← Hired Watch
Privacy Policy
Last updated 2026-07-06
This Privacy Policy explains what personal data Hired Watch (the
"Service", operated by {{OPERATOR_NAME}})
collects, why, who it's shared with, and the choices you have about it.
1. Data we collect
- Account data — your email address and a password
hash (argon2id — we never store or can recover your actual password),
display name, and account status/timestamps (confirmed, plan, trial/period
dates, ToS-acceptance timestamp).
- Resume and search criteria — the resume content you
save (in Markdown), your written scoring criteria and effort-level
preferences, and your configured searches (terms, location, remote
preference).
- Job posting data — postings scraped from public job
board listings matching your searches (title, company, location, salary
text if listed, description, posting date, source URL) plus the AI-
generated score and rationale for each, and the status/output of any
tailored resume or cover letter you request for a posting.
- Usage and technical data — daily per-feature usage
counters (used only to enforce fair-use limits), notification delivery
status, and standard server logs (IP address, timestamps, request paths)
kept for operational and security purposes.
- Billing data — handled by Stripe (see subprocessors
below); we store only the Stripe customer/subscription identifiers and
plan status, never your card details.
2. How we use it
- To retrieve job postings matching your searches and check whether
you've already seen each one;
- To send your resume content and/or criteria to an AI model so it can
score a posting's fit and, on request, generate a tailored resume or cover
letter;
- To deliver push notifications for postings that score above your
threshold, and transactional emails (confirmation, password reset,
billing);
- To process subscription payments and enforce fair-use limits on
AI-backed features;
- To operate, secure, and improve the Service, and to comply with legal
obligations.
We do not sell your personal data, and we do not use your resume or
criteria to train any AI model.
3. Subprocessors
Operating the Service means certain data is sent to these third-party
providers, each acting as a data processor on our behalf:
- Stripe — payment processing and subscription
management. Stripe receives your billing details directly; we never see
or store your card number.
- Resend — delivery of transactional emails (account
confirmation, password reset). Resend receives your email address and the
content of those messages.
- OpenRouter — routes AI requests (job scoring, and
resume tailoring/assist features when configured to use it) to
third-party model providers. Our OpenRouter account is configured for
zero-data-retention (ZDR) endpoints only where available
— OpenRouter and its underlying model providers do not retain the content
of these requests after generating a response. OpenRouter receives the job
posting text and, depending on your settings, your resume content and
criteria, for the single request being served.
- Anthropic — when this instance is configured to call
Anthropic's API directly for resume/cover-letter tailoring, Anthropic
receives the job posting and your resume content for that request, subject
to Anthropic's own data-handling terms for API usage.
- ntfy — a self-hosted push-notification relay
(operated by us, not a third party) that delivers job-match alerts to your
phone or desktop. Notifications include the job title, company, score, and
a link to the posting.
- Hosting provider — {{HOSTING_PROVIDER}}
hosts the application server and database that store everything described
above.
4. Data retention
We keep your account data for as long as your account exists. Deleting
your account (Settings → Danger zone) immediately and permanently removes:
your account record, profile (resume, criteria, searches), job history and
scores, tailored resume/cover-letter records and the underlying files,
usage records, and any pending waitlist entry — and best-effort cancels
your Stripe subscription, deletes your Stripe customer record, and revokes
your per-user AI provider key. This cannot be undone. If you'd like a copy
of your data before deleting your account (or at any other time), use the
export option in Settings, limited to a small number of exports per day.
5. Your rights
Depending on where you live, you may have rights to access, correct,
export, or delete your personal data, and to object to or restrict certain
processing. You can exercise most of these directly: edit your profile/
resume any time in Settings, export your data, or delete your account
outright. For anything else, contact
{{CONTACT_EMAIL}}.
6. Cookies
We use a single essential cookie to keep you signed in (an
httponly, secure session cookie). We don't use advertising or third-party
tracking cookies.
7. Security
Passwords are hashed with argon2id and never stored or logged in plain
text. Data in transit is encrypted (TLS). No method of storage or
transmission is 100% secure, but we take reasonable measures appropriate
to the sensitivity of the data described above.
8. International data transfers
Some subprocessors listed above may process data in a country other
than your own. Where required, we rely on those providers' standard
safeguards for cross-border transfers.
9. Children's privacy
The Service is not directed at children and is not intended for anyone
under the age required to hold a job in their jurisdiction. We don't
knowingly collect data from children.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes
will be posted here with a new "Last updated" date.
11. Contact
Questions about this policy or your data:
{{CONTACT_EMAIL}}. Governing law for any
dispute: {{JURISDICTION}}.