Privacy Policy Last updated: January 15, 2025 At MatchATS, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect information when you use our AI-powered resume matching and analysis platform. 1. INFORMATION WE COLLECT We collect two distinct categories of information: A. USER INFORMATION (Your Information) When you create an account and use our Services, we collect: • Account information: Name, email address, password (encrypted) • Profile information: Company name, job title (if provided) • Billing information: Payment method details (processed by our payment provider) • Usage information: Features used, analyses run, subscription tier, usage limits • Technical information: IP address, browser type, device information, access times • Communication data: Support requests, feedback, correspondence with us B. CANDIDATE INFORMATION (Third-Party Resume Data) When you upload resumes and job descriptions for analysis, we collect and process: • Candidate names and contact information (emails, phone numbers, locations) • Professional information: Work experience, job titles, employers, dates of employment • Educational background: Degrees, institutions, graduation dates, certifications • Skills and qualifications: Technical skills, languages, competencies • Resume content: Summaries, achievements, project descriptions • Job descriptions: Role requirements, responsibilities, qualifications, company information IMPORTANT: Candidates whose resumes you upload are not direct users of our Services. You are responsible for ensuring you have the legal right to process and share this information with us (see our Terms of Service, Section 8.5). 2. HOW WE USE YOUR INFORMATION A. USER INFORMATION We use your account and usage information to: • Provide, maintain, and improve our Services • Authenticate your account and manage access • Process subscription payments and billing • Communicate with you about your account, updates, and support • Analyze usage patterns to improve our platform (using aggregated, anonymized data) • Comply with legal obligations and enforce our Terms of Service • Send marketing communications (with your consent; you may opt out anytime) B. CANDIDATE INFORMATION We process candidate resume data solely to provide our Services to you: • Analyze resumes using AI to extract structured information • Generate compatibility scores against job descriptions • Identify skills matches and gaps • Create custom interview questions • Rank candidates for bulk analysis • Display analysis results in your dashboard • Store analysis history for your future reference We do NOT: • Use identifiable candidate data to train or improve our AI models • Share candidate data with third parties for marketing purposes • Sell or rent candidate information • Use candidate data for any purpose other than providing Services to you We may use fully anonymized and aggregated data (that cannot identify any individual) for improving our AI models and Services. 3. LEGAL BASIS FOR PROCESSING (GDPR) For users and candidates in the European Economic Area (EEA), UK, or Switzerland: • User Information: Processed based on our contract with you (to provide Services) and our legitimate interests (to improve Services and communicate with you) • Candidate Information: We process as a Data Processor on your behalf. You are the Data Controller and must have a lawful basis (such as legitimate interest, consent, or contract with the candidate) 4. INFORMATION SHARING AND DISCLOSURE We do not sell, rent, or share your personal information or candidate data with third parties for their marketing purposes. We share information only in these limited circumstances: A. SERVICE PROVIDERS (SUB-PROCESSORS) We use trusted third-party service providers to help deliver our Services: • Anthropic - AI analysis and natural language processing for resume analysis • Neon (PostgreSQL) - Secure database hosting and data storage • Clerk - User authentication and account management • Payment Processors - Billing and subscription management (Stripe/Clerk) These providers are contractually obligated to protect your data and use it only to provide services to us. They cannot use your data for their own purposes. B. LEGAL REQUIREMENTS We may disclose information if required by law, court order, subpoena, or government request, or if necessary to: • Comply with legal obligations • Protect our rights, property, or safety • Prevent fraud or security issues • Enforce our Terms of Service C. BUSINESS TRANSFERS If MatchATS is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy. D. WITH YOUR CONSENT We may share information with third parties when you explicitly consent or direct us to do so. 5. DATA SECURITY We implement industry-standard security measures to protect your information: • Encryption in transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption • Encryption at rest: Data stored in our databases is encrypted • Access controls: Strict authentication and authorization controls limit access to data • Secure infrastructure: Our Sub-Processors (Neon, Clerk, Anthropic) maintain SOC 2 and ISO 27001 compliance • Regular security monitoring: Automated monitoring and logging to detect potential security issues • Security updates: Regular software updates and security patches However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. 6. DATA RETENTION AND DELETION A. USER INFORMATION • Account data: Retained as long as your account is active • Billing records: Retained for 7 years for tax and accounting purposes • Usage logs: Retained for 90 days for security and troubleshooting • When you delete your account: All personal data is permanently deleted within 30 days (except billing records required by law) B. CANDIDATE INFORMATION • Individual analyses: Stored until you delete the analysis from your dashboard • Bulk rankings: Stored until you delete the ranking from your dashboard • You may delete analyses or rankings anytime through your account • When you delete your account: All associated candidate data is permanently deleted within 30 days • Deleted data is not recoverable and is permanently removed from our systems and Sub-Processor systems C. AUTOMATED DELETION We do not currently implement automated deletion of old analyses, but you have full control to delete any analysis or ranking at any time. 7. YOUR RIGHTS AND CHOICES You have the following rights regarding your information: A. ACCESS AND PORTABILITY • View all your account information through your dashboard • Request a copy of your data in a portable format • Request a copy of analyses and candidate data you've uploaded B. CORRECTION • Update your account information anytime through your dashboard • Contact us to correct any inaccurate information C. DELETION • Delete individual analyses or rankings anytime from your dashboard • Delete your entire account and all associated data through account settings • Request deletion of specific data by contacting us D. WITHDRAWAL OF CONSENT • Opt out of marketing communications via unsubscribe links or account settings • Withdraw consent for optional data processing E. RESTRICTION AND OBJECTION • Object to processing based on legitimate interests • Request restriction of processing in certain circumstances F. DATA PROTECTION AUTHORITY • If you're in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority To exercise any of these rights, contact us at: https://matcha-ats.com/contact or through your account dashboard. 8. CANDIDATE RIGHTS (FOR NON-USERS) If you are a job candidate whose resume was analyzed through our Services, you have rights under data protection laws even though you are not a direct user: • Access: Request to know what information about you is being processed • Correction: Request correction of inaccurate information • Deletion: Request deletion of your information • Objection: Object to processing of your information To exercise these rights: 1. Contact the company or recruiter who uploaded your resume (they are the Data Controller) 2. If you cannot reach them or need assistance, contact us at: https://matcha-ats.com/contact We will assist you in exercising your rights and may redirect you to the appropriate Data Controller. 9. COOKIES AND TRACKING TECHNOLOGIES We use cookies and similar technologies to: A. ESSENTIAL COOKIES (REQUIRED) • Authentication: Keep you logged in securely • Session management: Remember your preferences during your session • Security: Prevent fraud and protect your account B. ANALYTICS COOKIES (OPTIONAL) • Usage analytics: Understand how users interact with our Services (via Axiom or similar) • Performance monitoring: Identify and fix technical issues C. MANAGING COOKIES • You can control cookies through your browser settings • Disabling essential cookies may prevent you from using certain features • We do not use third-party advertising cookies or tracking 10. INTERNATIONAL DATA TRANSFERS Our Services are operated from the United States. If you access our Services from outside the U.S., your information will be transferred to, stored, and processed in the United States and other countries where our Sub-Processors operate. We ensure appropriate safeguards are in place for international transfers: • Our Sub-Processors (Anthropic, Neon, Clerk) comply with GDPR and provide Standard Contractual Clauses • We implement technical and organizational measures to protect transferred data 11. CHILDREN'S PRIVACY Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will delete it. 12. DO NOT TRACK SIGNALS Some browsers support "Do Not Track" (DNT) signals. Our Services do not currently respond to DNT signals, but we do not track users across third-party websites. 13. CALIFORNIA PRIVACY RIGHTS (CCPA) If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): • Right to know what personal information we collect, use, and share • Right to delete personal information (with certain exceptions) • Right to opt out of "sale" of personal information (note: we do not sell personal information) • Right to non-discrimination for exercising your privacy rights To exercise these rights, contact us at: https://matcha-ats.com/contact 14. CHANGES TO THIS PRIVACY POLICY We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. • Material changes: We will notify you via email or prominent notice in our Services at least 30 days before changes take effect • Non-material changes: Posted with updated "Last updated" date • Continued use after changes: Constitutes acceptance of the updated policy • You may review the current version anytime at: https://matcha-ats.com/privacy 15. CONTACT US For privacy-related questions, concerns, or to exercise your rights: • Website: https://matcha-ats.com/contact • Account Dashboard: Use the support feature in your account settings • Data Protection Questions: privacy@matcha-ats.com (if you set this up) For candidates whose resumes were uploaded: If you cannot reach the company or recruiter who uploaded your resume, contact us and we will assist you. Response Time: We aim to respond to all privacy requests within 30 days. --- This Privacy Policy was last updated on January 15, 2025. We are committed to protecting your privacy and handling your data responsibly.