Privacy Policy
Last updated: May 4, 2026 · Effective immediately
Opening ("we," "our," "us") respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights. By using Opening, you agree to the practices described here.
1. Information we collect
Account information: email address and authentication credentials. If you sign in with a third-party identity provider, we receive a token plus the basic profile fields you authorize.
Profile and preferences: the information you provide during onboarding — name, target roles, target industries, preferred locations, salary expectations, years of experience, and work preferences.
Resume and application content: resumes you upload or build through the Service, AI-generated tailored versions, cover letters, and outreach drafts.
Job activity: match history, application status, feedback (thumbs up/down), and notes you add.
LinkedIn data: if you connect your LinkedIn profile or paste profile sections for optimization, we process that data only to provide the requested features.
Email pipeline data: if you turn on email tracking, we read your job-related mail read-only — Gmail in your own browser session through the Opening extension, or a mailbox you connect via its provider's official API (Google/Microsoft). We classify each message in memory (recruiter reply, interview scheduling, rejection, offer, etc.) to update your application pipeline, and we store only the tracking envelope — sender, subject, and which application it relates to. We do not store the contents of your email, and nothing is ever sent on your behalf without you. You can turn this off or disconnect at any time.
Billing information: billing is handled by a PCI-DSS compliant payment processor. We do not store your full credit card number.
Usage data: aggregate information about how you use the Service to operate, secure, and improve it.
Communications: support correspondence is retained for account-history purposes.
2. How we use your data
- To provide, operate, secure, and improve the Service
- To match you with relevant job opportunities
- To generate tailored resume content and application materials
- To classify and track your job-search pipeline
- To process payments and manage your subscription
- To send transactional emails (account, billing, status updates)
- To send product updates and tips, only if you opted in
- To respond to support requests
- To detect and prevent fraud or abuse
- To comply with legal obligations
We do not sell or rent your personal information. We do not use your content to train generalized AI models, and we do not allow third parties to do so on our behalf.
3. Categories of recipients
We share data only as needed to deliver the Service, with the following categories of recipients under written data-protection agreements:
- Cloud hosting and database providers that store and serve your data securely.
- AI processing providers that perform inference on your content (resume tailoring, classification, scoring). Under our agreements, your data is not used to train their models.
- Payment processors for subscription billing.
- Transactional email providers for account, security, and pipeline notifications.
- Identity providers if you choose to sign in or connect external accounts (e.g., Google, LinkedIn).
- Public job-listing sources we query on your behalf to surface roles. We share only the search terms necessary to match jobs to your preferences.
We do not share your personal data with advertisers or data brokers, and we do not sell it. We may disclose data when required by law, in response to a valid legal process, to protect rights and safety, or in connection with a corporate transaction with notice to you.
4. Data security
We use encryption in transit (TLS) and at rest, role-based access controls, and row-level data isolation so that your data is not accessible to other users. We limit employee access to user data on a need-to-know basis. No system is perfectly secure — please use a strong unique password and notify us immediately at support@opening.works if you suspect unauthorized access.
5. Data retention
We retain your data while your account is active. If you delete your account, we delete personal data within 30 days, except where we are legally required to retain certain records (for example, billing records retained for tax purposes for up to seven years). Anonymized or aggregated data that cannot identify you may be retained indefinitely.
6. Your rights
Depending on your jurisdiction, you may have rights to:
- Access a copy of your personal data
- Correct inaccurate data
- Delete your account and associated personal data (available from Settings)
- Receive an export of your data in a machine-readable format
- Withdraw consent and unsubscribe from marketing emails at any time
- Restrict or object to certain processing
To exercise any of these rights, email support@opening.works. We respond within 30 days.
7. Cookies
We use essential cookies to maintain your session and authentication state. We do not use third-party advertising or cross-site tracking cookies. You can clear cookies in your browser at any time, but doing so may affect Service functionality.
8. California residents (CCPA/CPRA)
California residents have the right to know what personal information we collect, the right to delete it, the right to correct inaccurate information, the right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising), and the right to non-discrimination for exercising these rights.
To exercise CCPA/CPRA rights, contact support@opening.works.
9. European residents (GDPR/UK GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing are: contractual necessity (delivering the Service), legitimate interests (security, fraud prevention, service improvement), consent (marketing communications, optional features), and legal obligation.
You may lodge a complaint with your local supervisory authority. For all other GDPR rights, contact support@opening.works.
10. Use of Google API services and Google user data
Opening's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Limited Use disclosure:
- We access Gmail data (read-only, via the
gmail.readonlyscope) solely to read and classify emails related to your job search — recruiter replies, interview scheduling, offer letters, rejections — and to update your application pipeline within Opening. - We do not transfer Gmail data to third parties except as necessary to provide or improve user-facing features within Opening, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
- We do not use Gmail data for serving advertisements.
- We do not allow humans to read Gmail data unless: (a) we have your specific consent to read specific messages, (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) the data is aggregated and used for internal operations in compliance with applicable privacy laws.
- We do not use Gmail data to develop, improve, or train generalized AI or machine-learning models. AI features that operate on email content run inference only — your data is never used to train any model.
You may revoke Opening's access to your Google account at any time at myaccount.google.com/permissions. Doing so disables Gmail-based pipeline tracking; existing classified emails and pipeline data remain in your account until you delete it.
11. Children
The Service is not directed to individuals under 18 years of age, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us and we will delete it promptly.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice within the Service. Continued use of the Service after the update constitutes acceptance of the revised policy.
13. Contact
Privacy questions or data requests: support@opening.works