Privacy Policy

RoleCRM ("we", "us", or "our") operates the RoleCRM application and website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Account Information

When you create an account we collect your name, email address, and profile picture through our authentication provider (Clerk). If you subscribe to a paid plan we collect billing information through our payment processor (Stripe).

1.2 Usage Data

We collect information about how you interact with the service, including job applications you track, companies you research, contacts you manage, interview schedules, follow-up activity, and documents you upload. This data is stored to provide the core CRM functionality.

1.3 AI Interaction Data

When you use AI-powered features (resume tailoring, cover letter generation, interview preparation, company research, career coaching), your prompts and the context you provide are sent to our AI provider (Anthropic/Claude) for processing. We log token usage and feature usage for billing and quality purposes. AI-generated outputs are stored in your account.

1.4 Automatically Collected Information

We automatically collect certain technical information including your IP address, browser type, device information, and pages visited. We use cookies and similar technologies as described in our cookie consent notice.

2. Third-Party Services

We share data with the following categories of third-party service providers:

• Authentication: Clerk — manages user accounts, sessions, and authentication.
• Payments: Stripe — processes subscription payments and manages billing.
• Cloud Infrastructure: Amazon Web Services (AWS) — hosts our application, stores uploaded documents (S3), and sends transactional emails (SES).
• AI Processing: Anthropic (Claude) — powers AI features such as resume tailoring, cover letter generation, interview preparation, and career coaching. Data sent to Anthropic is processed according to their data usage policies.
• Analytics: We use Google Analytics for website traffic analysis. When enabled through your cookie preferences, we may also use Facebook Pixel and LinkedIn Insight Tag for marketing measurement. These tracking technologies are only loaded after you provide explicit opt-in consent through our cookie consent banner.

3. Cookies and Tracking

We use essential cookies required for authentication and session management. We also use analytics cookies to understand usage patterns. You can manage your cookie preferences through the cookie consent banner displayed when you first visit the site. Disabling non-essential cookies will not affect core functionality.

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the RoleCRM service
• Process transactions and send billing-related communications
• Generate AI-powered career recommendations and content
• Send transactional emails (interview reminders, follow-up notifications, weekly digests)
• Send our newsletter if you have opted in. All marketing emails include our physical mailing address and a one-click unsubscribe link. You can manage your email preferences in your account settings at any time.
• Monitor and analyze usage trends to improve the product
• Detect and prevent fraud or abuse

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain certain records (e.g., billing records for tax purposes). AI usage logs are retained for up to 90 days for quality and debugging purposes.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability — receive your data in a structured format
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@rolecrm.com.

7. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases as defined by Article 6 of the GDPR:

• Contract necessity (Art. 6(1)(b)): Processing necessary to provide the Service you have signed up for, including account management, CRM functionality, and AI features.
• Legitimate interest (Art. 6(1)(f)): Processing for fraud prevention, security monitoring, service improvement, and usage analytics (where you have not opted out).
• Consent (Art. 6(1)(a)): Processing of analytics and marketing cookies, newsletter subscriptions, and optional tracking technologies, which you may withdraw at any time.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA or United Kingdom, including the United States. When we transfer personal data internationally, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and/or equivalent safeguards to ensure an adequate level of data protection.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose.
• Right to delete your personal information, subject to certain exceptions.
• Right to opt out of the sale of personal information. RoleCRM does not sell your personal information to third parties, as defined under the CCPA.
• Right to non-discrimination for exercising your CCPA rights.

To exercise these rights, contact us at privacy@rolecrm.com.

10. Right to Lodge a Complaint

If you are in the EEA or United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law. A list of EU data protection authorities is available at edpb.europa.eu.

11. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

RoleCRM is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the version number and effective date above, and may request re-acceptance through the application. Your continued use of the service after changes are posted constitutes acceptance.

14. Data Protection Officer

RoleCRM has not appointed a Data Protection Officer as we do not currently meet the thresholds requiring one under GDPR Article 37. For any data protection inquiries, please contact us at privacy@rolecrm.com.

15. Contact Us

If you have questions about this Privacy Policy, please contact us at: