Privacy Policy

Account information. When you register, we collect identifiers such as your name and email address. Authentication may be processed by Clerk Technologies, Inc. on our behalf.

Profile and professional data. Depending on your role, you may provide work experience, therapeutic areas, credentials, work preferences, compensation expectations, location, and similar recruiting information.

Resume and documents. You may upload resumes and credential files (for example, certificates or licenses) for storage, display, parsing, and verification.

Usage data. We collect log data, device/browser type, approximate location derived from IP address, pages viewed, and interactions with features such as search, applications, and messaging.

Communications. We process messages you send through the Platform and emails or support inquiries you send to us.

Payment information.Employers who purchase subscriptions enter payment details into Stripe, Inc.'s hosted flows. We do not store full payment card numbers on our servers; Stripe processes payments subject to its privacy policy and terms.

We use personal information to:

• Provide, secure, and improve the Services;
• Create and maintain profiles, including de-identified discovery views;
• Match candidates to opportunities and display relevance or match scores;
• Verify credentials and documents you submit (including with AI assistance);
• Send transactional emails, notifications, and service announcements;
• Analyze usage trends and product performance in aggregated or de-identified form;
• Comply with law, enforce our terms, and protect rights and safety.

Employers and candidates. Employers may see de-identified profile previews in search. When a candidate applies to a job, the employer may receive the application materials and identifiers you chose to share. Candidates may see employer and job posting information you would expect in a recruiting context.

Service providers. We share data with vendors who assist our operations, including: Clerk (authentication); Supabase (database and file storage); Stripe (payments for employer subscriptions); Resend (transactional email delivery); and Anthropic (AI features such as parsing and analysis), each subject to contractual safeguards.

Legal and safety. We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of CRAConnect, our users, or the public.

We do not sell your personal information for money as traditionally defined under U.S. state privacy laws.

We use AI and automated systems to parse resumes, suggest profile fields, analyze credentials, generate or rank job matches, and provide informational scores. These outputs are assistive tools only and should not be the sole basis for employment decisions by employers or career decisions by candidates. Employers remain responsible for lawful hiring practices.

We retain personal information while your account is active and for a reasonable period afterward to fulfill the purposes described here. After account closure, we aim to delete or de-identify personal information within thirty (30) days, except where we must retain data for legal claims, audits, security, or regulatory obligations.

If you are a California resident, you may have the right to:

• Know what personal information we collect, use, and disclose;
• Delete certain personal information, subject to exceptions;
• Correct inaccurate personal information;
• Opt out of "sale" or "sharing" for cross-context behavioral advertising — we do not sell personal information for money and use minimal advertising cookies as described below;
• Non-discrimination for exercising these rights.

To submit a request, email getcraconnect@gmail.com. We may verify your request in accordance with applicable law.

Colorado residents may have rights to access, delete, and correct personal data, and to opt out of certain processing, subject to exceptions. Submit requests to the contact email above. You may appeal a denied request by replying to our response.

We use minimal cookies and similar technologies necessary to operate the Services, including authentication session cookies managed through Clerk. We do not use advertising cookies for cross-site tracking on the Platform as described in typical ad-tech scenarios. You may control cookies through your browser settings.

We use administrative, technical, and organizational measures designed to protect personal information. Data is transmitted over HTTPS (encryption in transit). Data at rest is stored with Supabase using industry-standard protections. Credential and resume files may be accessed via time-limited, signed URLs where applicable. No method of transmission or storage is 100% secure.

The Services are not directed to children under thirteen (13), and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.

CRAConnect is not a "covered entity" or "business associate" under the Health Insurance Portability and Accountability Act ("HIPAA"). The Platform is not intended for the collection or storage of protected health information ("PHI"). Do not submit PHI through the Services.

The Services may contain links to third-party websites or integrations. We are not responsible for the privacy practices of those sites. Please review their policies before providing information.

We may update this Privacy Policy from time to time. We will post the revised policy on the Platform and update the effective date. For material changes, we will provide at least thirty (30) days' advance notice where required by law (for example, by email or prominent notice on the Platform) before the changes take effect.