How RoleSift uses your personal information.

For privacy, account, security, or support requests, contact RoleSift at sebcolliedog@gmail.com or use the Contact/Support page.

Do not paste passwords, banking details, National Insurance numbers, passport details, API keys, employer confidential material, medical information, special-category information, or other secrets into RoleSift job scans, CV fields, profile settings, or support messages.

RoleSift provides job-fit guidance and risk signals for you to consider. It does not make hiring decisions, employment decisions, credit decisions, or other legally significant decisions about you.

A redacted CV or short profile summary is usually enough. RoleSift is designed for job-fit context, not sensitive identity, financial, medical, or employer-confidential information.

Email address, user ID, display name, profile preferences, target roles, skills, dealbreakers, location preferences, salary preferences, remote/contract preferences, career goals, email confirmation status, and account timestamps.

Opened job description text, selected active job posting text, job URL, job title, company name, role location, salary or contract details where present, and other text you choose to scan through the website or Chrome extension.

You may paste a CV, redacted CV, short profile summary, or supported CV file to extract factual CV details such as education, experience, skills, projects, certifications, and leadership examples. Job search preferences, such as target roles, locations, work style, and right-to-work summary, are added separately by you. After processing consent, CV/profile text is sent to OpenAI API server-side for extraction. RoleSift asks for separate storage consent before saving the reviewed CV details and job search preferences. Current profile setup stores only structured job-fit fields after consent, not the original CV text or file.

AI-generated scan results, scores, recommendations, risk flags, scan type, cached-result fingerprints, credit usage, scan-credit ledger entries, timestamps, and whether a result was fresh or loaded from cache. Cache records support duplicate detection and allowance integrity without needing raw CV text or raw job descriptions.

Plan, subscription status, Stripe customer/subscription identifiers, checkout events, billing status, current period dates, and payment-event metadata needed to provide paid plans. Stripe handles card details; RoleSift stores subscription status rather than full card numbers.

Extension settings such as backend URL, authentication bridge state, scan preferences, the current tab, active job posting text, selected active job posting text you choose to scan, and local extension state needed to show results and account status. The extension does not contain server secrets.

IP address, device/browser information, request logs, error logs, fraud-prevention signals, rate-limit events, authentication events, deployment/security logs, and other technical data needed to operate and secure the service.

If you contact RoleSift, test the product, or help administer it, we may process your name, email address, message content, issue details, and support history. This product notice covers RoleSift user and support data, not separate workforce or contractor records.

We use account, profile, job, CV, scan, subscription, and usage data to provide the website, extension, job-fit scans, dashboards, credit limits, cached results, and subscription access. The likely lawful basis is contract, or steps taken before entering into a contract.

We use technical logs, authentication events, rate limits, usage events, and credit-ledger records to protect accounts, prevent abuse, maintain scan limits, debug faults, and operate the service. The likely lawful basis is legitimate interests.

We use subscription and payment-status data to provide paid plans, handle billing events, reconcile Stripe webhooks, and keep records required for accounting or legal compliance. The likely lawful bases are contract and legal obligation.

Where RoleSift relies on consent, such as saving your reviewed structured job-fit profile, you can withdraw consent or delete relevant saved profile data through available privacy controls, subject to legal, billing, security, and abuse-prevention limits.

For profile extraction, after your processing consent, RoleSift sends CV/profile text to OpenAI API server-side to extract factual CV details for a structured JobFitProfile. For a scan, RoleSift may send active job posting text, selected active job posting text, role metadata, your user-entered job search preferences, and your reviewed structured job-fit profile to OpenAI to generate fit scores, risk indicators, questions, recommendations, and application guidance.

RoleSift receives structured analysis such as scores, matched strengths, CV gaps, red flags, questions, and suggested next actions. Results may be cached for the authenticated user to avoid duplicate credit charges.

OpenAI calls happen from RoleSift's backend, not the browser or extension. RoleSift stores structured job-fit profile fields, scan fingerprints, and structured results. In the current setup flow, RoleSift does not save the original CV text or uploaded CV file to your profile.

OpenAI processes submitted content for the AI features you request. RoleSift does not expose OpenAI API keys to browser, extension, or support workflows.

For CV extraction, RoleSift needs factual CV details such as education level, degree subject, relevant skills, tools, projects, experience summaries, certifications, and leadership examples. In the preferences step, you can separately add target roles, target industries, target locations, work style, role type preferences, availability, salary expectations, and a short work-authorisation summary where relevant.

Passport numbers, National Insurance numbers, full home address, banking details, medical information, disability information, ethnicity, religion, political opinions, trade union membership, or anything else not needed for job-fit scanning.

If you choose to save the profile, RoleSift stores the reviewed structured JobFitProfile, including reviewed CV facts and user-entered job search preferences, plus scan results, feedback, account data, consent records, and credit/subscription records needed to run the service. The original CV/profile text or uploaded file is not saved to your profile in the current setup flow.

Signed-in users can use Settings to export account-associated data, delete scan history, and delete profile/preferences data where those controls are available. RoleSift is a decision aid, not a guarantee of job success or a replacement for professional careers advice.

Authentication and database services, including user accounts, profiles, preferences, subscriptions/account status, scan cache metadata, usage events, and app data.

Website hosting, backend functions, deployment infrastructure, request handling, logs, and security/operational monitoring.

Checkout, card/payment processing, invoices, billing events, customer IDs, subscription IDs, subscription status, and payment-related fraud prevention.

Server-side extraction of CV/profile text into factual CV details after processing consent, plus AI analysis of opened job description text, selected active job posting text, user-entered job preferences, and structured job-fit profile evidence where you request a scan that uses AI.

The RoleSift Chrome extension is installed from the Chrome Web Store. Google may process extension listing, review, installation, browser, and account-related information under its own terms.

Where necessary, we may share limited information with professional advisers, regulators, payment dispute handlers, or law enforcement where legally required or to protect rights and security.

Supabase, Vercel, Stripe, OpenAI, and Google may process data outside the UK, including in the United States or other locations. Where personal information is transferred internationally, RoleSift relies on applicable provider terms, data processing terms, and lawful transfer safeguards where required.

Account and profile data is kept while your account is active. Scan results and profile/preferences data can be deleted through available settings where implemented. Billing, subscription, security, and credit-ledger records may be retained for longer where needed for accounting, fraud prevention, dispute handling, scan allowance integrity, or legal obligations.

Signed-in users can export RoleSift account-associated data, delete scan history, and delete profile/preferences data where those controls are implemented. These controls do not cancel Stripe subscriptions or delete Stripe records. Some immutable credit/billing records may be retained to prevent credit reset abuse and preserve payment integrity.

Technical, security, support, billing, and credit-ledger records may be kept for as long as needed to operate the service, protect accounts, resolve disputes, comply with legal duties, and prevent allowance or billing abuse.

You can ask for copies of your personal information and supporting information about how it is used.

You can ask us to correct personal information you think is inaccurate or incomplete.

You can ask us to delete personal information, subject to legal, billing, security, and abuse-prevention limits.

You can ask us to restrict certain processing or object to processing in certain circumstances.

You can ask for certain information you provided to be transferred to you or another organisation where this right applies.

Where RoleSift relies on consent, you can withdraw it at any time. This does not affect processing that happened before withdrawal.