PRIVACY NOTICE

1. WHAT INFORMATION DO WE COLLECT?

In Short: We collect information you provide directly, information created as you use the service, and limited technical data needed to operate the product.

Information you provide to us

• Account details such as your name, email address, and authentication identifiers.
• Profile, resume, cover letter, interview, job-search, and other content you choose to upload or enter.
• Billing and transaction details needed to process payments through Stripe.
• Support requests, feedback, testimonials, and other communications you send to us.

Sensitive information

We do not intentionally ask for special-category personal data for ordinary account creation. If you choose to include sensitive information in resumes, notes, interview answers, or other free-form content, we process that information only to provide the features you requested.

Information collected automatically

• Device, browser, IP, usage, and diagnostic data.
• Analytics, cookies, pixels, session replay, and similar telemetry when enabled.
• Browser-side state such as feature preferences, temporary integration handoff state, cached draft data, and queued offline changes used to preserve in-progress work.
• Crash and performance data used to secure and improve the service.

Third-party sign-in and integrations

If you choose social login or optional integrations, we receive the account information and tokens needed to complete those workflows.

2. HOW DO WE USE YOUR INFORMATION?

In Short: We use your information to run the service, deliver requested features, support users, process payments, secure the platform, and improve the product.

• Create and manage your account and authentication sessions.
• Generate resumes, cover letters, interview materials, and other requested outputs.
• Process purchases, subscriptions, refunds, gifts, and account entitlements.
• Respond to support requests, feedback, and legal requests.
• Monitor performance, debug failures, prevent abuse, and enforce our terms.
• Measure product usage, marketing performance, and feature adoption.

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

In Short: We share information only when needed to operate the service, comply with law, protect rights and safety, process your transactions, or carry out the features you request.

• With processors and vendors that help us run the product.
• With payment, hosting, analytics, email, and monitoring providers.
• With third-party integrations you choose to use.
• When required by law, court order, or a valid government request.
• As part of a merger, acquisition, financing, or sale of business assets.

4. WHO WILL YOUR INFORMATION BE SHARED WITH?

In Short: We disclose personal information to the service providers and processors below so we can operate the product, process payments, send communications, run analytics, and support optional features you choose to use.

Core processors

• Google Cloud and Firebase. Authentication, Firestore database storage, server-side processing, and supporting Google APIs. Privacy notice
• Vercel. Web hosting, edge delivery, application telemetry, and AI gateway routing. Privacy notice
• Stripe. Payment processing, subscription lifecycle management, invoices, and chargeback handling. Privacy notice
• SendGrid. Transactional email delivery, including sign-in and account-service messages. Privacy notice
• Google Workspace and Gmail. Operational mailbox delivery for support, feedback, contact, coaching-application, and other user-submitted email workflows. Privacy notice
• OpenAI. AI-powered resume, application, and interview assistance requested by the user. Privacy notice
• Sentry. Error monitoring and operational debugging for application failures. Privacy notice
• Amplitude. Product analytics and session replay used to understand product usage and friction. Privacy notice
• Mixpanel. Product analytics and event measurement for application behavior. Privacy notice
• Hotjar. Product analytics, heatmaps, and experience research. Privacy notice
• Google Analytics and Google Tag Manager. Traffic analytics, marketing attribution, and site performance measurement. Privacy notice
• Meta. Advertising attribution through the Meta Pixel and Conversions API. Privacy notice

Feature-specific processors

• Mailchimp. Email list management and marketing communications when a user opts into those communications. Privacy notice
• LinkedIn. LinkedIn sign-in and optional LinkedIn-import workflows requested by the user. Privacy notice
• Google social login. Optional Google sign-in for account access and Google Docs or Drive workflows you explicitly initiate. Privacy notice
• Facebook social login. Optional Facebook sign-in for account access. Privacy notice
• Canva. Optional Canva OAuth, template, and design workflows initiated by the user. Privacy notice
• Deepgram. Optional speech-to-text and some text-to-speech features requested by the user. Privacy notice
• ElevenLabs. Optional text-to-speech and voice features requested by the user. Privacy notice
• Google Drive, Docs, and Sheets APIs. Optional document creation, editing, export, spreadsheet export, and testimonial-submission workflows initiated by the user. Privacy notice
• Mapbox. Location autocomplete for job-search features. Privacy notice

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: Yes. We use cookies and similar technologies for authentication, security, analytics, attribution, and product measurement.

These technologies may be provided by us or by third parties such as analytics, marketing, and sign-in partners. They may include cookies, local storage, session storage, pixels, and similar browser-side identifiers. Additional details are available in our Cookie Notice.

Some product features also use browser storage to preserve in-progress work, temporary integration state, and queued changes during connectivity interruptions or page reloads. Clearing site data may remove those temporary items.

6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to log in with a third-party provider, we receive the account data needed to authenticate you and create or manage your account.

Depending on the provider, this may include your name, email address, profile image, and account identifier. We recommend reviewing the privacy notice of the provider you choose to use.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep personal information only as long as needed to provide the service, secure the platform, support legitimate business operations, and satisfy legal obligations.

Most active account data is retained while your account remains open. When an account is deleted, we remove it from active product systems and keep only limited records needed for fraud prevention, support traceability, legal defense, tax, accounting, chargeback handling, or other legal obligations.

• Deleted-account audit records are retained for up to 365 days.
• Self-service deletion challenges are retained for up to 15 minutes.
• Admin recovery snapshots used only for accidental internal deletion recovery are retained for up to 30 days.
• Optional deleted-account feedback submissions are retained for up to 365 days.
• Temporary LinkedIn extension cookie records are retained for up to 1 hour.
• Temporary gift auto-login tokens are retained for up to 5 minutes.
• Local administrative export artifacts created by our export tooling carry a default expiry marker of 30 days and should be removed on that cadence.

When we have no ongoing legitimate need to retain personal information, we delete or anonymize it. If deletion from a backup is not immediately possible, we isolate that backup data from active use until the backup ages out under our disaster-recovery schedule.

If you delete your account, we may optionally ask why after the deletion is already complete. Providing that feedback is optional and does not affect whether the account is deleted.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We use administrative, technical, and organizational safeguards designed to protect personal information.

These safeguards include access controls, encryption, vendor controls, monitoring, and secure development practices. No system can be guaranteed perfectly secure, so you should use the service only in a secure environment and protect your own credentials.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on where you live, you may have rights to access, correct, export, or delete your information.

If you are located in the EEA, UK, or Switzerland and believe we are processing your information unlawfully, you may also complain to your local supervisory authority. If you have questions about your privacy rights, email [email protected].

Account information

• You may request access to, correction of, export of, or deletion of your account data.
• After deletion, we may retain the limited records described in this notice for fraud, support, compliance, and legal purposes.
• Most browsers let you remove or reject cookies, although doing so may affect product functionality.
• You can opt out of marketing emails by using the unsubscribe link or emailing us.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

In Short: We do not currently respond to Do-Not-Track browser signals because there is no universally accepted standard for them.

11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes. California residents may have rights relating to access, deletion, correction, and disclosure of categories of personal information.

To exercise applicable rights, contact [email protected]. We may need to verify your identity before completing your request.

12. GOOGLE DRIVE, DOCS, AND SHEETS FEATURES

In Short: We use Google APIs only for the specific sign-in, document, spreadsheet, and export workflows you explicitly initiate.

What we access

HiringCoach-owned templates, Google Drive or Docs files that the app creates or opens for you as part of a requested workflow, and Google Sheets workflows you explicitly trigger such as exports or testimonial submission.

What we do not access

We do not request broad access to a user's entire personal Google Drive for ordinary account use.

Purpose of access

We use these APIs to generate or manage requested documents and related workflows.

We use these APIs to create, copy, edit, export, download, or organize requested documents and spreadsheets, and to support related workflows you choose to use.

This use is intended to comply with Google's API Services User Data Policy.

13. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes. We may update this notice to reflect changes in our practices, vendors, product features, or legal requirements.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

Email us at [email protected] if you have questions or comments about this notice.

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Subject to applicable law, you may request access to, correction of, export of, or deletion of the personal information we collect from you. To make a request, email [email protected]. Where account tools are available in-product, you may also use those tools.