Privacy Policy

Last updated: May 16, 2026

This Privacy Policy explains how RoleSense ("RoleSense", "we", "us") collects, uses, and protects information when you use role-sense.com (the "Service"). It also describes the rights you have over your personal data under the EU General Data Protection Regulation (GDPR) and the Brazilian Lei Geral de Proteção de Dados (LGPD).

RoleSense is operated as a personal project. You can reach us at [email protected] for any privacy-related question or request.

1. Information we collect

We only collect what we need to operate the Service:

  • Account information. Your email address and the verification codes used to confirm it. If you sign in with LinkedIn, we receive your name, email, and basic public profile fields that LinkedIn returns under the openid profile email scopes.
  • Preference signals. The answers you give during the onboarding conversation, used to extract the work-style, culture, and motivation signals we match against jobs.
  • Resumes / CVs. If you upload a resume for fit analysis, we store its contents so we can compare it against the role(s) you choose.
  • Service activity. Saved searches, intents, jobs you interact with, country/skill filters, and similar preferences needed to deliver matches and alerts.
  • Technical data. Standard server logs produced by our hosting provider (IP address, user-agent, timestamps) used for security, debugging, and abuse prevention.

We use Google Ads conversion trackingto measure how effective our advertising is — specifically, to learn when a visit that began with one of our ads results in a sign-up. This is provided by Google's tag (gtag.js), which sets Google advertising cookies (such as _gcl_*) and may read the gclid click identifier from ad-landing URLs. Aside from this, we do not use general third-party analytics. We also use localStorage to hold your access token and a few UI preferences (such as your selected country), and sessionStorage for transient OAuth state during sign-in.

2. How we use your information

  • To create and secure your account.
  • To analyze jobs against your preference signals and produce personalized match scores and explanations.
  • To run resume-fit analyses comparing the CV you provide to the job you select.
  • To send transactional emails (verification codes, match alerts you opt in to).
  • To operate, monitor, and improve the Service and prevent abuse.

3. Legal bases (GDPR) and LGPD grounds

Where the GDPR applies, we rely on the following legal bases:

  • Contract (Art. 6(1)(b)): to create your account, run matches, and deliver requested resume analyses.
  • Consent (Art. 6(1)(a)): for optional match-alert emails and for processing resume content you upload.
  • Legitimate interests (Art. 6(1)(f)): to operate, secure, and improve the Service.

Where the LGPD applies, equivalent grounds under Art. 7 are used: execution of a contract (VII), consent (I), and the data controller's legitimate interests (IX).

4. Service providers (sub-processors)

We use a small number of trusted providers to run the Service. Each only processes the data needed for its role:

  • Netlify — hosting and content delivery for the web front-end. Receives standard request metadata (IP, user-agent).
  • OpenAI and Anthropic — large language model providers used to extract preference signals from your onboarding conversation, score jobs, and run resume-fit analysis. Your inputs (preferences, resume text, job descriptions) are sent to these providers for inference. Per their terms, content submitted via their API is not used to train their models.
  • LinkedIn— if you choose to sign in with LinkedIn, LinkedIn authenticates you and returns the profile fields you authorize. LinkedIn's own processing is governed by its privacy policy.
  • Brevo — sends our transactional and match-alert emails. Receives your email address and message contents.
  • Google (Google Ads)— measures conversions from our advertising. When you arrive from a Google ad and later sign up, Google's tag records the conversion and may receive the associated click identifier and standard request metadata. Governed by Google's privacy policy.

We do not sell your personal data. Apart from the Google Ads conversion measurement described above, we do not share your data for third-party advertising.

5. International data transfers

Several of the providers listed above are based in the United States or process data across multiple regions. Where personal data of EU or Brazilian users is transferred outside their region, we rely on the safeguards offered by those providers (such as Standard Contractual Clauses or equivalent frameworks).

6. Data retention

  • Account data is kept while your account is active.
  • Resumes you upload are kept until you delete them or your account is closed.
  • Server logs are retained for a short period for security and debugging, then discarded by our infrastructure provider.
  • When you delete your account, we delete or anonymize your personal data within 30 days, except where we are legally required to retain it.

7. Your rights

Under the GDPR (EU/UK) and the LGPD (Brazil), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data (right to erasure / right to deletion), subject to legal exceptions.
  • Receive a copy of your data in a portable format.
  • Restrict or object to certain processing.
  • Withdraw consent at any time, without affecting prior processing.
  • Lodge a complaint with your supervisory authority (in the EU) or with the ANPD in Brazil.

To exercise any of these rights, email [email protected]. We may ask for information to verify your identity before responding.

8. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS), short-lived access tokens, scoped database access, and least- privilege controls on third-party integrations. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

9. Children

The Service is intended for adults using it for professional purposes. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, notify you by email or through the Service before the change takes effect.

11. Contact

Questions or requests related to this Privacy Policy can be sent to [email protected].