Privacy Policy

Last updated: March 2026

What we collect

When you create an account, we collect your email address and the role you select (candidate or employer). Candidates may upload a resume and provide skills, work preferences, and location. Employers may provide company information and job listings.

How we use your data

Your data is used exclusively for matching candidates to job listings. We run a weekly matching algorithm that scores compatibility between candidates and jobs. Your data is never sold, shared with third parties for advertising, or used for purposes other than matching.

Emails are sent via Resend for authentication (magic links) and notifications (match introductions, feedback requests).

AI-powered assessments are processed using Anthropic's Claude API. Conversation data is sent to Anthropic for processing and is subject to Anthropic's data handling policies. Anthropic does not use API data for model training.

Data lifecycle

Candidate profiles decay after 20 weeks of inactivity. All personally identifiable information is permanently purged at 24 weeks. Job descriptions follow the same 24-week lifecycle.

Data classification

We classify all stored data:

  • PII (email, resume, location, work authorization): stored securely with database-level encryption provided by Google Cloud SQL, erasable on request
  • Public (job titles, skills, match scores): not encrypted, used for matching
  • Financial (billing data, if applicable): encrypted, retained 7 years per tax/audit requirements

The learned mapping

Our matching algorithm learns aggregate patterns about which candidate profiles match well with which job profiles. This learned mapping does not contain recoverable personal information — it is aggregate statistical knowledge, not individual data. It survives account deletion.

Your rights (GDPR/CCPA)

  • Access: Export all your data at any time from Settings
  • Rectification: Edit your profile at any time
  • Erasure: Delete your account and all associated PII from Settings. Match history is anonymized (scores retained, identifiers tombstoned).
  • Portability: Data export is provided as JSON

Erasure requests are processed immediately. No waiting period.

Cookies

We use a single session cookie (session_token) for authentication. It is HttpOnly, Secure, SameSite=Lax, and expires after 30 days. We do not use tracking cookies, analytics cookies, or third-party cookies.

Contact

For privacy questions: privacy@talentsync.pro