Privacy Policy

• Authentication and identity data through Clerk session and internal `AuthIdentity` mappings.
• Candidate profile data including name, contact email, headline, summary, skills, languages, experience, location, compensation preferences, social/other links, and profile photo URL.
• Employer profile data including company information and billing email.
• Resume metadata and status records, including object key, upload time, malware scan status (`PENDING`, `CLEAN`, `INFECTED`), and scan metadata.
• Discovery/search activity and interaction records (for example: viewed, shortlisted, intro requested), plus shortlist and intro records.
• Billing-related Stripe identifiers and webhook event records for subscription workflows.

• Authenticate users and resolve candidate/employer roles.
• Populate candidate and employer profile views and related product workflows.
• Run discovery ranking, shortlist, intro request, and inbox flows.
• Enforce access controls such as resume gating and role-based actions.
• Process and synchronize subscription state with Stripe for boost billing.
• Produce operational logs, audit records, and analytics for product quality and reliability.

• Resume uploads are limited to PDF and capped at 20MB in current server-side validation.
• Upload flow uses signed URLs to a configured unscanned Google Cloud Storage bucket with an approximate 10-minute URL TTL.
• Download flow uses signed URLs from a configured clean Google Cloud Storage bucket with an approximate 5-minute URL TTL.
• Malware scan callbacks persist status (`PENDING`, `CLEAN`, `INFECTED`) and related scan metadata.
• Employer resume download requires an accepted intro, authenticated/verified employer context, and is rate-limited.
• Resume downloads are audit-logged.

• Stripe is used for checkout, subscriptions, billing portal sessions, and webhook processing.
• The application stores Stripe customer/subscription/price IDs and webhook event status records needed for subscription state.
• Stripe webhook payloads and processing outcomes are persisted for idempotency and troubleshooting.

• PostHog client and server telemetry can be active when configured through environment variables.
• Discovery interactions/search context are partially emitted to analytics and also stored in the database.
• Client and server error events may be captured for diagnostics.
• Geo-IP requests use an ipapi provider and may process request IP information to return approximate location.
• Request context and logs may include IP/user-agent data, with IP masking applied in logger context.

• Clerk for authentication and session handling.
• Stripe for subscription billing and webhook events.
• PostHog for analytics and error telemetry (when enabled).
• Google Cloud Storage for resume object storage/signing.
• APILayer ipapi for Geo-IP lookup.
• Resend for transactional email delivery (when enabled).

• The codebase supports account deletion via settings with confirmation.
• Account deletion attempts to cancel active Stripe subscriptions first (best effort), then purges linked database records for the account.
• After database purge, the application attempts to remove the related Clerk user.
• The codebase does not currently expose a self-service data export endpoint.
• This page does not claim a standalone cookie consent manager or cookie preference center is currently implemented.

• Candidate and employer profiles can be updated in-app.
• Candidate resume can be replaced by uploading a new file through the current resume flow.
• Account deletion is available in settings by typing `DELETE` and confirming.

We may update this page as implementation changes. Material updates should revise the “Last updated” date and align text with current shipped behavior.