Privacy Policy
Last updated April 9, 2026
Mbason AI, LLC (“Mbason AI,” “we,” “our,” or “us”) operates the website mbason-ai.com and the Mbason AI application (collectively, the “Service”). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Service, including data obtained through Google Sign-In and Sign in with Apple.
By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.
Information We Collect
We collect information in several ways when you use the Service:
A. Account Information
Registration Data. When you create an account, we collect your name, email address, and password. If you register using Google Sign-In, we receive your name, email address, and profile photo from your Google account. If you use Sign in with Apple, we receive your name and email address (or Apple's private relay email if you choose to hide your address).
Profile Information. Job title, skills, work experience, education history, and career preferences that you provide.
B. Google OAuth Data
Google Account Data. When you authenticate via Google Sign-In (OAuth 2.0), we request access to your basic profile information, including your full name, email address, and profile photograph. We only request the minimum scopes necessary for authentication and account creation.
Scope of Access. We request the 'openid', 'email', and 'profile' scopes from Google. We do not request access to your Google Drive, Gmail, Calendar, Contacts, or any other Google services beyond basic authentication.
B2. Apple Sign-In Data
Apple Account Data. When you authenticate via Sign in with Apple, we receive your name (if you choose to share it) and a unique Apple-provided email address. Apple may provide a private relay email that forwards to your personal email, keeping your real address hidden from us.
Scope of Access. We only request your name and email address from Apple. We do not access your Apple ID, iCloud data, photos, contacts, or any other Apple services. Apple controls what data is shared and gives you the option to hide your real email address.
Apple's Privacy Standards. Sign in with Apple is designed by Apple with user privacy at its core. We comply with Apple's guidelines including: we do not track users who sign in with Apple across apps; we do not use Apple-provided data for advertising; and we respect users' choice to hide their email address.
C. User-Provided Content
Resumes and Documents. Resumes, cover letters, and other career documents you upload are stored and processed to provide Mbason AI features such as resume tailoring, job alerts, and cover letter generation.
Interview Data. Responses, recordings, and feedback generated during interview preparation sessions.
D. Automatically Collected Data
Usage Data. Pages visited, features used, search queries, jobs viewed, session duration, and interaction patterns.
Device and Technical Data. Device type, operating system, browser type, IP address, and approximate geographic location derived from IP.
Cookies and Similar Technologies. Session cookies, preference cookies, and analytics identifiers used to maintain your session and improve the Service.
E. Payment Information
Billing Data. Payment processing is handled by Stripe, Inc. We do not store your full credit card number. We retain only minimal billing information such as the last four digits of your card, billing address, and transaction history for record-keeping purposes.
How We Use Your Data
We use the information we collect for the following purposes:
Account Creation and Authentication. To create and manage your account, verify your identity, and enable secure sign-in, including via Google OAuth.
Service Delivery. To provide Mbason AI career services including resume tailoring, cover letter generation, interview preparation, job alerts, and AI-powered career tools.
Personalization. To customize your experience based on your profile, preferences, career goals, and usage patterns.
Communication. To send job alerts, service updates, security notices, and support responses. You may opt out of non-essential communications at any time.
Subscription Management. To process payments, manage subscriptions, and enforce usage limits for free and paid tiers.
Analytics and Improvement. To analyze usage trends, diagnose technical issues, and improve the functionality and performance of the Service.
Security and Fraud Prevention. To detect, prevent, and respond to fraud, abuse, security threats, and violations of our terms.
Legal Compliance. To comply with applicable laws, regulations, and legal processes.
Google User Data: Use, Storage, and Protection
This section specifically addresses how we handle data received from Google APIs, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.
A. What Google Data We Collect
Full Name. Your display name from your Google account, used to populate your Mbason AI profile.
Email Address. Your primary Google email address, used as your account identifier and for communications.
Profile Photograph. Your Google profile picture, used to display your avatar within the Mbason AI application.
B. How We Use Google Data
Account Creation. We use your Google name and email to create your Mbason AI account so you do not need to fill in registration forms manually.
Authentication. We use Google OAuth tokens to securely verify your identity each time you sign in.
Profile Display. Your name and profile photo are displayed within the application interface to personalize your experience.
Communication. Your email address is used to send account-related notifications, security alerts, and optional job alerts.
C. Limited Use Disclosure
Mbason AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
No Selling. We do NOT sell Google user data to any third party, under any circumstance.
No Advertising Use. We do NOT use Google user data for serving advertisements, retargeting, or any advertising purpose.
No AI/ML Training. We do NOT use Google user data to train machine learning models, artificial intelligence models, or any generalized data models.
No Credit or Lending. We do NOT use Google user data for credit assessment, lending, or any financial eligibility determination.
Minimal Use. We use Google user data only for the purposes described in this policy: account creation, authentication, profile display, and essential communications.
D. Google Data Storage and Security
Encrypted Storage. Google user data is stored in encrypted databases using AES-256 encryption at rest.
Secure Transmission. All data transmitted between your browser, our servers, and Google APIs is protected using TLS 1.2 or higher (HTTPS).
Access Controls. Access to Google user data within our systems is restricted to authorized personnel who require it for Service operation and support.
Token Security. Google OAuth tokens are stored securely and are used solely for authentication. We do not share tokens with third parties.
Mbason AI Features
Mbason AI uses artificial intelligence to power features such as resume tailoring, cover letter generation, interview preparation, and career coaching. When you use these features:
Data Processing. Your career data (resume content, job preferences, interview responses) is sent to AI processing services to generate personalized output.
No Identity Sharing. We do not share your personal identity information (name, email, profile photo) with AI service providers. Only the content necessary for generating output is transmitted.
Google Data Excluded. Data obtained from Google Sign-In (name, email, profile photo) is NOT used as input to AI models or processing services.
Data Sharing and Disclosure
We do NOT sell, rent, or trade your personal information or Google user data to third parties. We do NOT share your data with advertisers, data brokers, or information resellers.
We may share limited information only with the following categories of service providers, who process data solely on our behalf and under strict contractual obligations:
Hosting and Infrastructure. Cloud hosting providers (e.g., Vercel, AWS) that store and serve the application and its data.
Database Services. Database providers that securely store your account and application data.
Payment Processing. Stripe, Inc. processes payment transactions. Stripe receives only the billing data necessary to process your subscription.
AI Processing. AI service providers receive only career-related content (not identity data) to generate AI-powered outputs.
Analytics. Analytics services that help us understand usage patterns in aggregate form. Individual user data is not shared with analytics providers.
We do not share your personal information with employers, recruiters, or other external parties unless you explicitly request it.
We may disclose information if required by law, subpoena, court order, or governmental regulation, or if disclosure is necessary to protect the rights, safety, or security of the Service, our users, or the public.
Data Security
We implement industry-standard administrative, technical, and organizational safeguards to protect your personal information:
Encryption in Transit. All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS). All API communications are encrypted.
Encryption at Rest. Personal data and Google user data stored in our databases is encrypted using AES-256 encryption at rest.
Secure Authentication. Passwords are hashed using bcrypt. OAuth tokens are stored securely and never exposed in client-side code or logs.
Access Controls. Access to user data is restricted on a need-to-know basis. All access is logged and audited.
Infrastructure Security. Our hosting infrastructure uses firewalls, intrusion detection, and regular security patches to protect against unauthorized access.
Incident Response. We maintain an incident response plan. In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.
Data Retention and Deletion
A. Retention Periods
Account Data. Your name, email, profile photo, and account information are retained for as long as your account is active.
Google OAuth Data. Google user data (name, email, profile photo) is retained for as long as your account exists. OAuth refresh tokens are retained only while your account is linked to Google.
User Content. Resumes, documents, and interview data are retained for as long as your account is active or until you delete them.
Usage and Analytics Data. Aggregated and anonymized usage data may be retained indefinitely for analytics. Identifiable usage logs are deleted within 90 days.
Payment Records. Transaction records are retained for up to 7 years to comply with tax and financial regulations.
B. Account Deletion
How to Request Deletion. You may request deletion of your account and all associated data by emailing support@mbason-ai.com with the subject line 'Account Deletion Request' or by using the account deletion option in your account settings.
Processing Time. Deletion requests are processed within 30 days of receipt. You will receive confirmation once your data has been deleted.
What Gets Deleted. Upon deletion, we remove your account information, Google user data, uploaded documents, interview data, and profile information from our active systems.
Backup Retention. Residual copies in encrypted backups may persist for up to 90 days after deletion and are overwritten through normal backup rotation.
Exceptions. We may retain limited information where required by law (e.g., transaction records for tax compliance) or to resolve disputes and enforce agreements.
C. Google Account Unlinking
Revoke Access. You may revoke Mbason AI's access to your Google account at any time through your Google Account permissions page at myaccount.google.com/permissions.
Effect of Revocation. Revoking access will prevent future sign-ins via Google. Data previously received from Google will be retained until you request account deletion.
Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 16, please contact us at support@mbason-ai.com.
Your Rights (GDPR, CCPA, and Other Regulations)
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Access: Request a copy of the personal data we hold about you
Rectification: Request correction of inaccurate or incomplete data
Erasure: Request deletion of your personal data
Portability: Request your data in a structured, machine-readable format
Restriction: Request that we limit processing of your data
Objection: Object to processing of your data for certain purposes
Withdraw Consent: Withdraw consent for data processing at any time
Opt Out: Opt out of non-essential communications and job alerts
For GDPR (EU/EEA residents): We process your data based on consent (provided when you create an account), contractual necessity (to deliver the Service), and legitimate interests (to improve and secure the Service). You have the right to lodge a complaint with your local data protection authority.
For CCPA (California residents): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. We will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, contact us at support@mbason-ai.com. We will respond to verifiable requests within 30 days.
Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve the Service:
Essential Cookies. Required for authentication, session management, and core functionality. These cannot be disabled.
Preference Cookies. Store your settings and preferences (e.g., theme, language) to improve your experience.
Analytics Cookies. Help us understand how users interact with the Service so we can improve features and performance. Analytics data is aggregated and anonymized.
You can manage or disable cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service. We do not use cookies for third-party advertising or cross-site tracking.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting a prominent notice on the Service or by sending you an email notification. The “Last updated” date at the top of this policy indicates when it was last revised. Your continued use of the Service after any changes take effect constitutes acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or your Google user data, please contact us:
Operated by
Mbason AI, LLC