Privacy Policy

Last updated: June 16, 2026

Built GDPR-first. RemoteHunt is designed to meet the EU General Data Protection Regulation. EU/EEA residents can access, export, correct, and delete their data directly from Settings → Privacy. See Your Rights (Section 10) for the full list of GDPR rights (Art. 15-21, 77).

1. Introduction

RemoteHunt ("Service", "we", "us") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights.

RemoteHunt is operated by Egor Aizen, an individual based in Israel, who is the data controller responsible for your personal data. You can reach the Operator at privacy@remotehunt.app.

2. Data We Collect

Account Data

  • Email address (required for registration)
  • Hashed password (managed by Supabase Auth)
  • Name (optional, used for cover letter generation)

Profile Data (provided by you)

  • Resume / CV content
  • Job preferences (roles, locations, salary range, skills)
  • Search criteria and filters
  • Cover letter templates and customizations

Application Data

  • Jobs you have viewed, saved, or applied to
  • AI-generated cover letters
  • Job match scores
  • Application history and status

Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and actions taken (analytics)

3. Data We Do NOT Collect

  • Government-issued ID or identity documents
  • Payment card numbers (handled by our payment processor, Creem)
  • Social security numbers or tax identifiers
  • Background check information
  • References or employer feedback

4. How We Use Your Data

  • To provide and maintain the Service
  • To match you with relevant job listings
  • To generate AI-powered cover letters and recommendations
  • To process subscriptions (via Creem, our payment processor)
  • To send transactional and lifecycle emails (account, subscription, job-match digests) via Resend
  • To improve the Service through aggregated, anonymized analytics
  • To prevent fraud and enforce our Terms

5. AI Processing

Your profile data, resume content, and preferences are processed by AI models to:

  • Score job relevance
  • Generate personalized cover letters
  • Suggest search improvements

AI processing occurs on our servers. Your resume text, job descriptions, and profile data are routed through OpenRouter (an AI inference gateway) to Google Gemini models for scoring and text generation. We do not include your name, email, or identifying information in AI API calls unless necessary for cover letter personalization. AI providers may change as the Service evolves; material changes will be disclosed.

6. Data Sharing

We share data only with:

  • Creem — payment processing as our Merchant of Record (email, subscription data)
  • Supabase — database and authentication hosting
  • Vercel — frontend hosting (technical data only)
  • Railway — backend hosting (technical data only)
  • OpenRouter + Google Gemini — AI inference for scoring, cover letters, and coach chat
  • Resend — delivery of transactional and lifecycle emails (email address, message content)
  • PostHog, Google Analytics, and Microsoft Clarity — product analytics and session replay (anonymized/masked) to improve the Service

We do NOT:

  • Sell, rent, or trade your personal data to third parties
  • Share your resume or profile with employers without your explicit action
  • Provide your data to recruiters or staffing agencies
  • Use your data for advertising or marketing by third parties

7. Job Application Data Flow

When you apply to a job through RemoteHunt:

  • Your application data (cover letter, etc.) is submitted to the employer's application system
  • Once submitted, that data is governed by the employer's privacy policy
  • We retain a record of your application for your tracking purposes

8. Data Security

We implement reasonable security measures:

  • All data transmitted over HTTPS/TLS
  • Database access restricted through Row Level Security (RLS)
  • Passwords hashed via Supabase Auth (bcrypt)
  • API authentication via JWT tokens
  • Resume and profile data encrypted at rest

However, no system is 100% secure. You use the Service at your own risk.

9. Data Retention

  • Account and profile data: retained while your account is active, deleted within 30 days of account deletion request
  • Application history: retained while account is active
  • AI-generated content: retained while account is active
  • Technical logs: retained for up to 90 days
  • Aggregated anonymized data: may be retained indefinitely

10. Your Rights (GDPR / EU)

If you reside in the EU/EEA, the General Data Protection Regulation (GDPR) grants you the following rights. You can exercise most of them directly from your account in Settings → Privacy:

  • Right to access (Art. 15)— download a JSON bundle of every record we hold for you via GET /api/account/export (the “Download my data” button in Settings).
  • Right to rectification (Art. 16)— correct inaccurate profile data through the Settings and Profile screens.
  • Right to erasure (Art. 17)— permanently delete your account and all associated data via DELETE /api/account (the “Delete my account” button in Settings). The deletion cascades through profile, applications, scores and usage history, and removes your auth identity.
  • Right to restrict / object (Art. 18, 21)— opt out of non-essential email and pause AI processing of your data (this may limit Service functionality).
  • Right to data portability (Art. 20)— the same JSON export above is provided in a structured, machine-readable format suitable for transfer to another controller.
  • Right to lodge a complaint (Art. 77)— with your local supervisory authority if you believe your rights have been violated.

For questions, deletion of an account you no longer have access to, or to escalate any GDPR matter, contact our privacy contact at dpo@remotehunt.app (or privacy@remotehunt.app). We respond within 30 days.

11. Cookies & Analytics

We use essential cookies for authentication and session management (Supabase). With your consent, we also use PostHog, Google Analytics, and Microsoft Clarity for product analytics — pageviews, feature usage, and session replay (with sensitive fields masked) — used only to improve the Service. These tools load only after you accept analytics cookies in our consent banner. We do not run advertising cookies or retargeting pixels, and we do not sell your data to advertisers.

12. Children

The Service is not intended for anyone under 18. We do not knowingly collect data from minors.

13. International Data Transfers

Your data may be processed in the EU, the US, and other countries where our service providers operate. Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or a provider's adequacy mechanism, in addition to your consent.

14. Changes to Privacy Policy

We may update this policy at any time. Material changes will be communicated via email. Continued use constitutes acceptance.

14a. Extension data collection

The RemoteHunt browser extension is in development and not yet released. When it launches, it will activate only on sites you grant permission to. For each activated site, it will collect:

  • The hostname (e.g. "glassdoor.com") of the page you score, so we can track which sites our users use most and prioritize first-class support.
  • The job title, company, location, and salary you trigger scoring on. These are sent to our servers when the badge appears or when you click "Score this page".

We do NOT collect:

  • Full URLs of pages you visit.
  • The contents of pages you view but don't trigger scoring on.
  • Any personally identifiable information from the pages.

You can revoke per-site permission at any time via chrome://extensions → RemoteHunt → Site access.

15. Contact

For privacy inquiries: privacy@remotehunt.app (or contact@remotehunt.app).