CriterixBack to Home

Privacy Policy

Your privacy is fundamental to how Criterix is built. This policy explains our local-first approach to data handling.

Last updated: December 15, 2024

Local-First

Your data stays on your device

Zero Knowledge

We cannot see your content

You Own It

Export or delete anytime

1Introduction

Criterix ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services (collectively, the "Service").

Criterix is designed with a local-first architecture, meaning your personal data is stored primarily on your device and encrypted before any synchronization occurs. We believe you should have complete control over your career data.

2Information We Collect

2.1 Information Stored Locally (On Your Device)

The following data is stored exclusively in your browser's IndexedDB and never transmitted to our servers:

  • Career profile information (positions, projects, skills, education)
  • Resume content and edit history
  • Job descriptions you analyze
  • AI conversation history (Biographer interactions)
  • Fit analysis results and evidence
  • Your Gemini API key (encrypted with your Google identity)

2.2 Information Processed Through Google Services

When you use Google authentication or Google Docs integration:

  • Google Account Information: Your name, email address, and profile picture are used for authentication and displayed in the application.
  • Google Docs Access: When you select a resume document, we access it via the Google Docs API using OAuth 2.0 scopes limited to files you explicitly select (drive.file scope).
  • Google Drive AppData: Encrypted backups may be stored in your Google Drive's hidden app data folder (drive.appdata scope), accessible only by Criterix.

2.3 Information We Do NOT Collect

  • Your resume content on our servers
  • Your Gemini API key (it stays encrypted on your device)
  • AI conversation logs or prompts
  • Job descriptions you analyze
  • Any career profile data

3How We Use Your Information

The limited information we process is used to:

  • Authenticate you via Google Sign-In
  • Facilitate access to your Google Docs for in-place resume editing
  • Enable encrypted backup synchronization to your Google Drive
  • Improve our Service through aggregated, anonymized usage analytics (if enabled)

4Third-Party Services

4.1 Google Services

We use Google OAuth 2.0 for authentication and Google APIs for Docs/Drive integration. Your use of these services is subject to Google's Privacy Policy.

4.2 Google Gemini AI (BYOK)

Criterix uses a Bring Your Own Key (BYOK) model for AI features. When you provide your Gemini API key:

  • Your API key is encrypted locally using your Google identity and stored only on your device
  • AI requests are sent directly from your browser to Google's Gemini API
  • We never proxy, log, or have access to your API calls or responses
  • Your AI usage is subject to Google's Gemini API Terms

5Data Security

We implement robust security measures to protect your data:

  • Encryption at Rest: All local data is encrypted using AES-GCM encryption with keys derived via PBKDF2 from your Google identity
  • Encryption in Transit: All network communications use HTTPS/TLS
  • OAuth Security: We use Authorization Code Flow (not Implicit Flow) with proper token handling
  • No Server Storage: Your career data is never stored on our servers
  • Content Security Policy: Strict CSP headers prevent unauthorized script execution

6Data Retention and Deletion

Since your data is stored locally on your device, you have complete control over its retention:

  • Local Data: Clear your browser data or use the in-app export/delete features to remove all local data
  • Google Drive Backups: You can delete encrypted backups from your Google Drive's app data at any time
  • Google OAuth: Revoke Criterix's access through your Google Account settings

7Your Rights

You have the following rights regarding your data:

  • Access: Export all your local data at any time through the application
  • Portability: Download your career profile in standard JSON format
  • Deletion: Delete all local data through browser settings or in-app controls
  • Revocation: Disconnect Google services at any time

8Cookies and Tracking

Criterix uses minimal cookies:

  • Authentication Cookies: Essential cookies for maintaining your login session
  • No Third-Party Analytics: We do not use third-party analytics or tracking services in the current version
  • No Advertising: We do not serve ads or use advertising trackers

9Children's Privacy

Criterix is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can address the situation.

10International Data Transfers

Since Criterix uses a local-first architecture, your career data generally remains on your device. However, when using Google services:

  • Google authentication and API calls may be processed in data centers worldwide
  • Encrypted backups stored in Google Drive are subject to Google's data handling practices
  • Gemini API calls (using your BYOK key) are processed by Google's infrastructure

11Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

12Contact Us

If you have any questions about this Privacy Policy, please contact us:

[email protected]
https://criterix.ai