Privacy Policy

1. Who we are

Swoopd(“Swoopd,” “we,” “us,” or “our”) operates a web application that helps users discover and track job opportunities. This Privacy Policy explains what information we collect when you use swoopd.ai and our related services (the “Service”), how we use it, who we share it with, and the choices you have.

If you have questions, contact us at hello@swoopd.ai.

2. Information we collect

We collect the following categories of information:

Information you provide

• Account details: name, email address, and a hashed password (or a passkey credential, if you choose passkey sign-in).
• Social sign-in profile data: if you sign in with LinkedIn or Google, we receive basic profile information (name, email, profile picture) from those providers via OpenID Connect.
• Resume content: the text of any resume you upload, plus your free-text “what I’m looking for” description.
• Search preferences: title keywords, locations, countries, remote preference, seniority filters, and the job sources you opt into.
• Application tracking data: jobs you save to your kanban board, statuses, notes, applied/rejected dates, rejection stages and reasons, and dismissed-job feedback.
• Billing information: when you subscribe to a paid plan, we collect your subscription tier and status. Card details are entered into Stripe’s payment elements and are not stored on our servers — Stripe handles them directly.
• Communications: messages you send us by email and any feedback you submit through the Service.

Information collected automatically

• Usage data: pages viewed, actions taken (e.g. dismissals, status changes), and timestamps, used for product analytics and abuse prevention.
• Device and connection data: IP address, browser type, operating system, and approximate location derived from IP — used for security, rate limiting, and troubleshooting.
• Cookies: a session cookie set by our authentication system to keep you signed in. We do not use third-party advertising or cross-site tracking cookies.
• Email engagement: when our email provider reports that a message we sent was delivered, opened, clicked, bounced, or marked as spam, we record that event so we can improve deliverability and respect unsubscribes.

Information from third parties

• Job postings: we ingest publicly available job postings from sources including LinkedIn, ATS portals (Greenhouse, Lever, Ashby), Remote OK, Remotive, We Work Remotely, The Muse, Hacker News “Who is hiring?”, TheirStack, and various venture-capital portfolio job boards. Postings are matched to your profile but are not personal data about you.

3. How we use your information

We use the information we collect to:

• Operate, maintain, and secure the Service.
• Build an AI-generated preference profile from your resume and stated preferences, and use that profile to score new job postings against your interests.
• Personalise your dashboard, deliver matched job recommendations, and surface kanban-tracking insights.
• Process subscription payments through our payment processor and manage your billing.
• Send transactional emails (sign-in links, password resets, email verification, billing confirmations, your daily summary digest, and account-related announcements).
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our Terms of Service.
• Improve the Service through aggregate, de-identified analytics.

We do not sell your personal information, and we do not use your data to train third-party AI models.

4. AI processing

Swoopduses Anthropic’s Claude API to (a) parse the text of resumes you upload, (b) build a written preference profile from your resume and stated preferences, (c) score each new job posting against that profile and produce a short explanation of the match, and (d) power our Application Assistant — structuring your resume into editable sections and drafting tailored cover letters and application answers. Inputs sent to Anthropic include your resume text, your “what I’m looking for” statement, the title and description of each posting being scored, and — when you use the Application Assistant — your preference-questionnaire answers and any job description and application questions you paste in.

Anthropic processes this content as our service provider under their API terms, which prohibit using customer inputs and outputs to train their generative models. Claude API calls are stateless — Anthropic does not retain inputs as part of an ongoing user profile.

Swoopdalso uses OpenAI’s embeddings API to turn job listings and your search preferences (your “what I’m looking for” statement and target-role keywords) into numerical vectors that power semantic job search — finding roles that match the meaning of what you want, not just exact keywords. OpenAI processes this content as our service provider under their API terms and does not use it to train their models.

5. How we share information

We share personal information only with the categories of recipients listed below.

Service providers (subprocessors)

We use the following third-party providers to operate the Service. Each is bound by contractual confidentiality and data- protection obligations and processes data only on our instructions.

• Vercel — application hosting and edge delivery (United States).
• Supabase — managed PostgreSQL database hosting (United States).
• Stripe — subscription billing and payment processing (United States).
• Resend — transactional email delivery and delivery-event reporting (United States).
• Anthropic — large-language-model processing for resume parsing and job matching (United States).
• OpenAI — text-embedding generation over job listings and your search preferences to power semantic job search (United States).
• Google — basic profile information through OpenID Connect (United States) — only if you choose to sign in with Google.
• LinkedIn — basic profile information through OpenID Connect (United States) — only if you choose to sign in with LinkedIn.
• Job-listing providers — we make outbound requests to public job-listing APIs (Fantastic.jobs, TheirStack, The Muse, Remote OK, Remotive, We Work Remotely, Hacker News, Greenhouse public boards, Lever public boards, Ashby public boards, Gem public boards, Workday public boards, BambooHR public boards, Rippling public boards, Workable public boards, Recruitee public boards, SmartRecruiters public boards, Deel public boards, Jobvite public boards, DEJOBS / DirectEmployers public boards, Amazon Jobs (amazon.jobs), Consider.com VC portfolio job boards, Getro VC portfolio job boards) to retrieve postings. We do not send your personal data to those providers; we only send query parameters describing the postings you want to see.

Public board sharing (optional)

If you turn on public-board sharing in your profile settings, a read-only view of your kanban board becomes accessible at a URL we generate for you. This view exposes the postings you have saved (titles, organisations, statuses, locations, your notes) to anyone with the link. You can turn sharing off at any time, after which the public URL stops returning data.

Legal and safety

We may disclose information when we believe in good faith that it is necessary to comply with a valid legal request, enforce our terms, protect the rights, property, or safety ofSwoopd, our users, or the public, or detect or prevent fraud or security incidents.

Business transfers

If Swoopd is involved in a merger, acquisition, financing, reorganisation, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections.

6. Data retention

We retain personal information for as long as your account is active. When you delete your account, we delete the records associated with it (resume content, kanban entries, search preferences, dismissed-job history, score history, billing records). Limited operational logs and email-delivery records may persist for a short period for security and auditing purposes.

Aggregated or de-identified data that no longer identifies you may be retained indefinitely.

7. Your rights and choices

Depending on where you live, you may have the following rights in relation to your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: ask us to correct inaccurate or incomplete information. Many fields are editable directly in your profile.
• Deletion: ask us to delete your account and associated data — you can also delete your account yourself from the profile page.
• Portability: request a machine-readable copy of the data you provided to us.
• Objection or restriction: object to or restrict certain processing of your data.
• Withdraw consent: where processing is based on consent, you can withdraw it at any time.
• Unsubscribe: turn off the daily summary email from your profile, or use the unsubscribe link in any marketing email. Transactional emails (sign-in links, password resets, billing receipts) cannot be turned off while you have an account.
• Lodge a complaint: residents of the EEA, UK, or Switzerland may complain to their local data-protection authority.

To exercise any of these rights, email hello@swoopd.ai from the address associated with your account.

California residents: under the CCPA/CPRA, you may request access to and deletion of your personal information, opt out of any sale or sharing of personal information (we do not sell or share for cross-context behavioural advertising), and not be discriminated against for exercising these rights.

8. International data transfers

Swoopd is operated from the United States, and our subprocessors are primarily located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have data-protection laws that differ from those in your country. Where required, we rely on appropriate safeguards (such as the EU Standard Contractual Clauses) for cross-border transfers.

9. Security

We use industry-standard administrative, technical, and physical safeguards to protect your information, including TLS-encrypted connections, hashed passwords, scoped database credentials, and server-side access controls. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security.

10. Children

Swoopd is not directed to children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, for material changes, notify you by email or through the Service. Continued use of the Service after the changes take effect constitutes your acceptance of the revised policy.

12. Contact us

Questions, requests, or complaints about this policy can be sent to hello@swoopd.ai.