Security & data
How we handle your data
What we collect, why, how long we keep it, and what you can do about it.
Last updated March 7, 2026
What we store and why
| Data type | Purpose | Retention | Your control | Processor |
|---|---|---|---|---|
| Resume upload text (analysis input) | Generate recruiter-style feedback, scoring, and rewrite guidance. | Processed to generate results. Raw input is not stored for anonymous runs. | Sign in to save your history, or delete your account in Settings. | OpenAI, Supabase |
| Report output + resume preview | So you can open past reports, compare versions, inspect evidence excerpts, and export. | Saved when you keep a report or run one while signed in. Includes report output, evidence excerpts, a short resume preview, and any job description you add. Deleted when you delete the report or your account. | Delete individual reports in History, or delete your account in Settings. | Supabase |
| Saved resume profile (default resume) | Job matching and extension workflows. | Stored until you replace it, remove it, or delete your account. Includes raw resume text for matching plus derived skills, seniority signals, embeddings, hash, and preview. | Replace or remove it in Settings > Matching, or delete your account. | Supabase, OpenAI (embeddings) |
| LinkedIn profile input | Generate profile feedback and recommendations for your LinkedIn. | Saved in your report history when you're signed in. | Delete individual reports in History, or delete your account in Settings. | OpenAI, Supabase |
| Captured jobs and job descriptions | Save roles from the extension, run role-fit checks, and compare your resume against specific postings. | Stored when you save a job or sync extension captures. Includes job title, company, URL, description text, match signals, and latest report links until you delete the saved job or your account. | Delete saved jobs from Jobs, delete linked reports from Reports, or delete your account in Settings. | Supabase, Chrome local storage, OpenAI when used in a report |
| Account identity (email, name) | Authentication, account access, and support communication. | Retained while account is active. | Update your profile in Settings, or delete your account. | Supabase |
| Usage, reliability, and abuse-prevention metadata | Rate limiting, reliability diagnostics, billing state, and product health. | Retained for product operation and security needs. | Deleting your account removes app-level history. | Supabase, Sentry, Vercel |
| Product analytics and conversion telemetry | Measure product quality, onboarding friction, and billing funnel health when analytics is enabled. | Retained under the analytics vendors' configured retention windows. | Respects browser Do Not Track and can be disabled at launch. | Mixpanel, Vercel |
| Billing events and invoices | Charge processing, receipts, subscription lifecycle, and dispute handling. | Managed under Stripe billing retention policies. | Manage billing and receipts in Stripe portal. | Stripe |
What we commit to
- Your upload is encrypted in transit.
- Anonymous reports are not saved to an account automatically.
- Signed-in reports save report output, evidence excerpts, a short resume preview, and any job description you add. You can delete reports from Reports.
- Deleting your account removes your reports and usage history from our database.
- Payment info is handled by Stripe. We never see your card.
- We don't sell your data.
- We don't use your data to train AI models.
- Browser session replay stays off by default.
- Scores estimate your resume's hiring signal. They don't predict hiring outcomes.
- Your first full report is free. No credit card needed.
- You see exactly what you're unlocking before you pay.
- If payment goes through but access looks locked, restore it from Billing.
- All receipts and invoices are available in Billing.
- You can export your data from Settings when export controls are enabled.
- Security reports can be sent using the disclosure instructions on our Security and Status pages.
Responsible disclosure
If you discover a security issue, please email support@recruiterinyourpocket.com with steps to reproduce it. Our canonical disclosure instructions are also published at /.well-known/security.txt.