Back to RoleReady

Privacy Policy

Last updated: May 19, 2026

1. Introduction

RoleReady ("we," "us," or "our") operates the website roleready.me and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using RoleReady, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.

2. Information We Collect

Account Information

  • Name and email address (provided at signup or via OAuth)
  • OAuth profile data from Google or GitHub (if you choose to sign in that way)
  • Profile picture (uploaded or from OAuth provider)

Job Application Data

  • Job postings you save or import (title, company, description, URL)
  • Application status, notes, and labels you assign
  • Interview prep materials generated for saved jobs

Document Data

  • Resumes and cover letters you upload (stored securely in R2 storage)
  • AI-processed document content for extraction and analysis
  • Tailored resume drafts generated by our AI tools

Usage Data

  • Pages visited and features used, collected via Vercel Analytics (cookie-less, aggregated, privacy-friendly)
  • No personally identifiable browsing history is stored

AI Processing Data

  • Job posting text sent to LLM providers (OpenRouter, Cerebras, or OpenAI) for extraction and analysis
  • Resume content processed for tailoring and suggestions
  • LLM providers do not store your data after processing

3. How We Use Your Information

  • Providing the service — job tracking, AI-powered analysis, document generation, interview preparation
  • Improving the product — aggregated, anonymized analytics to understand feature usage
  • Communication — transactional emails, optional notifications, and onboarding messages
  • Billing — subscription management via Polar

4. Information Sharing

We share data only with service providers necessary to operate RoleReady:

  • AI providers (OpenRouter, Cerebras, OpenAI) — job text for processing only; not stored by providers
  • Polar — subscription and billing data
  • Resend — email delivery (transactional and optional notifications)
  • logo.dev — company logo URLs for display

We do not sell your personal data to any third party.

5. Data Storage & Security

  • Primary database: PostgreSQL with encrypted connections
  • File storage: Cloudflare R2 with server-side encryption
  • Session management: essential authentication cookies via Better Auth
  • All data transmitted over HTTPS with security headers (HSTS, CSP, X-Frame-Options)
  • Access controls and authentication on all API endpoints

6. Data Retention & Deletion

  • Your data is retained while your account is active
  • You can delete your account at any time from Settings > Privacy & Data
  • Upon account deletion, your data will be permanently removed within 30 days
  • You can export all your data at any time from Settings > Privacy & Data > Export Data

7. Cookies & Tracking

  • Essential cookies: session authentication (better-auth.session_token), sidebar state
  • Analytics: Vercel Analytics — cookie-less, privacy-friendly, aggregated endpoint data
  • No third-party advertising cookies
  • See our Cookie Policy for full details

8. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights:

  • Right to access — export your data via Settings
  • Right to deletion — delete your account via Settings
  • Right to rectification — edit your profile and data at any time
  • Right to data portability — download your data in JSON format
  • Right to object to processing — contact us to restrict processing
  • Right to withdraw consent — manage notification preferences in Settings

9. Third-Party Services

  • Google OAuth / GitHub OAuth — subject to their own respective privacy policies
  • Chrome Extension — processes job page data locally in your browser, sends data to the app API only when you choose to save a job

10. Children's Privacy

RoleReady is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16.

11. International Data Transfers

Your data is processed in the United States (via Vercel hosting and our primary database). AI providers may process data in the US or EU. By using our service, you consent to the transfer of your information to these jurisdictions.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy, contact us at privacy@roleready.me.