Note: These terms are effective as of April 10, 2026. You should consult legal counsel before relying on these for production use. This is a template requiring legal review.

Privacy Policy

Last updated: April 2026

1. Who We Are

RadarRole ("we", "us", "our") operates the radarrole.com platform. This Privacy Policy explains what data we collect, how we use it, and your rights over it. Contact: [email protected]

2. Data We Collect

We collect the following categories of data when you use RadarRole:

Account data (via GitHub OAuth)

  • Email address
  • GitHub username and display name
  • GitHub profile ID (used as a stable account identifier)

Profile data (provided by you during onboarding)

  • Resume PDF (uploaded voluntarily)
  • Open-ended vibe form answers describing your work preferences
  • Hard filter preferences (industries to avoid, employment type, onsite tolerance)
  • Compensation floor
  • AI-synthesized profile summary generated from your answers

Usage data (collected automatically)

  • Per-user API cost and token consumption (for fair use monitoring)
  • Agent run history (type, status, cost — no content)
  • Session cookies (see Section 7)
  • Server access logs (IP address, request path, timestamp)

Payment data

  • We do not store payment card details. Payments are handled entirely by Stripe. We store your Stripe customer ID and subscription tier.

3. How We Use Your Data

  • To provide the Service — your profile data is used by AI agents to evaluate job roles, generate outreach drafts, and personalize recommendations
  • Fair use monitoring — we track per-user API costs and usage volume to detect abuse and ensure equitable access for all users
  • Transactional email — we send match alerts, weekly digests, and account notifications via Resend
  • Error tracking — we use Sentry for application error monitoring; PII fields are explicitly excluded from Sentry payloads

We do not use your data for advertising, profiling for third parties, or any purpose beyond operating the Service.

4. AI Processing

RadarRole uses the Anthropic API to power its AI agents. When your resume, profile answers, or job descriptions are processed:

  • Data is transmitted to Anthropic's API infrastructure for inference
  • Anthropic does not use data submitted via its commercial API to train models, per their commercial privacy terms
  • Data is processed ephemerally — Anthropic does not store your content beyond the duration of the API call
  • We log only metadata (token counts, cost, agent type, status) — not the content of AI responses

5. Data Storage and Location

  • Database (PostgreSQL) — hosted on DigitalOcean in the United States
  • Resume files — stored in Cloudflare R2 (US region) in a private bucket; accessible only via time-limited presigned URLs generated per request
  • Session data — stored in encrypted server-side sessions; no sensitive data is stored client-side
  • Cache (Redis) — hosted on DigitalOcean in the United States; used for job queuing and transient data only

6. Third-Party Services

Service Purpose Data shared
GitHub OAuth Authentication Email, username, profile ID
Stripe Payments Email, payment intent
Anthropic API AI processing Resume, profile, job content (ephemeral)
Resend Transactional email Email address, digest content
Cloudflare R2 Resume storage Resume PDF files
Sentry Error tracking Error traces (no PII)

We do not sell, rent, or share your personal data with any third parties beyond those listed above for the purposes described.

7. Cookies and Sessions

We use a single server-side session cookie to maintain your login state. This cookie:

  • Is set with HttpOnly=true (not accessible to JavaScript)
  • Is set with Secure=true in production (HTTPS only)
  • Uses SameSite=Lax to protect against cross-site request forgery
  • Contains no personally identifiable information — only a session identifier

We do not use tracking cookies, analytics cookies, advertising pixels, or any third-party tracking scripts.

8. Data Retention

  • Active accounts — all data retained while your account is active
  • Expired accounts — data retained for 90 days after your access expires, then permanently deleted
  • Deleted accounts — data deleted within 30 days of your deletion request
  • Server logs — retained for up to 30 days for security and debugging
  • Stripe records — payment records are retained per Stripe's policies for tax and fraud purposes; we cannot delete these

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your data:

  • Access — request a copy of the data we hold about you
  • Portability — receive your profile data in a structured format
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and associated data
  • Objection — object to certain processing activities

To exercise any of these rights, email [email protected]. We will respond within 30 days.

10. Security

We take reasonable technical and organizational measures to protect your data, including encrypted connections (TLS), encrypted storage for credentials, access controls on all infrastructure, and PII exclusion from logs and error reporting. No system is 100% secure — if you believe your data has been compromised, contact us immediately at [email protected].

11. Children

RadarRole is not intended for users under the age of 16. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

Privacy questions or requests: [email protected]

Terms of Service Refund Policy