← Hired Watch

Privacy Policy

Last updated 2026-07-06

This Privacy Policy explains what personal data Hired Watch (the "Service", operated by {{OPERATOR_NAME}}) collects, why, who it's shared with, and the choices you have about it.

1. Data we collect

  • Account data — your email address and a password hash (argon2id — we never store or can recover your actual password), display name, and account status/timestamps (confirmed, plan, trial/period dates, ToS-acceptance timestamp).
  • Resume and search criteria — the resume content you save (in Markdown), your written scoring criteria and effort-level preferences, and your configured searches (terms, location, remote preference).
  • Job posting data — postings scraped from public job board listings matching your searches (title, company, location, salary text if listed, description, posting date, source URL) plus the AI- generated score and rationale for each, and the status/output of any tailored resume or cover letter you request for a posting.
  • Usage and technical data — daily per-feature usage counters (used only to enforce fair-use limits), notification delivery status, and standard server logs (IP address, timestamps, request paths) kept for operational and security purposes.
  • Billing data — handled by Stripe (see subprocessors below); we store only the Stripe customer/subscription identifiers and plan status, never your card details.

2. How we use it

  • To retrieve job postings matching your searches and check whether you've already seen each one;
  • To send your resume content and/or criteria to an AI model so it can score a posting's fit and, on request, generate a tailored resume or cover letter;
  • To deliver push notifications for postings that score above your threshold, and transactional emails (confirmation, password reset, billing);
  • To process subscription payments and enforce fair-use limits on AI-backed features;
  • To operate, secure, and improve the Service, and to comply with legal obligations.

We do not sell your personal data, and we do not use your resume or criteria to train any AI model.

3. Subprocessors

Operating the Service means certain data is sent to these third-party providers, each acting as a data processor on our behalf:

  • Stripe — payment processing and subscription management. Stripe receives your billing details directly; we never see or store your card number.
  • Resend — delivery of transactional emails (account confirmation, password reset). Resend receives your email address and the content of those messages.
  • OpenRouter — routes AI requests (job scoring, and resume tailoring/assist features when configured to use it) to third-party model providers. Our OpenRouter account is configured for zero-data-retention (ZDR) endpoints only where available — OpenRouter and its underlying model providers do not retain the content of these requests after generating a response. OpenRouter receives the job posting text and, depending on your settings, your resume content and criteria, for the single request being served.
  • Anthropic — when this instance is configured to call Anthropic's API directly for resume/cover-letter tailoring, Anthropic receives the job posting and your resume content for that request, subject to Anthropic's own data-handling terms for API usage.
  • ntfy — a self-hosted push-notification relay (operated by us, not a third party) that delivers job-match alerts to your phone or desktop. Notifications include the job title, company, score, and a link to the posting.
  • Hosting provider — {{HOSTING_PROVIDER}} hosts the application server and database that store everything described above.

4. Data retention

We keep your account data for as long as your account exists. Deleting your account (Settings → Danger zone) immediately and permanently removes: your account record, profile (resume, criteria, searches), job history and scores, tailored resume/cover-letter records and the underlying files, usage records, and any pending waitlist entry — and best-effort cancels your Stripe subscription, deletes your Stripe customer record, and revokes your per-user AI provider key. This cannot be undone. If you'd like a copy of your data before deleting your account (or at any other time), use the export option in Settings, limited to a small number of exports per day.

5. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise most of these directly: edit your profile/ resume any time in Settings, export your data, or delete your account outright. For anything else, contact {{CONTACT_EMAIL}}.

6. Cookies

We use a single essential cookie to keep you signed in (an httponly, secure session cookie). We don't use advertising or third-party tracking cookies.

7. Security

Passwords are hashed with argon2id and never stored or logged in plain text. Data in transit is encrypted (TLS). No method of storage or transmission is 100% secure, but we take reasonable measures appropriate to the sensitivity of the data described above.

8. International data transfers

Some subprocessors listed above may process data in a country other than your own. Where required, we rely on those providers' standard safeguards for cross-border transfers.

9. Children's privacy

The Service is not directed at children and is not intended for anyone under the age required to hold a job in their jurisdiction. We don't knowingly collect data from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted here with a new "Last updated" date.

11. Contact

Questions about this policy or your data: {{CONTACT_EMAIL}}. Governing law for any dispute: {{JURISDICTION}}.