Privacy Policy
Version 1.0 - Last updated April 2026
1. What We Collect
We collect the following information when you use RoleNavigator:
- Account information: email address, first and last name
- Resume data: uploaded resume text (used for job matching and document generation)
- Job search preferences: keywords, location, job types, experience levels, target roles, and other search configuration
- Application history: jobs you've applied to, application stages, and status changes
- Activity timestamps: last active time, login activity (used for account lifecycle management)
- Device and browser information: standard HTTP headers for security and compatibility
2. How We Use Your Data
Your data is used to provide and improve RoleNavigator's services:
- Job matching: scoring jobs against your resume and preferences
- Document generation: creating tailored resumes and cover letters
- Interview preparation: generating prep materials based on job descriptions
- Analytics: providing insights about your job search activity
- Account communications: sending transactional emails about your account status, scan results, and lifecycle notifications
3. Third-Party Data Sharing
We share data with the following third-party services to provide our features:
- Anthropic (Claude API): Resume text and job descriptions are sent to Anthropic's API for LLM-based scoring, document generation, and interview preparation. Per Anthropic's commercial API terms, this data is not used for model training.
- Resend: Your email address is shared with Resend for transactional email delivery (account notifications, scan results, lifecycle emails).
- Amazon Web Services (AWS S3): Encrypted backups of your account data (profile, job preferences, uploaded resumes, generated documents, application history) are stored in AWS S3 with AES-256 server-side encryption. Backups are retained for a maximum of 30 days and then permanently deleted. Data is stored in the United States (us-east-2 region). Access is restricted to the application administrator via scoped IAM credentials.
- LinkedIn, Indeed, Built In, Jobicy, RemoteOK: Job data is scraped from these platforms. No user data is shared with them.
- Idealist, Mercor, USAJobs: Job listings are retrieved from these platforms via their official APIs. No user data is shared with them.
We do not sell your data to any third party.
4. Payment Processing
We use Stripe to process payments. We do not store your card number or CVC. Stripe stores your card on our behalf, and we receive only a token (a non-sensitive identifier) and the last 4 digits of your card for display purposes. If you save a payment method for future purchases (such as pay-per-document fees), this token is stored with your account and can be removed at any time from Settings.
Data we collect from Stripe:
- Stripe customer ID
- Saved payment method ID (token)
- Card brand and last 4 digits (display only)
- Payment intent IDs and charge history (for refunds and audit)
Pay-per-document feature: Free users may pay $1.49 per job to generate tailored resumes and cover letters. This is a one-time charge for one set of documents per job. Refunds are issued automatically if generation fails three or more times. Self-serve refunds are available for 7 days after the third failure. Other refund requests can be made by contacting support.
5. Data Retention
- Active accounts: Data is retained while your account is active.
- Accounts without a resume: Accounts are disabled after 30 days of inactivity without a resume, and permanently deleted after 90 days.
- "Not interested" jobs: Jobs marked as "not interested" are automatically removed after 30 days.
- Inactive accounts: Auto-scan pauses after 7 days of inactivity. Logging back in reactivates scans automatically.
- Backups: Encrypted backups are retained for up to 30 days in cloud storage, then permanently deleted.
6. Your Rights
You have the right to:
- Access: View all data associated with your account
- Correction: Update your personal information at any time via Settings
- Deletion: Request permanent deletion of your account and all associated data
- Data portability: Export of your data is planned for a future release
7. Security
We protect your data using:
- JWT-based authentication with token refresh
- Fernet encryption for stored API keys and credentials
- HTTPS via Cloudflare for all connections
- Bcrypt password hashing
8. Email Communications
RoleNavigator sends the following types of automated emails:
- Account lifecycle (mandatory): Scan paused notifications, account disabled notices, and deletion warnings. These cannot be opted out of as they concern your account status.
- Engagement (optional): Inactivity reminders and resume upload nudges. You can toggle these off via the "Account Alerts" setting.
9. Cookies and Local Storage
RoleNavigator uses:
- localStorage: JWT access and refresh tokens for authentication, and theme preference
- No third-party tracking: We do not use third-party analytics, advertising cookies, or tracking pixels
10. Policy Changes
When we make material changes to this policy:
- Users will be notified via email in advance
- An in-app modal will require you to review and re-accept the updated policy
- Continued use of the service requires acceptance of the current policy version
11. Contact
For privacy inquiries, data access requests, or deletion requests, please contact us via the in-app feedback form or email.
← Back to RoleNavigator