Privacy Policy

Last updated: 2026-03-03

HireFit is operated by LVII Ltd. Liability Co. (“we,” “us,” or “our”). HireFit is designed to help you manage your job search with minimal data collection and strict user isolation. This policy explains what we collect, why we collect it, and how it is used.

Information we collect

  • Your email address and name, provided during account creation or via Google sign-in
  • A bcrypt-hashed password if you choose email + password authentication (plaintext passwords are never stored)
  • Resume content you explicitly upload
  • Job postings you choose to ingest or track
  • Derived scoring and status metadata tied to your account
  • Your filter preferences (minimum score, status filters, location filters)
  • Standard web usage data such as pages visited and browser type, collected via Google Ads tags

Authentication

HireFit offers three sign-in methods:

  • Google OAuth: We receive your name, email address, and Google profile picture. We do not access your Gmail, Google Drive, or any other Google service beyond basic profile information.
  • Login link (email): You enter your email and we send a one-time sign-in link via Resend. No password is stored. The link expires after 24 hours.
  • Email + password: Your password is hashed with bcrypt (cost factor 12) before storage. The plaintext password is never stored or logged.

Email forwarding address

Each HireFit account is assigned a unique inbound email address (e.g. abc123@in.hirefit.app). When you forward a LinkedIn job alert email to this address:

  • The raw email is temporarily stored in AWS S3 and immediately processed to extract job postings
  • Only job metadata (title, company, URL, location) is retained — the email body is not stored
  • We do not read your personal inbox. You choose which emails to forward

How information is used

  • Authenticate and secure your account
  • Process forwarded job alert emails and extract job postings
  • Score extracted jobs against your uploaded resume using AI analysis
  • Display and manage your personalized job application pipeline
  • Track application status and interview progress
  • Send authentication emails (login links) via Resend
  • Measure the effectiveness of our advertising campaigns via Google Ads

Data isolation

All resumes, scores, and job states are strictly scoped to your user account. Data is never shared across users.

Third-party services

HireFit integrates with the following third-party services:

  • Google OAuth: For sign-in only. We request only openid email profile — no access to Gmail or any other Google service.
  • Google Ads (gtag.js): We use Google Ads to measure advertising conversions and reach relevant audiences. Google may set cookies (_gcl_au) to track ad interactions. This may constitute “sharing” of browsing activity for cross-context behavioral advertising under California law. See the CCPA section below for opt-out options.
  • Resend: For sending login link authentication emails from auth@hirefit.app.
  • AWS SES & S3: For receiving forwarded job alert emails. Raw emails are stored transiently in S3 during processing and are not retained.
  • Supabase: For secure data storage (PostgreSQL database).
  • OpenAI API: For AI-powered resume analysis and job scoring. Resume text is sent to OpenAI's API but not stored by OpenAI per their data retention policy.
  • Applicant Tracking Systems: HireFit may fetch public job descriptions from ATS platforms (Greenhouse, Lever, Ashby) when enriching job postings.

Your use of these third-party services is also governed by their respective privacy policies.

Data retention and deletion

You may delete your account at any time from the account menu in the application. All data is immediately and permanently deleted, including:

  • All job scores and tracking data
  • All uploaded resumes and candidate profiles
  • Application status, notes, and preferences
  • Your inbound forwarding address
  • Account credentials and session tokens

Alternatively, contact us at support@hirefit.app for deletion assistance.

Data security

  • All data transmission uses HTTPS/TLS encryption
  • Passwords are hashed with bcrypt before storage — plaintext passwords are never stored
  • Database access is restricted and authenticated
  • We regularly review and update security practices

No internet transmission is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you specific rights regarding your personal information.

Categories of personal information we collect

  • Identifiers: name, email address
  • Professional or employment-related information: resume content, job postings you track, application status
  • Internet or network activity: pages visited on hirefit.app, browser type, referring URLs (collected via Google Ads tags)
  • Inferences: AI-generated job fit scores derived from your resume and job postings

Categories of third parties we share data with

  • Google LLC — advertising and conversion measurement (internet/network activity via cookies)
  • OpenAI — AI analysis (professional/employment information)
  • Supabase — data storage (all categories)
  • AWS — email processing (identifiers, forwarded email content during processing only)
  • Resend — transactional email delivery (identifiers)

Do Not Sell or Share My Personal Information

We do not sell your personal information. However, our use of Google Ads may constitute “sharing” of browsing activity for cross-context behavioral advertising under CPRA. You have the right to opt out.

To opt out, you have several options:

  • Email us: Send a request to privacy@hirefit.app with the subject line “Do Not Share My Personal Information”. We will disable Google Ads tracking for your account within 15 business days.
  • Global Privacy Control (GPC): HireFit honors the GPC browser signal. If your browser has GPC enabled, we treat it as a valid opt-out request under CPRA. Enable GPC via browsers like Firefox or Brave, or extensions like Privacy Badger.
  • Google's opt-out tools: You can opt out of Google's advertising cookies at adssettings.google.com or by installing the Google Analytics Opt-out Browser Add-on.

Your rights as a California resident

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties with whom it is shared.
  • Right to Delete: Request deletion of your personal information. You can do this directly in the app (account menu) or by emailing us.
  • Right to Correct: Request correction of inaccurate personal information we hold about you.
  • Right to Opt Out: Opt out of the sharing of your personal information for cross-context behavioral advertising (see above).
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. Exercising these rights will not affect your access to HireFit.

Submitting a request

To exercise any of the above rights, contact us at privacy@hirefit.app. We will respond within 45 days. We may need to verify your identity before processing your request.

Contact

For privacy-related questions, contact us at privacy@hirefit.app.