we will notify you through the Service or by email and update the "Last Updated" date. If you do not agree with the changes, stop using the Service and delete your account.
#15. Contact
Questions, requests, or complaints about this Policy or our privacy practices:
MathRhythm LLC — Privacy Team 2520 Venture Oaks Way, Suite 120 Sacramento, CA 95833, United States Email: privacy@node.coach
© 2026 MathRhythm LLC. All rights reserved.