Privacy Policy

RemoteHunt ("Service", "we", "us") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights.

• Government-issued ID or identity documents
• Payment card numbers (handled by Lemon Squeezy)
• Social security numbers or tax identifiers
• Background check information
• References or employer feedback

• To provide and maintain the Service
• To match you with relevant job listings
• To generate AI-powered cover letters and recommendations
• To process subscriptions (via Lemon Squeezy)
• To send transactional emails (account, subscription, job alerts)
• To improve the Service through aggregated, anonymized analytics
• To prevent fraud and enforce our Terms

Your profile data, resume content, and preferences are processed by AI models to:

• Score job relevance
• Generate personalized cover letters
• Suggest search improvements

AI processing occurs on our servers. Your resume text, job descriptions, and profile data are routed through OpenRouter (an AI inference gateway) to Google Gemini models for scoring and text generation. We do not include your name, email, or identifying information in AI API calls unless necessary for cover letter personalization. AI providers may change as the Service evolves; material changes will be disclosed.

We share data only with:

• Lemon Squeezy — payment processing (email, subscription data)
• Supabase — database and authentication hosting
• Vercel — frontend hosting (technical data only)
• Railway — backend hosting (technical data only)
• OpenRouter + Google Gemini — AI inference for scoring, cover letters, and coach chat
• PostHog — product analytics (pageviews, feature usage)

When you apply to a job through RemoteHunt:

• Your application data (cover letter, etc.) is submitted to the employer's application system
• Once submitted, that data is governed by the employer's privacy policy
• We retain a record of your application for your tracking purposes

We implement reasonable security measures:

• All data transmitted over HTTPS/TLS
• Database access restricted through Row Level Security (RLS)
• Passwords hashed via Supabase Auth (bcrypt)
• API authentication via JWT tokens
• Resume and profile data encrypted at rest

However, no system is 100% secure. You use the Service at your own risk.

• Account and profile data: retained while your account is active, deleted within 30 days of account deletion request
• Application history: retained while account is active
• AI-generated content: retained while account is active
• Technical logs: retained for up to 90 days
• Aggregated anonymized data: may be retained indefinitely

If you reside in the EU/EEA, the General Data Protection Regulation (GDPR) grants you the following rights. You can exercise most of them directly from your account in Settings → Privacy:

• Right to access (Art. 15)— download a JSON bundle of every record we hold for you via GET /api/account/export (the “Download my data” button in Settings).
• Right to rectification (Art. 16)— correct inaccurate profile data through the Settings and Profile screens.
• Right to erasure (Art. 17)— permanently delete your account and all associated data via DELETE /api/account (the “Delete my account” button in Settings). The deletion cascades through profile, applications, scores and credit transactions, and removes your auth identity.
• Right to restrict / object (Art. 18, 21)— opt out of non-essential email and pause AI processing of your data (this may limit Service functionality).
• Right to data portability (Art. 20)— the same JSON export above is provided in a structured, machine-readable format suitable for transfer to another controller.
• Right to lodge a complaint (Art. 77)— with your local supervisory authority if you believe your rights have been violated.

For questions, deletion of an account you no longer have access to, or to escalate any GDPR matter, contact our Data Protection Officer at dpo@remotehunt.app (or privacy@remotehunt.app). We respond within 30 days.

We use essential cookies for authentication and session management (Supabase), and PostHog for product analytics — pageviews, feature usage, and anonymized behavioral signals used only to improve the Service. We do not use advertising cookies, retargeting pixels, or third-party trackers.

The Service is not intended for anyone under 18. We do not knowingly collect data from minors.

Your data may be processed in the EU and US where our service providers operate. By using the Service, you consent to these transfers.

We may update this policy at any time. Material changes will be communicated via email. Continued use constitutes acceptance.

The Chrome extension activates only on sites you grant permission to. For each activated site, we collect:

• The hostname (e.g. "glassdoor.com") of the page you score, so we can track which sites our users use most and prioritize first-class support.
• The job title, company, location, and salary you trigger scoring on. These are sent to our servers when the badge appears or when you click "Score this page".

You can revoke per-site permission at any time via chrome://extensions → RemoteHunt → Site access.

For privacy inquiries: privacy@remotehunt.app (or egor@useagnt.ai).