Beta Notice

The Service is in beta and may change rapidly. We will update this Policy as we introduce new features (e.g., analytics) or new providers. We do not sell personal data or use cross‑site behavioral ads.

Overview

This Privacy Policy explains how HireMeh (the “Service”) collects, uses, and protects your information. By using the Service, you agree to this Policy and our Terms of Service.

Information We Collect

• Account data (email and authentication identifiers) via Supabase Auth.
• Profile and resume content you provide (e.g., experience, skills, projects, uploads).
• Application and journal data you enter in product workflows.
• Billing metadata (Stripe customer id, price ids, purchase metadata) necessary to process purchases; we do not store full card details.
• Service usage and technical logs for security and reliability.
• Realtime event diagnostics (e.g., event type, timestamps) for OpenAI Realtime sessions; not raw audio.
• Cookieless page‑level metrics via Vercel Web Analytics. During beta, we may add product analytics (PostHog) and error/performance monitoring (Sentry); we will update this Policy and our sub‑processor list before enabling.

How We Use Information

• Authenticate and manage sessions using Supabase.
• Operate resume tailoring and insights, including AI‑powered features.
• Provide billing, subscriptions, credits, and passes using Stripe.
• Generate signed URLs for media you store (e.g., profile pictures) via Supabase Storage.
• Improve reliability, troubleshoot, and protect against abuse.
• Communicate important notices related to your account or purchases.
• Establish WebRTC sessions to the model provider using ephemeral client secrets for voice interactions.
• Use de‑identified and/or aggregate usage data (e.g., feature usage, performance/error metrics) to operate, analyze, and improve the Service and develop new features; we do not attempt to re‑identify such data.

Data Sharing

We do not sell your personal information. We share limited data with service providers strictly to operate the Service:

• Supabase for authentication, session management, and storage.
• Stripe for payments, subscriptions, credits, and passes.
• LLM providers (including OpenAI Realtime) used to power AI features; relevant prompt text and voice audio may be sent while you use those features.
• WebRTC/STUN infrastructure and optional reCAPTCHA strictly for connection/abuse prevention.
• Vercel Web Analytics for cookieless page metrics; potential future PostHog (product analytics) and Sentry (error/performance). We will update this Policy before enabling new tools.

AI Processing

When you use AI features, we may send relevant text from your resume content and job descriptions to LLM providers to generate suggestions. For Realtime voice, your microphone audio is transmitted via WebRTC directly to the model provider using an ephemeral client secret. We do not record raw microphone audio on our servers. If transcription is enabled, it is performed by the model provider; transcripts are not persisted by us unless you explicitly save generated content (e.g., approving a journal entry). Avoid including sensitive personal data in prompts. AI outputs can contain errors; review before use.

Data Access & Portability

You can export your account data from the Account Management page using the Export button. No manual API calls are required.

Deletion

You can delete your account and associated content from the Account Management page using the Delete Account button. Some records (e.g., minimal billing records, security logs) may be retained as required by law or for fraud prevention.

Data Retention

We retain data for as long as necessary to provide the Service and comply with legal obligations. Storage items (like profile pictures) use signed URLs and can be removed by deleting or replacing the file path.

Your Choices

• Export and delete your data from Account Management using the provided buttons.
• Update your profile and resume content within the application.
• Control cookies and local storage via your browser; disabling may impact functionality. Marketing emails are opt‑in with double confirmation; you can unsubscribe anytime.

Security

We implement administrative and technical safeguards appropriate for the data we process, including authenticated endpoints, signed storage URLs, role‑based access in the backend, Stripe‑hosted checkout and portal, and ephemeral secrets for realtime voice sessions. No method of transmission or storage is 100% secure.

Children

The Service is available to users 16 years and older. To purchase paid plans or enter into a binding contract, you must be 18+ (or the purchase must be made by a parent/guardian or an authorized organization). We do not knowingly collect personal data from children under 16. If we learn an account is under 16, we will disable it and delete related data.

Regional Disclosures

We serve users globally (currently English‑only). If you are in a region with specific privacy rights (e.g., GDPR/EEA, CCPA/CPRA), you may have rights to access, delete, or correct data. Use the export and deletion endpoints or contact us to exercise these rights.

Changes

We may update this Policy from time to time. We will post updates with a new “Last updated” date. Material changes may be communicated through the Service.

Contact

Questions about this Policy or billing disputes? Email support@hiremeh.com. For billing disputes, please contact us within 60 days of the charge/statement date.