Privacy Policy

1. Information we collect

Account information: When you create an account, we collect your email address and encrypted password (or OAuth token for Google sign-in).

Profile and preferences: We collect the information you provide during onboarding: your name, target roles, target industries, preferred locations, salary expectations, years of experience, and work preferences (remote/hybrid/onsite).

Resume data: If you upload a resume or build one through our AI Builder, we store that document and any AI-generated tailored versions.

Job activity: We store your job match history, application status updates, job feedback (thumbs up/down), and any notes you add to applications.

LinkedIn data: If you connect your LinkedIn profile URL or paste LinkedIn profile sections for optimization, we process that data to provide the requested features.

Billing information: We use Stripe to process payments. We do not store your full credit card number. Stripe handles all payment data and is PCI-DSS compliant.

Usage data: We may collect information about how you use the Service, including pages visited, features used, and session duration, to improve the product.

Communications: If you contact support or submit a support ticket, we retain that correspondence.

2. How we use your data

• To provide, operate, and improve the Service
• To match you with relevant job opportunities based on your preferences
• To generate tailored resume content and application materials
• To identify warm networking paths into target companies
• To process payments and manage your subscription
• To send transactional emails (account confirmation, billing receipts)
• To send product updates and career tips, if you opted in at signup
• To respond to your support requests
• To detect and prevent fraud and abuse
• To comply with legal obligations

3. AI processing

Opening uses Claude, an AI model developed by Anthropic, to process your resume, analyze job descriptions, generate tailored content, and provide LinkedIn optimization suggestions. Your data is transmitted to Anthropic's API for this processing. Per our agreement with Anthropic, your data is not used to train their AI models. Anthropic's privacy practices are described at anthropic.com/privacy.

4. Third-party services

We share data with the following third parties only as necessary to provide the Service:

• Supabase — Database and authentication infrastructure. Your data is stored in encrypted PostgreSQL databases hosted on AWS.
• Stripe — Payment processing. We share your email and billing details with Stripe to process subscriptions.
• Anthropic (Claude API) — AI processing of resume and profile content.
• Proxycurl — LinkedIn profile data to identify networking connections. We share company names relevant to your job search to retrieve publicly available LinkedIn data.
• Vercel — Hosting and CDN infrastructure.

We do not sell your personal data to third parties for advertising or marketing purposes.

5. Data storage and security

Your data is stored in encrypted databases (AES-256) hosted on AWS infrastructure through Supabase. Data in transit is protected by TLS/HTTPS. We use Row Level Security to ensure your data is never accessible to other users. We implement access controls to limit employee access to user data. Despite these measures, no system is completely secure — please use a strong, unique password and notify us immediately if you suspect unauthorized access.

6. Data retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, regulatory, or financial record-keeping purposes (such as billing records, which we retain for 7 years per standard accounting requirements). Anonymized or aggregated data that cannot identify you may be retained indefinitely.

7. Your rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your account and data. You can do this directly from Settings.
• Portability: Request an export of your data in a machine-readable format.
• Opt-out of marketing: Unsubscribe from marketing emails at any time using the unsubscribe link, or by updating your notification preferences in Settings.
• Restrict processing: Request that we limit how we use your data in certain circumstances.

To exercise any of these rights, email us at support@opening.works. We will respond within 30 days.

8. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party advertising cookies or tracking pixels. Session cookies are deleted when you close your browser. Persistent cookies (for remembering your theme preference) may remain for up to 1 year. You can clear cookies in your browser settings, but this may affect Service functionality.

9. California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• The right to know what personal information we collect and how it is used
• The right to delete your personal information
• The right to opt out of the sale of your personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To exercise your CCPA rights, contact us at support@opening.works.

10. European residents (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulation (GDPR) provides you with specific rights. Our legal bases for processing your data include:

• Contract performance: Processing necessary to deliver the Service you subscribed to.
• Legitimate interests: Fraud prevention, service improvement, and security.
• Consent: Marketing communications (you may withdraw consent at any time).
• Legal obligation: Compliance with applicable laws.

For GDPR inquiries or to exercise your rights, contact our data privacy team at support@opening.works.

11. Children

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice within the Service. The updated policy will be effective upon posting. Continued use of the Service after the update constitutes acceptance of the revised policy.

13. Contact

Privacy questions or data requests: support@opening.works