⚠️ TEMPLATE — NOT LEGAL ADVICE. Starting draft for a US-based launch (CCPA/CPRA-oriented). Have a qualified attorney review before launch. Fill in every [BRACKETED] placeholder. Last drafted: 2026-06-28.

Career Hawk — Privacy Policy

Effective date: [EFFECTIVE_DATE] Controller: [LEGAL_ENTITY_NAME], [STATE], USA. Privacy contact: [PRIVACY_EMAIL]

Your privacy matters. This policy explains what we collect, why, how we protect it, and the rights you have. We designed Career Hawk to keep your personal information private.

1. Information we collect

  • Account data: name, email, and authentication identifiers (via our auth provider, Clerk).
  • Profile & career data you provide: resume/CV files, pasted LinkedIn or profile text, work history, skills, education, locations, work authorization, salary expectations, target roles, dream companies, and preferences.
  • Search & activity data: the searches you create, jobs matched to you, your actions (saved/applied/rejected), and generated materials.
  • Technical data: device/browser information, IP address, and usage logs for security and reliability.

We collect this information directly from you and as you use the Service.

2. How we use your information

  • to operate the Service: run searches, score job fit, and generate tailored application materials;
  • to personalize recommendations and expand company suggestions;
  • to send transactional and (if you opt in) job-alert emails;
  • to secure, maintain, and improve the Service;
  • to comply with legal obligations.

We process your data to provide the Service you request and for our legitimate business interests in operating and securing it.

3. AI processing

To analyze postings and generate materials, we send relevant content (e.g. your CV/profile and a job description) to our AI provider, Anthropic. We configure AI processing so that your data is not used to train models and is subject to limited retention per the provider's terms. [CONFIRM_AND_LINK Anthropic data processing terms before launch.]

4. How we share information

We do not sell your personal information. We share it only with:

  • Service providers ("processors") who help us operate the Service, under contract and only as needed:
    • Clerk (authentication)
    • Anthropic (AI processing)
    • Railway (hosting and database)
    • Resend (transactional/alert email)
    • [OBJECT_STORAGE_PROVIDER] (resume/PDF storage)
  • Legal/safety: when required by law or to protect rights and safety.
  • Business transfers: in connection with a merger, acquisition, or asset sale, subject to this policy.

Job postings displayed to you come from third-party sources; visiting an employer or job platform is governed by that third party's own privacy practices.

5. Data retention

We retain your information for as long as your account is active or as needed to provide the Service. You can delete your account at any time, which deletes your profile, career data, searches, matches, and stored files, except where we must retain limited records to comply with law or resolve disputes.

6. Security

We use industry-standard measures including encryption in transit, encryption at rest for sensitive files (e.g. resumes), access controls, tenant isolation, and secrets management. No system is perfectly secure, but protecting your personal information is a core design priority.

7. Your rights (California / CCPA-CPRA and others)

Depending on where you live, you may have the right to:

  • know/access the personal information we hold about you;
  • delete your personal information;
  • correct inaccurate information;
  • opt out of "sale" or "sharing" — note we do not sell or share your personal information for cross-context behavioral advertising;
  • be free from discrimination for exercising your rights.

To exercise these rights, use the in-app data tools or contact [PRIVACY_EMAIL]. We will verify your request and respond within the time required by law. You may use an authorized agent where permitted.

8. Children

The Service is not directed to children under 18, and we do not knowingly collect their information.

9. International users

The Service is operated from the United States and intended for US users at launch. If you access it from elsewhere, you consent to processing in the US. [ADD_GDPR_TERMS if/when serving EU users.]

10. Changes

We may update this policy. Material changes will be notified via the Service or email, and the effective date above will change.

11. Contact

Privacy questions or requests: [PRIVACY_EMAIL].