Privacy Policy

The controller of personal data processed through the Service is:

Brooksburry OÜ

Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551

Estonia

Email: contact@diplomatic.careers

This Privacy Policy applies to personal data we process when you:

• visit or use the Service;
• complete a career assessment or create an account;
• subscribe to paid access;
• contact us by email;
• request support, corrections, or takedown review;
• communicate with us in relation to billing, legal, or compliance matters; or
• otherwise interact with us in connection with the Service.

Depending on how you use the Service, we may collect and process the following categories of personal data:

a. Contact and identity data

This may include your name, email address, and any information you provide when contacting us or creating an account.

b. Account and subscription data

This may include account identifiers, sign-in history, subscription status, access entitlements, account settings, and related customer-service records.

c. Assessment and usage data

This may include quiz responses, career assessment results, saved preferences, selected plans, and related data needed to provide personalized features such as your roadmap, weekly shortlist, and application tracker.

d. Transaction and billing-related data

Where you purchase a subscription, payment and order information is processed by Stripe. We may receive limited transaction-related information such as customer identifiers, product purchased, subscription status, invoice information, country, tax status, payment status, and refund or chargeback status. We do not store full payment card details on our own systems.

e. Communications data

This includes records of correspondence with us, including support requests, legal notices, correction requests, takedown requests, and other inquiries.

f. Technical and security data

This may include IP address, browser type, device type, operating system, timestamps, referrer information, and server log data generated when you access the Service. We process such data for security, system administration, fraud prevention, and service integrity purposes.

We may process personal data for the following purposes:

• to provide, operate, maintain, and secure the Service;
• to create and manage user accounts and subscriptions;
• to deliver personalized career assessment results, roadmaps, and dashboard features;
• to process purchases, verify transactions, manage invoicing, and administer subscription access;
• to communicate with you, including in relation to support, service updates, and administrative notices;
• to detect, prevent, and respond to fraud, abuse, security incidents, and technical issues;
• to comply with legal, tax, accounting, and regulatory obligations;
• to establish, exercise, or defend legal claims; and
• to improve the reliability, performance, and administration of the Service.

Where the GDPR or similar laws apply, we process personal data on one or more of the following legal bases:

• performance of a contract, where processing is necessary to provide the Service, manage subscriptions, or respond to your requests before entering into a contract;
• legitimate interests, where processing is necessary for the secure operation of the Service, fraud prevention, customer support, service administration, and protection of our legal and business interests, provided those interests are not overridden by your rights and freedoms;
• legal obligation, where processing is required to comply with applicable law, including tax, accounting, consumer protection, and regulatory obligations; and
• consent, where consent is required by law and has been validly obtained.

We use essential cookies and similar technologies that are necessary to operate the Service, maintain secure sign-in sessions, protect the Service, and remember basic preferences required for functionality.

As of the date of this Privacy Policy, we do not use cookies or similar technologies for analytics, advertising, personalization, or other non-essential website functions on pages operated directly by Brooksburry.

If you follow a link to a third-party website or payment page, such as Stripe Checkout, that third party may use cookies or similar technologies in accordance with its own privacy and cookie policies. Brooksburry does not control and is not responsible for the use of such technologies by third parties.

Paid subscriptions are processed through Stripe. Stripe may process personal data necessary for checkout, payment processing, fraud screening, invoicing, subscription management, and refunds. Such processing is governed by Stripe's terms and privacy notice presented at checkout, in addition to this Privacy Policy.

We may disclose personal data to the following categories of recipients where necessary:

• hosting and infrastructure providers;
• authentication, database, and backend service providers;
• email delivery and communications providers;
• customer support and administration providers;
• payment processors, anti-fraud, invoicing, and tax-compliance providers;
• professional advisers, including legal, accounting, and compliance advisers;
• public authorities, regulators, courts, or law-enforcement bodies where required by law or necessary to protect our rights.

We do not sell personal data.

Some of our service providers or transaction partners may process personal data outside the European Economic Area.

Where personal data is transferred outside the European Economic Area, we take steps intended to ensure that the transfer is made in accordance with applicable data protection law, including through the use of an adequacy decision, standard contractual clauses, or another lawful transfer mechanism, as appropriate.

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and protect our rights.

In general:

• account and subscription data are retained for as long as the account or subscription remains active and for a reasonable period afterward;
• transaction and invoice records are retained for the period required by applicable accounting, tax, and legal obligations;
• support and inquiry records are retained for as long as reasonably necessary to respond to and document the matter;
• technical logs are retained for as long as reasonably necessary for security, integrity, abuse prevention, and system administration.

We take reasonable technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, and misuse. No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

Where the GDPR or similar laws apply, you may have the right to:

• be informed about how your personal data is processed;
• request access to your personal data;
• request rectification of inaccurate or incomplete personal data;
• request erasure of personal data in certain circumstances;
• request restriction of processing in certain circumstances;
• object to certain processing, including processing based on legitimate interests;
• request portability of personal data where legally applicable; and
• not be subject to a decision based solely on automated processing where the law provides such a right.

To exercise any of these rights, contact us at contact@diplomatic.careers. We may request information necessary to verify your identity before responding.

You also have the right to lodge a complaint with your local data protection authority. If Brooksburry is your relevant controller within Estonia, you may also contact the Estonian Data Protection Inspectorate.

The Service is not directed to children, and we do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data to us unlawfully, please contact us so that we can take appropriate steps.

The Service may contain links to third-party websites or source pages. We are not responsible for the privacy practices, content, or security of third-party websites. Your use of such websites is subject to their own terms and privacy notices.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last updated” date. Continued use of the Service after the updated version becomes effective constitutes acceptance of the revised Privacy Policy, to the extent permitted by law.

For privacy-related questions or requests, please contact:

Brooksburry OÜ

Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551

Estonia

Email: contact@diplomatic.careers