Security & Privacy

Your career data is yours.

GuideBeam processes sensitive career, personality, and psychometric data. We take that responsibility seriously — with consent-based sharing, AI de-identification, and infrastructure you can trust.

Read our Privacy Policy Contact us

Our data principles

Transparency

You always know what data we collect, why we collect it, and who has access. No surprises.

Consent

You control what is shared — with practitioners, institutions, and AI. Nothing is shared without your explicit permission.

Minimisation

We only collect what is needed for career guidance. We never sell your data and never share it with employers.

Consent model

You decide who sees what

GuideBeam uses a consent-based data sharing model. Your psychometric results, career profile, and session history are private by default.

Practitioner access is opt-in
When you connect with a career practitioner, you choose which assessments and profile sections they can view. You can revoke access at any time.
Institutional access is scoped
If you are enrolled through an institution, they see aggregate progress and completion status — not your raw assessment answers or private career notes.
Time-bound access with audit trails
Every data access is logged. Practitioner access windows are time-limited and fully auditable by both the client and the institution.

Your practitioner

Assessment results, career profile

Granted

Your institution

Completion status, aggregate progress

Scoped

Employers

No access

Blocked

AI privacy

De-identified before it reaches AI

GuideBeam uses AI for career matching, roadmap generation, and coaching. Your personal details are always scrubbed before any data leaves our servers — enabled by default, with no opt-out needed.

Your data stays local

Your profile, assessments, and career history are stored securely in our database. Names, companies, and contact details are identified from your profile.

PII is scrubbed

Before sending any prompt to AI, personal identifiers are replaced with generic placeholders. "Jane Smith at Acme Corp" becomes "[PERSON_1] at [ORG_1]".

Results are restored

AI processes the de-identified data and returns recommendations. We restore your real details in the response before you see it. The AI never sees your identity.

What the AI sees

Before (your data)

Jane Smith worked at Acme Corp in Canberra and studied at CIT.

After (what AI sees)

[PERSON_1] worked at [ORG_1] in [LOCATION_1] and studied at [ORG_2].

De-identification is enabled by default for all accounts. There is no reason to send your identity to an AI, so we simply don't.

Infrastructure

Built on a secure foundation

From the network layer to the application layer, security is built in — not bolted on.

Encryption in transit

All connections use TLS 1.3. Data moving between your browser, our servers, and our database is encrypted end-to-end.

Encryption at rest

Your data is stored with AES-256 encryption. Database backups are encrypted. Even in the unlikely event of physical media theft, your data is unreadable.

SOC 2 compliant hosting

GuideBeam runs on SOC 2 Type II certified infrastructure. Our hosting provider maintains rigorous physical security, access controls, and operational procedures.

Secure authentication

Industry-standard authentication with support for email/password, magic links, and social login. Sessions are encrypted and expire automatically.

Compliance

Meets the standards that matter

We operate under Australian privacy law and align with international best practices.

Australian Privacy Principles

GuideBeam complies with all 13 Australian Privacy Principles (APPs) under the Privacy Act 1988, including data collection, use, disclosure, and cross-border transfer requirements.

GDPR alignment

While headquartered in Australia, our privacy practices are aligned with the EU General Data Protection Regulation. We support data portability, right to erasure, and data access requests.

Notifiable Data Breaches scheme

We are compliant with the Australian NDB scheme. In the unlikely event of an eligible data breach, affected users and the OAIC are notified within the mandatory timeframe.

Data retention and deletion

You can export or delete your data at any time. When you delete your account, your personal data is permanently removed within 30 days. We do not retain data beyond its stated purpose.

Common questions

Frequently asked questions

Can employers see my assessment results?: No. Your assessment data is never shared with employers. Only practitioners you explicitly connect with — and only the sections you choose to share — are visible.
What happens to my data if I delete my account?: All your personal data, assessment results, and career profile are permanently deleted within 30 days. Anonymised, aggregate statistics may be retained for product improvement.
Is my data used to train AI models?: No. Your data is never used to train or fine-tune AI models. When we use AI for career matching and recommendations, your data is processed in real-time and not retained by the AI provider.
How does AI de-identification work?: Personal details (names, employers, education institutions, contact info) are automatically replaced with generic placeholders before any data is sent to AI. The AI processes de-identified data and returns recommendations. We restore your details locally before showing you the result. This is always on for every account.
Where is my data stored?: Your data is stored on SOC 2 certified infrastructure. Database backups are encrypted with AES-256. All connections use TLS 1.3 encryption.
Can I export my data?: Yes. You can export your full career profile, assessment results, and session history at any time through your account settings. We support your right to data portability.

Have a security question?

If you have specific security or compliance requirements — especially for institutional deployments — we are happy to discuss them in detail.

Get in touch Read Privacy Policy