PurpleChipMonkPurpleChipMonk

Privacy Policy

Last updated: April 28, 2026

PurpleChipMonk ("we", "us", "our") operates the PurpleChipMonk application (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the EU AI Act, and other applicable data protection laws.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly when using the Service, including: name, email address, phone number, LinkedIn URL, physical location, work history (companies, roles, dates, responsibilities, accomplishments), compensation preferences (floor, target, structure), job search parameters (target roles, industries, company stages), and communication preferences.

1.2 Conversation Data

When you interact with PurpleChipMonk through our chat interface, we collect and store: the content of messages you send and responses generated by the AI, tool interactions and their outputs (such as job searches, resume generation, and pipeline management actions), skill execution data (which features you used and the context of their use), and timestamps and session metadata.

1.3 Conversation Memory

To provide a personalized experience where you never have to repeat yourself, PurpleChipMonk maintains a persistent memory system that stores:

  • Structured Facts: Discrete pieces of knowledge extracted from your conversations, categorized by topic (preferences, career goals, decisions, compensation expectations, skills, etc.). These facts are extracted using AI analysis of your conversations after each session ends.
  • Conversation Embeddings: Mathematical representations (vectors) of your conversation messages, tool outputs, pipeline changes, and generated documents. These vectors enable the system to find relevant past conversations when you ask about something you discussed previously.

This memory data is derived exclusively from your own interactions with the Service. It is never combined with data from other users, shared with third parties for their own purposes, or used to train AI models.

1.4 Connected Services

When you connect Gmail, we access job alert emails using read-only permissions. We never read personal messages, send email on your behalf, or store raw email content beyond what is needed for job alert processing.

When you connect Google Calendar, we access event data to detect upcoming interviews and create calendar entries related to your job search.

Gmail and Google Calendar connections are brokered by Nylas, Inc., a hosted-OAuth provider. Nylas mediates the consent flow on Google's side using its own verified application, holds the underlying access and refresh tokens, and exposes a unified API that PurpleChipMonk uses to read job-alert emails and calendar events. PurpleChipMonk stores only an opaque grant identifier (nylas_grant_id) — never your raw Google access or refresh tokens. Nylas operates under its own data-processing agreement (Nylas Privacy Policy) and is listed below as a sub-processor.

1.5 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other financial instruments. We retain only your Stripe customer ID and subscription status.

1.6 Bring-Your-Own-Key (BYOK) API Keys

If you choose to supply your own API keys for an AI provider (e.g. Anthropic, OpenAI, Google Gemini, Mistral, OpenRouter, xAI), we store the key value alongside your user record so it can be used to authenticate your requests. Specifically:

  • Per-user scoping: Keys are tied to your account via user_id and are never shared with, served from, or used on behalf of any other user.
  • At-rest encryption: Keys live in our Supabase database, which is encrypted at rest (AES-256). Application-layer envelope encryption is on the v2 roadmap; today only the platform's database-level encryption applies.
  • In-transit protection: Keys are transmitted over TLS 1.2+ and never appear in client-side JavaScript bundles, query strings, server logs, or analytics events. UI surfaces show only a redacted hint (e.g. sk-ant-...AB12).
  • Operational access: The full key value is readable only by privileged backend code that brokers your AI requests, and by the small set of administrators with database production access for incident response. We do not export or share BYOK material with third parties for any purpose.
  • Deletion: You can delete a key at any time from Settings; account deletion removes all keys immediately.

We strongly recommend you create a dedicated, scoped API key for PurpleChipMonk and rotate it on the cadence your provider recommends.

2. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases as defined by Article 6 of the GDPR:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to deliver the Service you subscribed to, including AI-assisted job search, resume generation, interview preparation, and pipeline management.
  • Legitimate Interest (Art. 6(1)(f)): Processing conversation memory to improve your experience by maintaining continuity across sessions. Our legitimate interest is providing a personalized service; this is balanced against your rights through data minimization, access controls, and deletion capabilities.
  • Consent (Art. 6(1)(a)): Where required, such as connecting third-party services (Gmail, Google Calendar). You may withdraw consent at any time by disconnecting these services in Settings.

3. How We Use Your Information

3.1 Service Delivery

Your data powers PurpleChipMonk features: job qualification, resume tailoring, interview preparation, outreach drafting, pipeline management, and career coaching. We use your work history, preferences, and conversation memory to personalize AI responses so the system understands your unique situation.

3.2 Conversation Memory Purpose

The conversation memory system exists solely to provide you a better experience. Specifically, it is used to:

  • Pre-load relevant context into each conversation so you don't repeat information
  • Track your preferences, decisions, and corrections across sessions
  • Retrieve relevant past conversations when you reference prior discussions
  • Maintain an accurate, up-to-date understanding of your career profile

Conversation memory is never used for advertising, profiling for third parties, automated decision-making that produces legal effects, or training or fine-tuning any AI models.

3.3 AI Processing — Multi-Provider Routing

PurpleChipMonk supports multiple AI providers (currently Anthropic, OpenAI, Google Gemini, Mistral, OpenRouter, and xAI). For each request, our resolver selects which provider and key to use based on availability, the model you picked in the Model Selector, and the type of work being done. The data flow varies depending on whether the request runs on a platform key or one of your own (BYOK) keys.

Platform-key requests. If you have not supplied your own key, your prompt and any included context (memory facts, work history, conversation history needed for the turn) are sent to the selected provider through PurpleChipMonk's account. We have negotiated zero-retention API terms or zero-retention-by-default API tiers with our primary providers (Anthropic, OpenAI, Voyage). Provider responses are returned to you and persisted in your conversation history.

BYOK requests. If you have supplied a provider API key, that key is used to authenticate the request and your prompt is sent directly to that provider under your account. From the moment your key is selected, the request is governed by the data-handling, retention, and training policies of that provider, attached to your provider account — not PurpleChipMonk's commercial terms with that provider. Specifically:

  • Provider abuse-monitoring, retention windows, and any opt-in training settings on your account apply to the request.
  • Bills, rate limits, and quota are charged against your provider account.
  • If a provider you chose is degraded or returns an auth error, our failover may retry the same prompt against another provider in your configured chain (or our platform key) — see Section 5 for the full processor list.

You can review which providers are eligible to receive your traffic, reorder them, or disable any of them from Settings → Providers. Full provider docs: Anthropic, OpenAI, Google, Mistral, OpenRouter, xAI.

Auto-provisioned backup keys. To keep the Service usable when a provider has an outage, PurpleChipMonk may silently mint a per-user, scoped, low-limit OpenRouter sub-key from our master OpenRouter account and attach it to your record as a fallback. By using the Service, you consent to this provisioning. These sub-keys carry a hard spending cap (default $2 in OpenRouter credits, controlled by the OPENROUTER_SUBKEY_LIMIT_USD environment variable), an automatic expiry (default 90 days, controlled by OPENROUTER_SUBKEY_EXPIRY_DAYS), are isolated to your user_id, and are used only when your other keys are unavailable — they do not unlock unlimited usage by themselves. You can delete an auto-provisioned key at any time from Settings → Providers; once you do, we will not re-provision it (the daily provisioning cron only mints sub-keys for users who currently have none configured). All auto-provisioned keys are also deleted when your account is deleted.

Embeddings. Conversation text is sent to Voyage AI solely for the purpose of generating mathematical vector representations (embeddings). Voyage AI does not store your text or use it for model training.

3.4 PurpleChipMonk Email Accounts (purplechipmonk.com)

PurpleChipMonk operates a set of staffed mailboxes on the purplechipmonk.com domain that you may interact with directly:

  • support@ — product and account questions
  • privacy@ — data-subject requests (access, erasure, portability, objection)
  • billing@ — subscription, invoice, and refund questions
  • legal@ — DPAs, contractual notices, security disclosures
  • noreply@ — outbound transactional notifications only (we do not monitor replies)

These mailboxes are hosted on Google Workspace under our company tenant. We use Workspace's service-account / Admin SDK delegation to provision and manage them — no end-user data is auto-provisioned into a Workspace account on your behalf, and the only addresses we create on the purplechipmonk.com domain are the operational mailboxes listed above (and aliases routed to the same staff inboxes).

Email you send to any of these addresses contains whatever you choose to include (your name, account email, message content, attachments). Messages are retained inside Google Workspace for at most twenty-four (24) months for support quality, regulatory compliance, and audit purposes, then permanently deleted. Access is limited to PurpleChipMonk staff with a documented business need (e.g., a support engineer triaging your ticket, a privacy lead handling a DSAR). Google acts as a sub-processor under its Workspace Data Processing Amendment.

Email is not encrypted end-to-end — please do not include credentials, full payment-card numbers, government-ID images, or other highly sensitive material in messages to us. If you need to send sensitive material as part of a DSAR or incident response, contact privacy@purplechipmonk.com first and we will arrange a secure transfer channel.

4. Data Storage and Security

4.1 Infrastructure

Your data is stored in Supabase (PostgreSQL) hosted on AWS. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

4.2 Access Controls

All database tables enforce row-level security (RLS). This means your data is cryptographically isolated at the database level — no other user, and no application query, can access your data. Each database operation is authenticated against your user identity before execution.

4.3 Data Minimization

Conversation memory extracts only discrete, factual knowledge from your sessions — not raw transcripts. Vector embeddings are mathematical representations that cannot be reverse-engineered into original text. Memory processing automatically deduplicates facts to avoid storing redundant information.

4.4 Retention

Your data is retained for as long as your account is active. When facts are superseded by newer information (e.g., you update your salary expectations), the old fact is marked inactive but retained for audit purposes for 90 days before permanent deletion.

4.5 Operational Telemetry

For every model call we record a row in our model_usage table containing: input and output token counts, cache-read and cache-write token counts, latency in milliseconds, status (success / failover / error), error code (if any), an estimated cost in USD, and the provider, model, and key source used. This telemetry powers the multi-provider failover system, lets us monitor cost and quality, and surfaces usage insights in your account. We do not log the full content of your prompts, model responses, or any other free-form text in this table beyond what is required to generate the current response. Operational telemetry is keyed to your user_id, is never combined with other users' data, and is never shared with third parties for advertising or marketing purposes.

5. Third-Party Services

We share data with the following third-party processors, each under data processing agreements (or, where the processor refuses to sign one, the processor's standard published terms):

  • Anthropic — Default AI inference (conversation processing, fact extraction). Zero-retention API; does not train on inputs.
  • OpenAI, Google Gemini, Mistral, OpenRouter, xAI — Optional AI inference, used only when (a) you have configured a BYOK key for that provider in Settings, (b) the Model Selector routes a specific request to them, or (c) failover from a degraded provider sends a retry their way. Data handling is governed by the provider's own terms attached to the credential used (your BYOK account, or our platform account as applicable).
  • Voyage AI — Text embedding generation. Stateless API; does not store inputs or train on them.
  • Nylas, Inc. — Hosted OAuth + unified email/calendar API. Brokers Gmail and Google Calendar access on PurpleChipMonk's behalf, holds the upstream Google access and refresh tokens, and forwards messages and events to PurpleChipMonk under your explicit consent. Nylas does not train AI models on your data and operates under its own data-processing agreement.
  • Google APIs — Gmail (read-only job alerts) and Calendar (interview detection), accessed only with your explicit OAuth consent. As of April 2026, all Gmail and Calendar traffic is routed through Nylas as the OAuth client of record; PurpleChipMonk does not hold Google access or refresh tokens directly.
  • Google Workspace — Hosting for our staffed support, privacy, billing, and legal mailboxes on the purplechipmonk.com domain (see Section 3.4). Email you send to us is stored in Google Workspace under our company tenant.
  • Serper — Web search for company research. No personal data is included in search queries.
  • Stripe — Payment processing. We never handle your payment instruments directly.
  • Supabase — Database hosting (AWS us-east-1). Acts as a data processor under our instructions.
  • Vercel — Application hosting and serverless functions.

We do not sell your personal information to any third party. We do not share your data with third parties for their own marketing or advertising purposes.

6. Your Rights

6.1 Rights Under GDPR (EEA/UK Residents)

You have the right to:

  • Access: Request a copy of all personal data we hold about you, including conversation memory facts and embeddings metadata.
  • Rectification: Correct inaccurate data. You can update your profile directly in Settings, or correct memory facts through conversation (e.g., "actually my salary floor is $200k now").
  • Erasure: Request deletion of your data. Account deletion removes all associated data including conversation memory, embeddings, facts, pipeline data, and generated documents.
  • Restriction: Request that we limit processing of your data while a complaint is being resolved.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest. If you object to conversation memory specifically, we will disable memory for your account while continuing to provide the core Service.
  • Automated Decision-Making: PurpleChipMonk does not make automated decisions that produce legal or similarly significant effects. AI outputs are advisory and require your review before action.

6.2 Rights Under CCPA/CPRA (California Residents)

You have the right to:

  • Know: Request disclosure of the categories and specific pieces of personal information we collect, the sources, the business purposes, and the categories of third parties with whom we share it.
  • Delete: Request deletion of your personal information, subject to certain exceptions.
  • Opt Out of Sale: We do not sell personal information. There is nothing to opt out of.
  • Opt Out of Automated Decision-Making: Per CCPA regulations effective January 1, 2026, you may opt out of automated decision-making technology used for significant decisions. PurpleChipMonk does not use automated decision-making for significant decisions as defined by the CCPA.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at privacy@purplechipmonk.com or use the self-service options in Settings. We will respond within 30 days (GDPR) or 45 days (CCPA).

7. AI Transparency (EU AI Act)

In accordance with the EU AI Act (Regulation 2024/1689), we provide the following transparency disclosures:

  • PurpleChipMonk uses AI models provided by Anthropic (Claude) by default, and may use models from OpenAI, Google, Mistral, OpenRouter, or xAI when you opt into them via BYOK or the Model Selector (see Section 3.3).
  • AI-generated content (resumes, cover letters, interview prep, outreach messages) is clearly produced by AI and should be reviewed by you before use.
  • The conversation memory system uses AI to extract structured facts from your conversations. These extractions may occasionally be inaccurate. You can correct them through conversation, and corrections are automatically prioritized over prior extractions.
  • We do not deploy high-risk AI systems as defined by Annex III of the EU AI Act. Our AI features are advisory tools that assist with job search activities.

8. Data Deletion

You can delete your account and all associated data at any time from Settings. Upon account deletion, we will:

  • Immediately delete all conversation memory (facts, embeddings, and processing logs)
  • Immediately delete all chat sessions and conversation history
  • Immediately delete all pipeline data, generated documents, contacts, and reminders
  • Delete your user profile and all associated records within 30 days
  • Request deletion of your data from third-party processors

Deletion is permanent and cannot be reversed. Backup copies in encrypted database backups are automatically purged within 30 days.

9. International Data Transfers

Your data is processed primarily in the United States (Supabase/AWS us-east-1, Vercel, Anthropic, OpenAI, Voyage AI, Google Workspace). Optional providers may process data in additional regions (e.g. Mistral and certain OpenRouter routes operate from the EU; xAI from the US). For EEA/UK residents, these transfers are protected by Standard Contractual Clauses (SCCs) as maintained by our infrastructure providers.

10. Children's Privacy

PurpleChipMonk is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact and Data Protection Officer

For privacy questions, data access requests, or complaints:

  • Email: privacy@purplechipmonk.com
  • Subject line: "Privacy Request — [Your Name]"

If you are in the EEA/UK and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.