Back to home

Privacy Policy

Last Updated: March 2026

At KnowSomeone, we believe privacy is a fundamental right. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our job search platform. We're committed to being transparent about our data practices and giving you control over your information.

If you have questions about this policy or our privacy practices, you can reach us at privacy@knowsomeone.com.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use KnowSomeone, you provide us with:

  • Account Information: Email address, name, password (hashed and salted)
  • Job Search Data: Target companies, job titles, application status, interview notes, salary expectations
  • School & Network Information: Schools and universities you attended, LinkedIn profile IDs for alumni searches
  • Contact Data: Names, email addresses, LinkedIn URLs, company affiliations, and notes about professional contacts you add
  • Resume Information: Resume versions, file uploads, and which version is associated with each application
  • Message Templates: Custom outreach templates and drafts you create
  • Payment Information: Billing address and subscription tier (payment card data is processed by Stripe; we never store raw card numbers)

1.2 Information Collected Automatically

When you use KnowSomeone, we automatically collect:

  • Usage Data: Pages visited, features used, time spent in the app, clicks, and interactions
  • Technical Data: IP address, device type, operating system, browser type and version, unique device identifiers
  • Session Data: Session IDs, cookies, and authentication tokens (essential for keeping you logged in)
  • Timestamp Data: When you access features, create jobs, add contacts, and update statuses

1.3 Information from Third Parties

We receive limited information from third-party services:

  • Google OAuth: When you sign in with Google, we receive your name, email address, and profile picture
  • Analytics: Aggregated usage statistics from our hosting provider

2. How We Use Your Data

We use your information only for the following purposes:

  • Account Management: Creating and managing your account, authenticating you securely, and resetting passwords
  • Service Delivery: Providing the job tracker, storing your jobs and contacts, managing your subscription, sending you receipts
  • Communication: Sending critical account notices (security alerts, billing information), feature updates, and promotional emails (you can opt out anytime)
  • Service Improvement: Analyzing how you use the app to identify bugs, improve features, and create new functionality
  • AI Features: If you enable the Chat feature, sending your prompts to Anthropic to generate AI-powered message drafts and insights
  • Legal Compliance: Responding to legal requests, detecting fraud, and enforcing our Terms of Service
  • Safety & Security: Protecting against unauthorized access, malicious activity, and data breaches

We do NOT use your data for automated decision-making that significantly affects you (e.g., we won't deny you service based on an algorithm). We also do NOT sell your personal data to third parties.

3. Data Sharing & Third-Party Processors

KnowSomeone works with the following service providers to deliver our platform. Each has signed a Data Processing Agreement committing to protect your data with security standards equal to or exceeding our own:

Supabase (Cloud Database)

Stores your account information, job tracker, contacts, and all user data. Supabase is GDPR-compliant, implements encryption at rest (AES-256) and in transit (TLS 1.2+), and maintains backups. Data is hosted in the US by default; EU data regions available upon request.

Vercel (Application Hosting & CDN)

Hosts the KnowSomeone web application, serves content globally, and maintains server logs. Vercel is ISO 27001 certified and GDPR-compliant.

Stripe (Payment Processing)

Processes all subscription payments and billing. Stripe is PCI Level 1 certified (the highest security standard for payment processing). KnowSomeone never touches your credit card data - it goes directly to Stripe's secure servers.

Anthropic (AI Message Drafting)

If you enable the Chat feature, your prompts and job/contact details are sent to Anthropic's Claude API for AI-powered message generation and insights. Anthropic does not use your data for model training under their commercial terms. Data is encrypted in transit and at rest.

Google (Authentication & OAuth)

If you sign in with Google, your authentication is handled directly by Google. KnowSomeone only receives your name, email, and profile picture - we never see your password. Google is responsible for securing your credentials.

We do not share your data with marketing companies, data brokers, or third parties for their direct benefit. We also do not sell your personal information.

4. Cookies & Tracking

What Are Cookies?

Cookies are small files stored on your device that help us remember information about you, like keeping you logged in or remembering your theme preference.

Essential Cookies (No Consent Required)

These cookies are necessary for KnowSomeone to function:

  • Session Cookie: Keeps you logged in while you use the app; deleted when you close your browser
  • CSRF Token: Prevents unauthorized requests from other websites; essential for security
  • Preference Cookie: Remembers your chosen theme (light/dark mode)

Optional Cookies (Consent Required)

We may use analytics cookies to understand how you use KnowSomeone and improve our features. You can accept or reject these cookies at any time using the cookie banner that appears when you first visit.

How to Control Cookies

You can disable cookies in your browser settings, though this may affect KnowSomeone's functionality. Some cookies (like session and security cookies) cannot be disabled without breaking the app.

5. Your Rights & Choices

5.1 GDPR Rights (For Users in the EU)

If you're in the European Union, GDPR gives you the following rights:

  • Right of Access: Request a copy of all personal data KnowSomeone holds about you
  • Right to Correction: Request corrections to inaccurate or incomplete data
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of your data (with some exceptions for legal or contractual obligations)
  • Right to Data Portability: Request your data in a machine-readable format (JSON or CSV) that you can download or transfer to another service
  • Right to Objection: Object to certain types of data processing, such as promotional emails
  • Right to Restrict Processing: Request that we limit how we use your data while you investigate a concern

5.2 CCPA/CPRA Rights (For California Residents)

If you're a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you these rights:

  • Right to Know: Request what personal information KnowSomeone collects, uses, and shares
  • Right to Delete: Request deletion of personal information (with legal exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of any "sale" or "sharing" of your personal information (note: KnowSomeone does not sell or share your data)
  • Right to Limit Use: Limit how we use your sensitive personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

5.3 Email Communications & Opt-Out

We send promotional emails (feature updates, special offers) only with your permission. You can unsubscribe from promotional emails anytime by clicking the "Unsubscribe" link at the bottom of any email or by updating your preferences in your account settings. We will always send critical account emails (security alerts, billing information) regardless of your preferences.

5.4 How to Exercise Your Rights

To exercise any of these rights, email us at privacy@knowsomeone.com with "Data Subject Request" in the subject line. Include:

  • Your full name and email address
  • The specific right you're exercising (access, deletion, correction, etc.)
  • Any relevant details (e.g., which data you want to delete)

We will respond within 30 days (GDPR) or 45 days (CCPA), with a possible 30-day extension if your request is complex. You may designate an authorized agent to submit requests on your behalf, and we will ask for proof of authorization.

6. Data Retention & Deletion

We keep your data for as long as your account is active. Here's our retention schedule:

  • Active Accounts: Your personal data, job tracker, and contacts are retained indefinitely while your account is active
  • Deleted Accounts: When you delete your account, personal data is permanently deleted within 30 days
  • Backup Copies: Due to backup systems, deleted data may persist in backups for up to 60 days after deletion
  • Payment Records: Billing information is retained for 7 years to comply with tax and legal requirements
  • Anonymized Analytics: Usage statistics are anonymized and retained indefinitely for product improvement

If you want faster deletion (e.g., immediately after submitting a deletion request), contact us at privacy@knowsomeone.com.

7. Data Security

Your data's security is critical to us. We implement industry-standard security measures:

  • Encryption in Transit: All data traveling between your device and our servers is encrypted using TLS 1.2+ (HTTPS)
  • Encryption at Rest: All databases are encrypted using AES-256 encryption
  • Password Security: Passwords are hashed and salted using industry-standard algorithms (bcrypt); we never store passwords in plain text
  • Access Controls: Only authorized employees with a legitimate business need can access user data; we implement role-based access controls and the principle of least privilege
  • Regular Security Audits: We conduct third-party security audits and penetration testing annually
  • Incident Response Plan: In the unlikely event of a data breach, we will notify affected users and regulatory authorities within the legally required timeframe (72 hours for GDPR, 30 days for CCPA)

However, no security system is 100% secure. Please protect your password and notify us immediately if you suspect unauthorized access to your account.

8. International Data Transfers

KnowSomeone is based in the United States. If you're in the EU or another jurisdiction, your data may be transferred to and stored in the US. We rely on Data Processing Agreements with our processors (Supabase, Vercel, Stripe, Anthropic) to ensure adequate protection under Standard Contractual Clauses or similar legal mechanisms. If you request an EU data region, Supabase can store your data in eu-west-1 (Ireland).

By using KnowSomeone, you consent to the transfer of your data to the US and other countries for processing and storage.

9. GDPR-Specific Disclosures

9.1 Lawful Basis for Processing

Under GDPR, we process your data based on the following lawful bases:

  • Contract: Processing is necessary to provide the KnowSomeone service you've signed up for (account management, job tracking, contact storage)
  • Legitimate Interest: We analyze how you use KnowSomeone to improve features and prevent fraud
  • Consent: For optional features (Chat, promotional emails), we obtain your explicit consent

9.2 Data Controller vs. Processor

  • KnowSomeone is the Data Controller: We decide what data to collect and how to use it
  • Supabase, Vercel, Stripe, and Anthropic are Data Processors: They process data only on our instructions and have signed Data Processing Agreements

9.3 Automated Decision-Making

KnowSomeone does not use automated decision-making (algorithms or AI) to make significant decisions about you that would have legal effects or similarly affect you. Our AI Chat feature generates suggestions only; you decide whether to use them.

10. CCPA-Specific Disclosures

10.1 Categories of Personal Information Disclosed to Service Providers

We disclose the following categories of personal information to service providers:

  • Identifiers (name, email) → Supabase, Vercel, Stripe, Anthropic
  • Commercial Information (job titles, target companies, salary expectations) → Supabase, Vercel, Anthropic
  • Internet/Network Activity (IP address, device type, usage analytics) → Supabase, Vercel
  • Professional Information (schools, resume versions) → Supabase, Vercel

10.2 Sales/Sharing of Personal Information

KnowSomeone does not sell or share your personal information. We do not sell data to third parties for their direct marketing or other purposes. If you receive a "Do Not Sell/Share My Personal Information" request via Global Privacy Control (GPC), we honor it automatically.

10.3 Automated Decision-Making Technology (ADMT)

KnowSomeone does not use ADMT to make significant decisions about you that have legal effects or similarly affect you.

11. Third-Party Contact Data Disclaimer

When you add professional contacts (names, emails, LinkedIn URLs) to KnowSomeone, you represent that:

  • You have a lawful basis to collect and store this information (e.g., you met them at work, at a conference, or through a mutual connection)
  • You comply with all applicable privacy laws (GDPR, CCPA, etc.) when collecting and using this data
  • You will use this contact data only for legitimate networking purposes (job referrals, professional outreach)
  • You have not collected this data without consent or through deceptive means

KnowSomeone is not responsible for your compliance with privacy laws in your own outreach.If a contact recipient files a complaint about your messages, you are solely liable. We recommend you follow best GDPR best practices: don't send more than one follow-up email to unresponsive contacts within 30 days, honor unsubscribe requests immediately, and keep records of consent.

12. Children's Privacy

KnowSomeone is intended for adults and job seekers age 18 and older. We do not knowingly collect personal information from children under 13 (as required by the Children's Online Privacy Protection Act, COPPA). If we discover that a child under 13 has created an account, we will delete their account and all associated data immediately. Parents or guardians who believe their child has provided us with personal information should contact us at privacy@knowsomeone.com.

13. AI Features & Chat Disclosure

If you enable the Chat feature in KnowSomeone, you authorize us to send your prompts and job/contact data to Anthropic's Claude API for AI processing. Here's what you should know:

  • Data Sharing: Your Chat prompts and relevant context (job details, contact names) are encrypted and sent to Anthropic's servers
  • No Training on Your Data: Under Anthropic's commercial terms, your conversations are not used to train future AI models
  • Data Encryption: Data is encrypted in transit (TLS) and at rest by Anthropic
  • Retention: Anthropic retains conversation data for a limited period to improve services; we recommend not sharing highly sensitive information in Chat
  • Your Responsibility: Never share passwords, social security numbers, credit card numbers, or other highly sensitive data in Chat prompts

You can disable Chat at any time in your account settings. All Chat suggestions are optional, and you remain in control of your outreach messages.

14. Contact Us

Have questions about this Privacy Policy or our data practices? Reach out:

Privacy Officer

Email: privacy@knowsomeone.com

We'll respond to privacy requests within 30 days (GDPR) or 45 days (CCPA).

Dispute Resolution

If you have concerns about our privacy practices, please contact us first at privacy@knowsomeone.com. If you're not satisfied:

  • GDPR (EU users): You have the right to lodge a complaint with your local data protection authority (DPA)
  • CCPA (California users): You can contact the California Attorney General at oag.ca.gov

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Email you 30 days in advance of the changes
  • Post the updated policy on this page with a new "Last Updated" date
  • Require your explicit consent for significant changes (e.g., new types of data sharing)

Your continued use of KnowSomeone after changes take effect means you accept the updated Privacy Policy. If you disagree with changes, you can delete your account anytime.

Last Updated: March 2026

Thank you for trusting KnowSomeone with your job search journey. We're committed to protecting your privacy and giving you control over your data.