Privacy Policy

Account data. When you sign up via Clerk, we receive your email address, name, and a unique user ID. We do not handle your password — authentication is delegated to Clerk.

Resume data. When you upload or create a resume, we store its structured content (skills, experience, education) in our database to power job matching and AI features.

Tracker data. Jobs you save, statuses, notes, events, and cover letters you generate are stored and linked to your account.

Usage data. We collect aggregate, cookieless analytics via Plausible (page views, referrer). No personal identifiers are stored in analytics.

We process your data to:

• Operate core features: job matching, resume scoring, cover letter generation, tracker.
• Send job alert emails you explicitly subscribe to.
• Improve matching quality via AI embeddings stored per-resume.
• Detect and prevent abuse.

Legal basis under GDPR: contract performance (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f)).

We use third-party processors to deliver the service. Where possible they are based in or contractually bound to the EEA / UK / adequate jurisdictions, and all are bound by data processing agreements that prohibit secondary use of your data.

• Identity & session — sign-in, email verification, session management.
• Primary database — stores your structured account data: resumes, tracker entries, saved searches, subscription state.
• Hosting & edge network — serves the application. Request metadata (IP, user agent, URL, timestamp) is retained per the host's standard logging policy.
• AI processing — powers resume tailoring, cover-letter drafting, the assistant, and matching. The text you submit is sent for processing and is not used to train external models under the providers' data policies we've agreed to.
• Analytics — cookieless, aggregated page metrics. No personal data is collected.
• Error monitoring — captures crashes and exceptions. Stack traces may include limited request context; we do not intentionally log personal data.
• Rate-limit cache — stores hashed identifiers for short windows to enforce per-user request limits.

A full list of named processors is available on request — write to the contact address below and we'll respond within 30 days.

Under GDPR and applicable privacy law, you have the right to access, correct, export, and delete your personal data. You can exercise these rights directly from your account settings.

• Access & export — sign in and go to Settings → Account to download all your data as a JSON file. The export includes resumes, job tracker entries, cover letters, contacts, saved searches, API keys, and AI usage history.
• Deletion — go to Settings → Account and click "Delete account". After confirming with your email address, your account and all associated data are removed from our systems immediately. Your Clerk authentication record is deleted in the same operation.
• Correction — update your name or email directly in the account settings.
• Portability — use the data export feature to obtain a machine-readable copy in JSON format.

To exercise any right manually or to contact our DPO, email us at privacy@hire.monster.

We use a single session cookie set by Clerk for authentication. This cookie is strictly necessary — it cannot be opted out while you are signed in.

We do not use any marketing or tracking cookies. Plausible Analytics is cookieless and does not set any cookies in your browser.

Because we use no analytics cookies or marketing cookies, a consent banner is not required under GDPR or ePrivacy Directive for our current setup.

We retain your data for as long as your account is active. If you delete your account, we remove your data within 30 days, except where retention is required by law.

Data is encrypted in transit (TLS 1.2+) and at rest. We follow the principle of least privilege for database access and use environment-variable secrets management.

We may update this policy as the product evolves. Material changes will be communicated by email or an in-app notice. The "Last updated" date at the top reflects the current version.

Questions about this policy? Email privacy@hire.monster.