Privacy Policy

Personal Information You Provide

• Account Information: Email address, name, profile picture (if provided)
• Resume Data: Work history, education, skills, certifications, achievements
• Job Application Data: Company names, position titles, application dates, statuses, notes
• Cover Letter Content: Letters you create and save
• Communication Data: Messages sent to our support team
• Payment Information: Billing details processed through Stripe (we don't store card numbers)

Information Automatically Collected

• Technical Data: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent, click patterns
• Performance Data: Error logs, crash reports, loading times
• Authentication Data: Login timestamps, session tokens (via Clerk)
• Analytics Data: Aggregated usage statistics for product improvement

Information from Third Parties

• Authentication Providers: Profile data from Google, GitHub, or other OAuth providers you choose
• Payment Processors: Transaction data from Stripe for billing purposes
• Infrastructure Providers: Service logs from Vercel, database providers

Sensitive Personal Information

We do not intentionally collect sensitive personal information such as:

• Social Security Numbers or government ID numbers
• Financial account information (beyond what Stripe requires for billing)
• Biometric data or genetic information
• Health information or medical records
• Information about sexual orientation, political opinions, or religious beliefs

If you accidentally include such information in your resume or other content, please contact us to have it removed.

Service Provision (Contractual Basis)

• Create and maintain your user account
• Store and organize your job search data
• Generate resumes, cover letters, and application tracking
• Provide analytics and insights about your job search
• Process payments and manage subscriptions
• Provide customer support and respond to inquiries

Legitimate Business Interests

• Improve and optimize our services through usage analytics
• Detect and prevent fraud, abuse, and security threats
• Monitor system performance and troubleshoot issues
• Conduct internal research and development
• Ensure compliance with legal obligations

Legal Compliance

• Comply with applicable laws and regulations
• Respond to lawful requests from authorities
• Enforce our Terms of Service
• Protect our rights and the rights of others

With Your Consent

• Send marketing communications (only if you opt-in)
• Use your data for purposes not covered above
• Share data beyond what's described in this policy

Service Providers and Processors

We share information with trusted third-party service providers who help us operate our business:

• Clerk: User authentication and identity management
• Stripe: Payment processing and subscription management
• Vercel: Cloud hosting and content delivery
• Database Providers: Secure data storage and backup
• Analytics Providers: Aggregated usage analytics (no personal data)

All service providers are bound by contractual obligations to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal process, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or others
• Prevent fraud, security breaches, or illegal activities

Business Transfers

If we're involved in a merger, acquisition, or sale of assets, your information may be transferred. We'll provide notice and ensure equivalent privacy protection.

With Your Consent

We'll share your information with third parties only with your explicit consent for purposes not described in this policy.

Technical Safeguards

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access with principle of least privilege
• Authentication: Multi-factor authentication for administrative access
• Infrastructure: SOC 2 compliant cloud providers
• Monitoring: 24/7 security monitoring and threat detection
• Backup and Recovery: Regular encrypted backups with disaster recovery plans

Organizational Safeguards

• Employee Training: Regular security awareness and privacy training
• Background Checks: Screening for employees with data access
• Confidentiality Agreements: Contractual obligations for all personnel
• Incident Response: Documented procedures for security breaches
• Regular Audits: Internal and external security assessments

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant authorities within 72 hours (where required by law)
• Notify affected users without undue delay
• Provide clear information about the nature and scope of the breach
• Detail the measures taken to address the breach
• Recommend steps you can take to protect yourself

Retention Periods

• Active Accounts: Data retained while your account is active and for 30 days after deletion
• Inactive Free Accounts: Deleted after 12 months of inactivity with 30 days notice
• Inactive Premium Accounts: Retained for 24 months after subscription ends
• Payment Records: Billing data retained for 7 years for tax compliance
• Support Communications: Retained for 3 years for quality assurance
• Analytics Data: Aggregated and anonymized after 90 days
• Security Logs: Retained for 1 year for security monitoring

Data Deletion Process

• Account deletion removes most personal data immediately
• Some data may remain in encrypted backups for up to 90 days
• Aggregated analytics data is anonymized and not deleted
• Legal or compliance records are retained as required by law
• Data in active legal proceedings may be preserved until resolution

Automated Deletion

We have automated systems to:

• Identify and delete inactive accounts per our retention schedule
• Purge temporary files and cached data regularly
• Remove expired session tokens and authentication data
• Anonymize analytics data after the retention period

Rights Under GDPR (EU Residents)

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Limit how we process your data in certain circumstances
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Rights Related to Automated Decision-Making: We don't make automated decisions with legal effects
• Right to Withdraw Consent: Withdraw consent for processing based on consent

Rights Under CCPA (California Residents)

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We don't sell personal information, so this right doesn't apply
• Right to Non-Discrimination: We won't discriminate against you for exercising your rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use: Limit use of sensitive personal information

How to Exercise Your Rights

Complaints and Appeals

If you're not satisfied with our response, you can:

• Contact your local data protection authority (EU residents)
• Contact the California Attorney General (California residents)
• File a complaint with relevant regulatory authorities

Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and core functionality
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand usage patterns (anonymized)
• Performance Cookies: Monitor system performance and user experience

What We Don't Use

• Third-party advertising cookies or tracking pixels
• Cross-site tracking or fingerprinting
• Social media tracking buttons
• Behavioral advertising networks

Cookie Management

• You can control cookies through your browser settings
• Disabling essential cookies may affect functionality
• Analytics cookies can be disabled without affecting core features
• We respect "Do Not Track" browser settings

Third-Party Analytics

We use privacy-focused analytics that:

• Aggregate data to protect individual privacy
• Don't track users across other websites
• Don't use persistent identifiers
• Comply with GDPR and CCPA requirements

Safeguards for International Transfers

• Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses with all data processors
• Adequacy Decisions: We prioritize transfers to countries with adequacy decisions
• Data Processing Agreements: All service providers sign comprehensive data protection agreements
• Security Measures: All transfers use encryption and secure protocols
• Regular Reviews: We regularly assess the protection level of destination countries

Your Rights Regarding Transfers

• You can request information about specific transfers of your data
• You can object to transfers in certain circumstances
• You can request copies of the safeguards in place

Parental Rights

If you are a parent or guardian and believe your child has provided personal information to us, you have the right to:

• Request access to your child's personal information
• Request deletion of your child's personal information
• Refuse to allow further collection of your child's information

Notification of Changes

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Send you an email notification for significant changes
• Display a prominent notice in our application
• Provide at least 30 days notice before changes take effect
• Obtain your consent for material changes that expand our data use

Previous Versions

You can request copies of previous versions of this Privacy Policy by contacting us at contact@thejobchaser.com.