1. Overview
GiraffyReach ("we," "us," or "our") operates a job-discovery and automated outreach platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, platform, or any related services (collectively, the "Service"). By accessing or using the Service you agree to the practices described in this Policy. If you do not agree, please discontinue use immediately.
2. Information We Collect
2.1 Information You Provide Directly
• Account registration: name, email address, password (hashed), phone number (optional). • Profile data: resume, work history, education, skills, target job titles, preferred locations, salary expectations. • Payment data: billing name, address, and card details — processed and stored exclusively by our payment processor (Stripe). We never store raw card numbers. • Communications: messages you send to our support team, survey responses, and feedback submissions.
2.2 Information We Collect Automatically
• Log data: IP address, browser type and version, operating system, referring URL, pages visited, timestamps, and session duration. • Device data: device identifiers, hardware model, and screen resolution. • Usage data: clicks, feature interactions, search queries you enter within the platform, and job listings you view or save. • Cookies and similar technologies: see Section 8 for full details.
2.3 Information We Collect from Third Parties
• Job board integrations: when you connect a third-party account (e.g., LinkedIn, Indeed) we receive the access token and any profile data you authorize. • Authentication providers: if you sign in via Google or LinkedIn, we receive your name, email, and profile picture as permitted by that provider. • Publicly available sources: publicly posted job listings and career-page data scraped from employer websites to power our discovery engine.
3. How We Use Your Information
We use the information we collect to: • Provide and operate the Service, including real-time job discovery, resume generation, and automated outreach on your behalf. • Personalize job recommendations and improve match accuracy. • Process payments and send billing-related communications. • Send transactional emails (job alerts, application status updates, account notifications). • Send marketing communications where you have consented; you may opt out at any time. • Detect, investigate, and prevent fraudulent activity, abuse, and security incidents. • Comply with applicable laws, legal process, and regulatory obligations. • Analyze aggregate usage trends to improve product quality, performance, and features. • Enforce our Terms of Service and other agreements. We do not sell your personal data to third parties, and we do not use your resume or job-search activity for advertising purposes unrelated to our Service.
4. Automated Outreach on Your Behalf
A core feature of GiraffyReach is sending personalized outreach messages to recruiters and hiring managers on your behalf. By enabling this feature you explicitly authorize us to: • Compose and send emails and messages using your name, job-search preferences, and resume data. • Access your linked email account (Gmail, Outlook) solely to send authorized outreach and track delivery status. • Store sent-message records so you can review outreach history. We will never send messages on your behalf beyond what is enabled in your settings. You may disable automated outreach at any time from your dashboard. Email account credentials are encrypted at rest and in transit; no human employee accesses them except to investigate a reported issue at your request.
5. Legal Basis for Processing (EEA / UK Users)
If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases: • Contract performance: processing necessary to deliver the Service you signed up for. • Legitimate interests: fraud prevention, security, product improvement, and direct marketing where our interests are not overridden by your rights. • Consent: optional features such as automated outreach, marketing emails, and third-party account connections — withdrawable at any time. • Legal obligation: compliance with applicable law and regulatory requirements.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account: • Profile, resume, and outreach history are permanently deleted within 30 days. • Billing records are retained for 7 years as required by financial regulations. • Anonymized, aggregated analytics data may be retained indefinitely. • Backup copies may persist for up to 90 days before being overwritten. You may request earlier deletion at any time by contacting support@giraffyreach.com.
9. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights: • Access: request a copy of the personal data we hold about you. • Correction: request correction of inaccurate or incomplete data. • Deletion: request deletion of your personal data, subject to legal retention obligations. • Portability: receive your data in a structured, machine-readable format. • Restriction: request that we restrict processing of your data in certain circumstances. • Objection: object to processing based on legitimate interests or for direct marketing. • Withdraw consent: for processing based on consent (e.g., automated outreach, marketing emails), withdraw at any time without affecting the lawfulness of prior processing. California residents have additional rights under the CCPA, including the right to know, right to delete, and right to non-discrimination for exercising privacy rights. To exercise any of these rights, email us at support@giraffyreach.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before fulfilling a request.
10. Data Security
We implement technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction: • All data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256). • Access to production databases is restricted to authorized personnel via role-based access controls and multi-factor authentication. • We conduct regular security reviews and vulnerability assessments. • Payment card data is tokenized and handled exclusively by PCI DSS-compliant processors. No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
11. International Data Transfers
GiraffyReach operates in the United States. If you are accessing the Service from outside the United States, your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. For transfers from the EEA or UK, we rely on standard contractual clauses approved by the European Commission, or other lawful transfer mechanisms, to ensure your data receives an adequate level of protection.
12. Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at support@giraffyreach.com and we will delete that information promptly.
13. Third-Party Links
The Service may contain links to third-party websites, employer career pages, and job boards. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policy of any third-party site you visit.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by: • Email to the address associated with your account, and/or • A prominent notice on our website or within the platform. The "Last Updated" date at the top of this page reflects when the current version took effect. Your continued use of the Service after changes become effective constitutes acceptance of the revised Policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: Email: support@giraffyreach.com Support: support@giraffyreach.com GiraffyReach United States For EEA/UK users: if you are not satisfied with our response you have the right to lodge a complaint with your local supervisory authority.
We are committed to handling your data responsibly. If anything in this policy is unclear, reach out — we will give you a straight answer.
support@giraffyreach.com