Privacy Policy

Table of Contents

1. Introduction
2. Scope
3. Information We Collect
4. How We Use Your Information
5. AI Systems and Your Data
6. How We Share Your Information
7. Cookies and Tracking Technologies
8. Recruiter Referrals and Employer Sharing
9. Smart Apply Data Handling
10. Payments and Financial Data
11. Communications and Marketing
12. Data Retention
13. Security
14. International Data Transfers
15. Your Privacy Rights
16. California Privacy Rights (CCPA/CPRA)
17. European and UK Privacy Rights (GDPR / UK GDPR)
18. Children and Minors
19. Third-Party Services
20. Corporate Transactions
21. Changes to This Policy
22. Contact Us

1. Introduction

TheSHFTApp LLC ("TheSHFTApp," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, store, and protect information about you when you access or use the Platform and Services, including through the TheSHFTApp website, mobile applications, Browser Extensions, APIs, and all associated features.

Please read this Policy carefully. By using the Services, you agree to the practices described herein. If you do not agree, do not use the Services.

This Policy is part of and should be read alongside our Terms of Use, Cookie Policy, and Data Retention and Deletion Policy.

2. Scope

This Policy applies to all Users of the Platform, including job seekers, Workers, SHFTRs, Candidates, Recruiters, Employers, Enterprise Customers, developers, and visitors. It applies to information collected through all channels, including the website, mobile apps, Browser Extensions, APIs, and any integrated Third-Party Services operated by or on behalf of TheSHFTApp.

3. Information We Collect

3.1 Information You Provide Directly

(a) Account Information: When you create an Account, we collect your name, email address, password (hashed), and other registration details.

(b) Profile and Professional Information: We collect your Professional Information, including work history, education, skills, certifications, job preferences, desired salary, location preferences, career goals, and other career-related information you voluntarily provide.

(c) Resume Data: When you upload a Resume, we collect and process the full text, parsed structured data, and any enriched or AI-enhanced versions of that Resume.

(d) Worker Discovery Responses: We collect your responses to Worker Discovery questionnaires, assessments, and career-mapping exercises.

(e) Career Intelligence Profile: We collect data associated with your Career Intelligence Profile, including AI-generated career insights, skill assessments, and preference data.

(f) AI Inputs and Outputs: We collect AI Inputs you submit (such as prompts, resume text, job descriptions, and questions) and AI Outputs generated in response.

(g) Answer Vault: We collect saved application answers, interview preparation responses, and related materials you store in your Answer Vault.

(h) Application Tracker Data: We collect job application data, status updates, and notes you record in the Application Tracker.

(i) Smart Apply Data: We collect information related to Smart Apply authorizations, submitted applications, and employer or job board interactions.

(j) Communications: We collect messages, inquiries, and other communications you send to us through support channels, feedback forms, or in-app messaging.

(k) Payment Information: We collect billing name, billing address, and payment method details through our third-party payment processors. We do not store full payment card numbers.

(l) Identity Verification: Where applicable, we may collect identity verification data as required for certain Services.

3.2 Information Collected Automatically

(a) Device Information: We automatically collect Device Information including IP address, browser type and version, operating system, device type and identifiers, referring URLs, and screen resolution.

(b) Usage Data: We collect information about your interactions with the Platform, including pages viewed, features used, clicks, session duration, search queries, navigation paths, and error reports.

(c) Cookies and Tracking Data: We collect data through Cookies and similar tracking technologies as described in our Cookie Policy.

(d) Location Data: We may collect approximate geographic location based on IP address or, with your permission, precise GPS location from mobile applications.

3.3 Information from Third Parties

(a) Authentication Providers: If you sign in using Google or another third-party authentication provider, we receive information from that provider as authorized by you, which may include your name, email address, and profile photo.

(b) Job Boards and Employer Sites: When you use Smart Apply or connected integrations, we may receive confirmation data, application status updates, or feedback from third-party job boards and employer systems.

(c) Recruiters and Employers: Recruiters and Employers may provide information about their interactions with you through the Platform.

(d) Partners: We may receive information from Partners and affiliated services that help us enhance your experience or provide the Services.

4. How We Use Your Information

We use your information for the following purposes:

(a) Providing the Services: To operate, deliver, personalize, and improve the Platform and all Services, including AI-powered features.

(b) Account Management: To create and manage your Account, authenticate your identity, and communicate with you about your Account.

(c) AI Feature Delivery: To process AI Inputs, generate AI Outputs, operate AI Systems, and deliver AI-powered career tools.

(d) Career Intelligence: To generate and maintain your Career Intelligence Profile, Career Roadmap, and personalized recommendations.

(e) Smart Apply: To assist with automated job application preparation and submission where you have provided authorization.

(f) Recruiter Referrals: To present your candidacy to Recruiters, Employers, and Partners where you have provided consent.

(g) Employer and Recruiter Services: To provide matching, sourcing, and candidate discovery features to Employers and Recruiters with appropriate user permissions.

(h) Communications: To send transactional emails, account notifications, product updates, and, with your consent, marketing communications.

(i) Safety and Security: To detect, investigate, and prevent fraud, abuse, unauthorized access, and Security Incidents.

(j) Legal Compliance: To comply with applicable laws, regulations, legal process, and government requests.

(k) Analytics and Product Development: To analyze usage patterns, conduct research, test new features, and improve the Platform.

(l) Aggregated Insights: To generate De-identified Data and aggregate analytics for internal research, benchmarking, product improvement, and industry reporting.

(m) Corporate Transactions: In connection with mergers, acquisitions, financing, or other corporate transactions as described in Section 20.

5. AI Systems and Your Data

5.1 AI Processing. Your AI Inputs, Resume Data, Professional Information, and related User Data are processed by AI Systems to generate AI Outputs and deliver AI-powered features. This processing is core to the Services you have requested.

5.2 Prompt Storage. We may store AI Inputs and associated conversation history to deliver the Services, maintain session continuity, and enable features such as the Answer Vault. Storage durations are described in the Data Retention and Deletion Policy.

5.3 Model Improvement. We may use De-identified, aggregated Data derived from AI interactions to evaluate, fine-tune, benchmark, and improve our AI Systems, subject to appropriate privacy safeguards. We will not use your individually identifiable AI Inputs to train generalized third-party models without your consent.

5.4 Embeddings and Vector Systems. We may create embeddings, vector representations, or similar processed forms of your data to enable semantic search, personalization, and AI retrieval systems. These representations are maintained within our secured infrastructure.

5.5 Third-Party AI Providers. AI Inputs may be transmitted to third-party AI model providers to generate responses. We contractually require such providers to maintain appropriate security and data use restrictions. Their processing is governed by our agreements with them and, where applicable, our Data Processing Addendum.

5.6 Human Review. We may conduct human review of AI interactions for quality assurance, safety review, or improvement purposes, subject to appropriate confidentiality safeguards.

6. How We Share Your Information

We share your information only as described in this Policy. We do not sell your Personal Information to third parties.

6.1 Service Providers. We share information with service providers who process data on our behalf, including cloud infrastructure, AI model providers, payment processors, analytics providers, email delivery services, and customer support tools. Service providers are contractually restricted to processing data only for authorized purposes.

6.2 Recruiters and Employers. With your express consent through the Recruiter Referral Consent, we may share your Professional Information, Resume Data, and Applicant Data with Recruiters, Employers, and staffing partners.

6.3 Business Customers. Employers, Recruiters, and Enterprise Customers may access User Data associated with their accounts, job postings, or authorized workflows, within the scope of their agreements.

6.4 Partners. We may share information with Partners as part of integrations or co-branded services, subject to your consent and applicable agreements.

6.5 Legal Requirements. We may disclose information when required by law, court order, legal process, or government request, or when we believe disclosure is necessary to protect our rights, prevent harm, or respond to emergency situations.

6.6 Corporate Transactions. See Section 20.

6.7 Aggregated Data. We may share De-identified, aggregated data with research institutions, industry partners, and the public for benchmarking, workforce trends reporting, or product research purposes.

6.8 With Your Consent. We may share information for other purposes with your express consent.

7. Cookies and Tracking Technologies

We use Cookies and similar tracking technologies to operate the Platform, analyze usage, personalize content, and support advertising and marketing. See our Cookie Policy for full details, including how to manage your preferences.

8. Recruiter Referrals and Employer Sharing

When you authorize a Recruiter Referral, your Professional Information, Resume Data, Career Intelligence Profile, and Applicant Data may be shared with the identified Recruiter, Employer, or staffing partner. This sharing is governed by your consent and by our Recruiter Referral Consent. We may receive compensation in connection with referrals as disclosed in that document. Your data shared with third-party Recruiters and Employers is subject to their independent privacy practices.

9. Smart Apply Data Handling

When you use Smart Apply, we process your Resume Data, application answers, AI Inputs, and job description data to prepare and submit applications on your behalf. Application materials submitted to third-party job boards or employer systems are governed by those parties' privacy practices once transmitted. We retain records of Smart Apply actions as described in the Data Retention and Deletion Policy.

10. Payments and Financial Data

Payment processing is handled by Square (Block Inc.). We receive confirmation of payment status and billing information necessary for account management. We do not store full credit card or bank account numbers on our systems. Your financial data is governed by Square's privacy policy.

11. Communications and Marketing

11.1 Transactional Communications. We send account-related emails, security alerts, receipts, and other service communications that are essential to your use of the Platform. These are sent regardless of marketing preferences.

11.2 Marketing Communications. With your consent where required by law, we may send promotional emails, newsletters, product updates, and career-related communications. You may opt out of marketing communications at any time using the unsubscribe link in the communication or through your Account settings.

11.3 Push Notifications. Mobile applications may send push notifications with your device-level permission, which you can revoke at any time through your device settings.

12. Data Retention

We retain your Personal Information for as long as your Account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. See the Data Retention and Deletion Policy for specific retention periods by data category. Upon account deletion, we will delete or anonymize your Personal Information within the timeframes described in that policy, subject to legally required retention obligations.

13. Security

We implement reasonable technical, administrative, and physical safeguards designed to protect your information from unauthorized access, loss, misuse, and alteration. See the Security Overview for details. No data transmission or storage system can be guaranteed 100% secure. In the event of a Security Incident affecting your information, we will notify you as required by applicable law.

14. International Data Transfers

TheSHFTApp is based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers operate. We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) where required by GDPR or UK GDPR. See the Data Processing Addendum for additional transfer mechanisms applicable to Business Customers.

15. Your Privacy Rights

Depending on your location, you may have the right to:

• Access your Personal Information;
• Correct inaccurate data;
• Request deletion of your data;
• Object to or restrict certain processing;
• Data portability;
• Withdraw consent where processing is consent-based;
• Opt out of certain data sales or sharing (we do not sell personal data);
• Lodge a complaint with a supervisory authority.

To exercise your rights, contact privacy@theshftapp.com. We will respond within the timeframes required by applicable law. We may need to verify your identity before processing your request.

16. California Privacy Rights (CCPA/CPRA)

16.1 California Residents. If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

(a) Right to Know: You may request disclosure of the categories and specific pieces of Personal Information we have collected about you, the sources, business purposes, and categories of third parties to whom it has been disclosed.

(b) Right to Delete: You may request deletion of your Personal Information, subject to certain exceptions.

(c) Right to Correct: You may request correction of inaccurate Personal Information.

(d) Right to Opt Out of Sale/Sharing: We do not sell Personal Information. We do not share Personal Information for cross-context behavioral advertising without consent.

(e) Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive Personal Information to the purposes permitted by law.

(f) Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

(g) How to Submit a Request: Submit requests to privacy@theshftapp.com or as directed on the Platform. We will respond within 45 days (with one 45-day extension if needed).

16.2 Shine the Light. California residents may also request information about disclosures to third parties for direct marketing purposes under California Civil Code § 1798.83.

17. European and UK Privacy Rights (GDPR / UK GDPR)

17.1 Applicability. This section applies to individuals located in the European Economic Area (EEA), United Kingdom, or Switzerland.

17.2 Legal Basis for Processing. We process your Personal Information based on:

• Contract performance: To deliver Services you have requested;
• Legitimate interests: For security, fraud prevention, product improvement, and analytics, balanced against your rights;
• Legal obligation: To comply with applicable laws;
• Consent: For marketing communications and certain optional features.

17.3 Data Controller. TheSHFTApp LLC is the data controller for Personal Information processed in connection with the Services.

17.4 Your GDPR Rights. You have the rights listed in Section 15, plus the right to object to automated decision-making. To exercise these rights, contact privacy@theshftapp.com.

17.5 Supervisory Authority. You have the right to lodge a complaint with your local data protection authority. For EEA residents, relevant authorities are listed at the European Data Protection Board website. For UK residents, the Information Commissioner's Office (ICO) is the relevant authority.

17.6 Data Transfers. International transfers of personal data from the EEA or UK are conducted using appropriate safeguards including SCCs or the UK International Data Transfer Agreement (IDTA).

18. Children and Minors

The Services are not directed to individuals under 18. We do not knowingly collect Personal Information from individuals under 18 without verifiable parental consent. If we learn that we have collected Personal Information from a child under 13 without appropriate consent, we will delete that information promptly. See our Children and Minors Policy. Contact privacy@theshftapp.com to report potential children's privacy concerns.

19. Third-Party Services

The Platform integrates with and links to Third-Party Services. This Policy does not apply to Third-Party Services. We encourage you to review the privacy policies of any Third-Party Services you access through the Platform.

20. Corporate Transactions

In the event of a merger, acquisition, financing, asset sale, bankruptcy, dissolution, or other corporate transaction, your information may be transferred to the acquiring entity or successor as part of the transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy, where required by law. Your continued use of the Services after such a transaction constitutes your acceptance of the new privacy practices, provided they are materially consistent with this Policy.

21. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified via email, in-app notification, or prominent posting at least thirty (30) days before taking effect. Your continued use of the Services after the effective date of a change constitutes acceptance of the updated Policy.

22. Contact Us

For privacy inquiries, data subject requests, or concerns:

Privacy Team TheSHFTApp LLC 13365 Arbor Pointe Circle, Apt 201 Tampa, FL 33617 Email: privacy@theshftapp.com General: legal@theshftapp.com

Response time: We aim to respond to all privacy requests within 30 days (or as required by applicable law).