Privacy Policy

This policy explains what data Climbr collects, why we collect it, and what we do with it. We aim for short and honest — if anything is unclear, email support@climbrhq.com.

1. What We Collect

Account information. Email address, full name (if provided), and authentication identifiers from Google when you sign in with Google.

Profile and preferences. Your selected field, IT specialization, experience level preferences, job type preferences, and email notification preferences.

Resume and career data. The contents of any resume you upload, paste, or build with our guided flow, including work history, education, skills, certifications, and projects.

Application data. Jobs you save, mark as applied, advance through interview stages, or annotate with notes.

Target companies. Companies you choose to track and any career page URLs you add.

Usage data. Basic logs of pages visited, API requests, and error events for debugging and improving the Service. We do not use third-party analytics or advertising trackers.

Payment data. If you subscribe, Stripe processes your card on our behalf. We never see or store your card number — only a customer ID and subscription status returned by Stripe.

2. Why We Collect It

We use your data to:

• Authenticate you and maintain your account
• Show you job openings relevant to your field and preferences
• Generate AI match scores, tailored resumes, and interview prep specific to your background
• Send you notifications you've opted into (job matches, target company openings)
• Process subscription payments and provide billing receipts
• Detect abuse, fix bugs, and improve the Service

We do not sell your data, and we do not use it for advertising.

3. Who Sees Your Data

Your data is shared with the following service providers (called "subprocessors") strictly to make the Service work:

• Supabase — hosts our database and authentication. Your account, resume, and application data live here.
• Vercel — hosts the web application.
• Anthropic (Claude) — processes your resume and job descriptions to generate match scores, tailored resumes, and interview prep responses. We send only the data needed for each request.
• Stripe — processes payments. They receive only what's needed to bill you.
• Resend — delivers email notifications.
• Twilio — delivers SMS notifications (when SMS is enabled).
• RapidAPI / JSearch — provides the job listings shown in your feed. We do not send them anything about you; we only retrieve listings.
• Google — if you sign in with Google, Google sees that you used your account to access Climbr.

We do not share your personal data with anyone else, except when required by law (subpoena, court order) or to protect the rights and safety of users or the public.

4. Cookies and Local Storage

We use cookies set by Supabase to keep you signed in. These are essential for the Service to function and are not used for tracking across other sites.

We may use your browser's local storage to temporarily hold a resume you built before signing up. That data is removed once you create an account or you clear your browser storage.

5. Your Rights

You can:

• Access your data by viewing it in your account at any time.
• Correct your data by editing it through the relevant page (resume, onboarding, applications, companies).
• Delete your account and associated data by emailing support@climbrhq.com. We will delete or anonymize your data within 30 days of the request, except where retention is required by law.
• Export your data by emailing support@climbrhq.com with a request. We'll provide it in a machine-readable format within 30 days.
• Opt out of email notifications using the toggle in your dashboard notifications panel.

If you are in the European Union, the UK, or California, you have additional rights under GDPR / UK GDPR / CCPA, including the right to lodge a complaint with your local data protection authority.

6. Data Retention

We keep your data as long as your account is active. If you delete your account, we delete your personal data within 30 days. Some anonymized usage data may be retained for analytics. Backup snapshots may persist for up to 90 days before being overwritten.

7. Security

Your data is transmitted over HTTPS. Database rows are protected by row-level security so that only you (and our backend service role used for legitimate operations like sending you a daily digest) can access them. We follow industry-standard practices to protect your data, but no system is perfectly secure. If we ever discover a breach affecting your data, we will notify you within 72 hours of becoming aware.

8. Children

Climbr is not intended for children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us data, email support@climbrhq.com and we will delete it.

9. International Transfers

Climbr is operated from the State of Maryland, United States. If you use the Service from outside the United States, your data will be transferred to and processed in the United States and other countries where our subprocessors operate.

10. Changes to This Policy

We may update this policy from time to time. If we make material changes we will notify you via email or in-app notice at least 14 days before they take effect.

11. Contact

For privacy questions or requests, email support@climbrhq.com.