Legal
Privacy Policy
Last updated: July 5, 2026
This policy explains what data Climbr collects, why we collect it, and what we do with it. We aim for short and honest — if anything is unclear, email support@climbrhq.com.
1. What We Collect
Account information. Email address, full name (if provided), and authentication identifiers from Google when you sign in with Google.
Profile and preferences. Your selected field, IT specialization, experience level preferences, job type preferences, and email notification preferences.
Resume and career data. The contents of any resume you upload, paste, or build with our guided flow, including work history, education, skills, certifications, and projects.
Application data. Jobs you save, mark as applied, advance through interview stages, or annotate with notes.
Target companies. Companies you choose to track and any career page URLs you add.
Usage data. Basic logs of pages visited, API requests, and error events for debugging and improving the Service. We use product analytics (PostHog, served through our own domain; Vercel) to understand usage, and the Meta Pixel + Conversions API and Google Ads conversion measurement to measure and optimize our advertising — these may share a hashed identifier (such as a hashed email), an ad click identifier, and conversion events (such as signup, starting a checkout, or subscription) with Meta or Google, including from our servers. We never share your resume, application data, or message content for advertising.
Payment data. If you subscribe, Stripe processes your card on our behalf. We never see or store your card number — only a customer ID and subscription status returned by Stripe.
2. Why We Collect It
We use your data to:
- Authenticate you and maintain your account
- Show you job openings relevant to your field and preferences
- Generate AI match scores, tailored resumes, and interview prep specific to your background
- Send you notifications you've opted into (job matches, target company openings)
- Process subscription payments and provide billing receipts
- Detect abuse, fix bugs, and improve the Service
We do not sell your data. The contents of your resume, applications, and messages are never used for advertising. We do use limited site-usage signals (such as which pages you visited and which ad or link brought you here) to measure our own ads and show them to people who visited the site, as described in Section 4.
3. Who Sees Your Data
Your data is shared with the following service providers (called "subprocessors") strictly to make the Service work:
- Supabase — hosts our database and authentication. Your account, resume, and application data live here.
- Vercel — hosts the web application.
- Anthropic (Claude) — processes your resume, job descriptions, and — if you provided them — your self-attested security-clearance details (level, polygraph, status) and citizenship, to generate match scores, tailored resumes, and interview prep responses. We send only the data needed for each request.
- Stripe — processes payments. They receive only what's needed to bill you.
- Resend — delivers email notifications.
- Twilio — delivers SMS notifications (when SMS is enabled).
- RapidAPI / JSearch — provides the job listings shown in your feed. We do not send them anything about you; we only retrieve listings.
- Google — if you sign in with Google, Google sees that you used your account to access Climbr.
We do not share your personal data with anyone else, except when required by law (subpoena, court order) or to protect the rights and safety of users or the public.
4. Cookies and Local Storage
We use cookies set by Supabase to keep you signed in — these are essential for the Service to function.
If you reach us through a Meta (Facebook/Instagram) ad, the Meta Pixel may set cookies (such as _fbp and _fbc) used to measure ad performance and attribute conversions. You can limit this through your browser settings and your Meta ad preferences.
When our Google advertising tag is enabled, Google may set cookies used to measure ad performance and for remarketing. You can limit this through your browser settings and your Google Ads Settings.
We may use your browser's local storage to temporarily hold a resume you built before signing up, similar short-lived signup carry-over (like a plan you picked before creating an account), and a record of which ad or link first brought you to the site (so we know which of our marketing actually works). You can remove this at any time by clearing your browser storage.
5. Your Rights
You can:
- Access your data by viewing it in your account at any time.
- Correct your data by editing it through the relevant page (resume, onboarding, applications, companies).
- Delete your account yourself from Settings → Data & privacy (or by emailing support@climbrhq.com). Deletion is scheduled with a 30-day grace period — sign back in any time during it to cancel — after which your account and personal data are permanently erased. Deleting also cancels any active subscription. A few records are anonymized rather than deleted (see Data Retention below), and we may retain limited records where required by law or to prevent fraud.
- Export your data by emailing support@climbrhq.com with a request. We'll provide it in a machine-readable format within 30 days.
- Opt out of email notifications using the toggle in your dashboard notifications panel.
If you are in the European Union, the UK, or California, you have additional rights under GDPR / UK GDPR / CCPA, including the right to lodge a complaint with your local data protection authority.
6. Data Retention
We keep your data while your account is active. When you delete your account, it enters a 30-day grace period during which you can undo it by signing back in; after that, your personal data is permanently deleted. Some records are anonymized rather than removed — support conversations and ad-conversion logs are kept with your identifying details stripped out — and we retain limited records where required by law or to prevent trial abuse (such as consent logs and payment-method fingerprints). Some anonymized usage data may be retained for analytics. Backup snapshots may persist for up to 90 days before being overwritten.
7. Security
Your data is transmitted over HTTPS. Database rows are protected by row-level security so that only you (and our backend service role used for legitimate operations like sending you a daily digest) can access them. We follow industry-standard practices to protect your data, but no system is perfectly secure. If we ever discover a breach affecting your data, we will notify you within 72 hours of becoming aware.
8. Children
Climbr is not intended for children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us data, email support@climbrhq.com and we will delete it.
9. International Transfers
Climbr is operated from the State of Maryland, United States. If you use the Service from outside the United States, your data will be transferred to and processed in the United States and other countries where our subprocessors operate.
10. Text Messaging (SMS)
If you opt in to receive text messages from Climbr, the following applies to that program:
- What you'll receive: account and job-match notifications (e.g., new jobs matching your profile, openings at companies you track, and application or account updates).
- How you opt in: by entering your mobile number and checking the unchecked-by-default SMS consent box on our text-alerts page or in your account settings. Opting in is optional and is not a condition of signing up for, purchasing, or using Climbr — every feature works without text messages.
- Message frequency varies based on your activity and preferences.
- Message and data rates may apply.
- Opting out: reply STOP to any message to unsubscribe at any time, or HELP for help. Opting out of SMS does not affect your email notifications.
We do not share or sell your mobile number, or your SMS opt-in consent, to any third party or affiliate for their own marketing or promotional purposes. Your mobile number is used only to deliver the Climbr messages you requested, including through our SMS provider (Twilio), which sends them solely on our behalf.
11. Browser Extension
If you install the Climbr browser extension, the following applies in addition to the rest of this policy:
- What it reads. Only on the supported job boards (LinkedIn, Indeed, Greenhouse, Lever, Ashby, Workable, Workday, Glassdoor, ZipRecruiter, USAJOBS, and ClearanceJobs): when you are viewing a job posting, the extension reads the public posting on that page — its title, company, and description — to score it against your résumé. If a board changes its layout so the posting can't be read cleanly, the extension reads the visible text of that posting (capped) so Climbr can pull the title, company, and description out of it. On those boards' application pages it also reads the application form's field labels and types, so it can fill fields with your saved data and flag the ones it isn't sure about. It does not read your other tabs, your general browsing, your email, or any page outside those job boards.
- How it signs you in. The extension uses your existing Climbr login (your session cookie). It does not store a separate password, and it stores no personal data on your device.
- Assisted autofill. When you click Autofill, the extension fills application fields with the data you saved in Settings → Autofill — contact details, links, and, only if you chose to provide them, work authorization, security clearance status, and voluntary self-identification (gender, race/ethnicity, veteran status, disability). It only ever replays exactly what you entered — it never guesses or infers these answers — and it shows you what it filled so you can verify before submitting.
- What it sends us. When you view a supported posting, the posting text is sent to Climbr to generate your match score (processed by Anthropic, as described above); if the posting couldn't be read cleanly, the visible posting text is sent so we can extract it (also processed by Anthropic). We also record de-identified diagnostics — the board's domain and which extraction method worked, with no identifier tying it to you — so we can tell when a board changes its layout and fix it. When you click Save, that posting is added to your feed and tracker. When you click Tailor my résumé, the posting is sent to Climbr to produce a tailored version of your résumé (processed by Anthropic), which is saved to your account. When you click Draft from my résumé on an application question, that question and the posting are sent to Climbr and, together with your résumé, processed by Anthropic to draft an answer that you review and edit before using. When you click Save for reuse on an answer, that question and your answer are stored in your Climbr account so the extension can offer them back to you when the same question appears again. You can view and delete any saved answer at any time in Settings → Autofill.
- What it never does. It never submits an application for you, never fills a field or sends a posting for tailoring or drafting without your action, never fabricates an answer, and never sells or shares your browsing.
12. Changes to This Policy
We may update this policy from time to time. If we make material changes we will notify you via email or in-app notice at least 14 days before they take effect.
13. Contact
For privacy questions or requests, email support@climbrhq.com.
See also our Terms of Service.