Privacy Policy

Effective: July 11, 2026

This policy explains how inrole (“we,” “us”) handles information for the inrole web app and API. If anything is unclear or you need a data-processing agreement, email support@inrole.xyz.

Information we collect

  • Account. Name, email, and authentication identifiers via Supabase.
  • Content you provide. Your CV, profile, persona notes, a LinkedIn export you upload, the postings you evaluate, and the evaluations, CVs, outreach, and answers inrole drafts for you.
  • Integrations. If you connect Gmail, an OAuth token and connection metadata. Tokens are scope-limited and stored scoped to your account.
  • Usage and diagnostics. Device and IP, event logs, and error traces; cookies and local storage for authentication and preferences.
  • Billing. Subscription status and invoice metadata via Stripe. We do not store full card numbers.

How we use information

  • Provide, secure, and operate the Service and its AI features: scoring postings, ranking intros, and drafting CVs, outreach, and answers.
  • Sync with services you authorize, such as Gmail for application tracking.
  • Improve reliability and performance, and prevent abuse and fraud.
  • Process payments and send essential service communications.
  • Comply with law and enforce our terms.

Processing by vendors

We share data with service providers that help us run inrole, strictly to provide the Service. These include Anthropic (AI), Vercel and Supabase (hosting and database), Firecrawl (job-posting extraction and search), Resend and Google (email and the Gmail API), Stripe (payments), and Sentry (error monitoring). The full list is on our sub-processors page. Where a model provider offers the control, we opt out of training on your data.

Sharing

  • With service providers under contract who help us run the Service.
  • With third-party services you connect, strictly to perform the actions you request.
  • For legal compliance, safety, and to enforce our agreements.
  • In a merger, acquisition, or transfer, where you will be notified if required.
  • We do not sell your personal data.

Retention

We keep information while your account is active and as needed to provide the Service, meet legal obligations, or resolve disputes. You may request deletion at any time; we will remove Your Data within a reasonable period, subject to legal and backup requirements.

Security

  • Encryption in transit (TLS) and at rest.
  • Row-level security scopes every read and write to your account.
  • Access controls and key management follow least privilege.

International transfers

We process data in the United States.

Your rights

  • Access, correct, delete, or export your data, and object to or restrict certain processing where applicable.
  • Manage integrations and revoke access at any time from settings.
  • To exercise these rights, email support@inrole.xyz. We respond as required by applicable law.

Children

inrole is not intended for individuals under the age of 16. We do not knowingly collect data from children. Contact us to remove any such data.

Changes

We may update this policy from time to time. Material changes will be communicated by email or in-app. Continued use means you accept the updated policy.

Contact

Email: support@inrole.xyz