Privacy Policy

eWorkConnection ("we", "us", "our") is an AI-powered career platform operated by eWorkConnection LLC. We are a software tool — not an employment agency, recruiter, or staffing firm.

Contact: privacy@eworkconnections.org

Website: www.eworkconnections.org

Information you provide directly:

• Name and email address (via Google Sign-In or email magic link)
• Resume content — text extracted from files you upload voluntarily
• Job search preferences, filters, salary targets and location
• Role, country, registration purpose, and recruiter visibility consent preference where enabled
• User-submitted bug reports and feedback (with screenshot)

Information collected automatically:

• Login timestamps and session activity
• Number of job searches performed (for plan limits)
• Pages visited within the platform
• Country/region (inferred from Vercel infrastructure, not stored as exact IP)
• Browser user agent (for debugging only)

We do NOT collect:

• Payment card details (processed entirely by Stripe — we never see card numbers)
• Government IDs, Social Security numbers, or biometric data
• Your Anthropic API key is not stored by us; if entered, it is stored in your browser and transmitted only when needed to process AI requests — see Section 6
• Contacts, calendar, or microphone/camera data
• Non-public personal information about third-party candidates, recruiters, or contacts discovered through public search

We use collected information solely for:

• Providing, operating and improving the job search service
• Analyzing your resume to generate tailored job results and career content
• Tracking usage against your plan limits
• Displaying your profile to recruiters only if you explicitly opt in via the consent checkbox
• Sending service-related emails (account confirmations, password resets)
• Marketing emails only with your explicit separate consent
• Diagnosing technical issues via error logs and user-submitted reports

We never use your resume or job search data to train AI models. Your data is never sold, rented or shared with third parties for commercial purposes.

Recruiter/Talent Desk features may be disabled during a Job Seeker-only launch phase. If disabled, recruiter-facing discovery and visibility features are hidden for normal users unless an administrator assigns selected-user access.

Important Notice Regarding Public Information:

eWorkConnection uses AI to search and aggregate publicly available information from the internet, including LinkedIn "Open to Work" profiles, professional websites, GitHub profiles, and public job boards. We do not access private, access-controlled, or password-protected pages.

Public-source storage limitation: For third-party people discovered through search, we only store information that is publicly available, voluntarily published by that person or organization, or explicitly provided/consented to by an eWorkConnection user. We do not store non-public personal data about third-party candidates or recruiters.

Information displayed in the recruiter search, job seeker finder, or recruiter directory is sourced from publicly accessible web pages. We store only:

• LinkedIn profile URL (public)
• Professional job title and company (public)
• Skills and location (public)
• "Open to Work" signal (explicitly made public by the individual)

We never store private personal email addresses, phone numbers, or non-public contact information from third-party profiles. If a business email, website, LinkedIn URL, or public profile URL is plainly published for professional contact, it may be displayed or stored only as public professional information.

Right to Removal: If you are an individual whose public information appears in our platform and wish to be removed, contact us at privacy@eworkconnections.org with subject line "Data Removal Request". We will process within 30 days.

Your resume and profile details are never visible to recruiters by default. Visibility requires you to:

• Explicitly check the consent checkbox in your Account settings
• Agree to the specific data sharing statement presented at that time

When recruiter features are enabled and you have consented, verified or platform-authorized recruiters may see: your name, job title, top skills, location, salary range, and a professional summary. They cannot see your full resume text, contact details, or application history.

You can revoke consent at any time. Revoking immediately removes your profile from recruiter searches and deletes the stored profile record.

If you provide your own Anthropic API key, it is stored in your browser's localStorage and is not saved in our database.

When you use AI features, your browser sends the key over HTTPS to our API endpoint so we can relay the request to Anthropic. We do not persist the key, display it to staff, or intentionally log it. Anthropic receives the key to process your request under its own terms and privacy policy.

If you clear your browser data or remove the key in Account settings, your key is deleted from that browser and you will need to re-enter it.

The platform API key (used for free-tier users) is an Anthropic key held by eWorkConnection and used on your behalf for limited, rate-controlled searches only.

Your data is stored in Supabase (PostgreSQL on cloud infrastructure) and processed through eWorkConnection application services. The countries available inside the app are controlled by our administrator. Each launch country may be assigned to a data zone such as North America, South Asia, Latin America, Europe, or APAC.

Current launch posture: for the initial USA and India launch, data may be processed using the currently configured production Supabase project and hosting environment. As we expand, we may operate separate Supabase projects or databases for regional storage, for example North America, Europe, South Asia/India, and Latin America.

• North America: intended for USA and Canada users, typically hosted in a North America cloud region.
• Europe / UK: before broad EU/UK launch, we intend to use an EU/UK-compatible regional project and appropriate transfer safeguards, including Standard Contractual Clauses where required.
• India / South Asia: India users may be assigned to a South Asia data zone as the India launch scales, subject to India Digital Personal Data Protection Act requirements and any government-notified transfer restrictions.
• Latin America: Colombia and other Latin America launches may use a Latin America or North America data zone depending on availability, performance, and legal review.

If your data is transferred across borders, we use contractual, technical, and organizational safeguards appropriate to the jurisdiction, including processor agreements, access controls, encryption in transit, deletion rights, and user notices. Regional storage is a product and compliance roadmap item and may be phased country by country.

By using eWorkConnection, you acknowledge that your data may be processed in the country/data zone configured for your launch country and may be transferred to service providers required to operate the platform, consistent with applicable data protection laws.

Privacy rights vary by country and region. We support a baseline of access, correction, deletion, portability where applicable, opt-out/revocation of consent, and complaint handling. Examples:

• EU/EEA/UK: GDPR/UK GDPR rights, international transfer safeguards, and 30-day response target.
• California/USA: CCPA/CPRA-style rights to know, delete, correct, and opt out of sale/share. We do not sell personal information.
• India: DPDP-style notice, consent/legitimate-use controls, grievance handling, correction and erasure workflows, and monitoring of cross-border transfer restrictions.
• Colombia: habeas data rights, authorization/notice for processing, confidentiality/security measures, and review of international transfer or transmission requirements before public launch.

To exercise rights, email privacy@eworkconnections.org and include your account email and country.

We retain your data while your account is active. You may:

• Delete your account instantly from Dashboard → Account tab → "Delete My Account & All Data"
• Request data export by emailing privacy@eworkconnections.org
• Request correction of inaccurate data at any time

Upon account deletion, we remove: your profile, resume text, job history, applications, activity logs, and all personal data. Exception: we retain billing records for 7 years as required by tax law, and anonymized aggregate usage statistics.

Backups are purged within 90 days of account deletion.

We use minimal cookies required for authentication (Supabase session cookies). We do not use:

• Third-party advertising cookies
• Cross-site tracking cookies
• Google Analytics or similar third-party analytics

We use browser localStorage for: your API key, language preference, admin feature flags, and visitor session ID (anonymous). None of this data is transmitted to third parties.

If you are located in the European Union or European Economic Area, you have the following rights under GDPR:

• Right of Access — request a copy of all data we hold about you
• Right to Rectification — correct inaccurate personal data
• Right to Erasure ("right to be forgotten") — delete your account and all data
• Right to Restriction — limit how we process your data
• Right to Data Portability — receive your data in machine-readable format
• Right to Object — object to processing based on legitimate interests
• Rights re: Automated Decision-Making — we do not make legally significant automated decisions about you

To exercise any of these rights, email privacy@eworkconnections.org. We will respond within 30 days. Legal basis for processing: contract performance, legitimate interest, and consent (for recruiter visibility).

California residents have the following rights under the California Consumer Privacy Act:

• Right to Know — what personal information we collect, use, and disclose
• Right to Delete — request deletion of personal information (use in-app deletion or email us)
• Right to Opt-Out — we do not sell personal information. No opt-out needed.
• Right to Non-Discrimination — we will not discriminate against you for exercising CCPA rights

To submit a CCPA request, email privacy@eworkconnections.org with subject "CCPA Request".

We use the following third-party services. Each has its own privacy policy:

• Supabase — database and authentication (supabase.com/privacy)
• Anthropic — AI processing via API (anthropic.com/privacy)
• Stripe — payment processing (stripe.com/privacy)
• Vercel — hosting and deployment (vercel.com/legal/privacy-policy)
• Google — sign-in via OAuth (policies.google.com/privacy)

eWorkConnection is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, contact us immediately at privacy@eworkconnections.org and we will delete it promptly.

We implement industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit
• Row-level security (RLS) on all database tables
• API key format validation and rate limiting
• Origin validation on all API endpoints
• No plaintext storage of passwords (handled by Supabase Auth)

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@eworkconnections.org.

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Updating the "Last updated" date at the top of this page
• Displaying a notice in the dashboard for 30 days after significant changes

Continued use of the service after changes constitutes acceptance of the updated policy.