Privacy Policy

At KnowSomeone, we believe privacy is a fundamental right. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our job search platform. We're committed to being transparent about our data practices and giving you control over your information.

If you have questions about this policy or our privacy practices, you can reach us at privacy@know-someone.com.

1. Information We Collect

2. How We Use Your Data

We use your information only for the following purposes:

• Account Management: Creating and managing your account, authenticating you securely, and resetting passwords
• Service Delivery: Providing the job tracker, storing your jobs and contacts, managing your subscription, sending you receipts
• Communication: Sending critical account notices (security alerts, billing information), feature updates, and promotional emails (you can opt out anytime)
• Service Improvement: Analyzing how you use the app to identify bugs, improve features, and create new functionality
• AI Features: If you enable the Chat feature, sending your prompts to Anthropic to generate AI-powered message drafts and insights
• Legal Compliance: Responding to legal requests, detecting fraud, and enforcing our Terms of Service
• Safety & Security: Protecting against unauthorized access, malicious activity, and data breaches

We do NOT use your data for automated decision-making that significantly affects you (e.g., we won't deny you service based on an algorithm). We also do NOT sell your personal data to third parties.

3. Data Sharing & Third-Party Processors

KnowSomeone works with the following service providers to deliver our platform. Each has signed a Data Processing Agreement committing to protect your data with security standards equal to or exceeding our own:

We do not share your data with marketing companies, data brokers, or third parties for their direct benefit. We also do not sell your personal information.

4. Cookies & Tracking

5. Your Rights & Choices

6. Data Retention & Deletion

We keep your data for as long as your account is active. Here's our retention schedule:

• Active Accounts: Your personal data, job tracker, and contacts are retained indefinitely while your account is active
• Deleted Accounts: When you delete your account, personal data is permanently deleted within 30 days
• Backup Copies: Due to backup systems, deleted data may persist in backups for up to 60 days after deletion
• Payment Records: Billing information is retained for 7 years to comply with tax and legal requirements
• Anonymized Analytics: Usage statistics are anonymized and retained indefinitely for product improvement

If you want faster deletion (e.g., immediately after submitting a deletion request), contact us at privacy@know-someone.com.

7. Data Security

Your data's security is critical to us. We implement industry-standard security measures:

• Encryption in Transit: All data traveling between your device and our servers is encrypted using TLS 1.2+ (HTTPS)
• Encryption at Rest: All databases are encrypted using AES-256 encryption
• Password Security: Passwords are hashed and salted using industry-standard algorithms (bcrypt); we never store passwords in plain text
• Access Controls: Only authorized employees with a legitimate business need can access user data; we implement role-based access controls and the principle of least privilege
• Regular Security Audits: We conduct third-party security audits and penetration testing annually
• Incident Response Plan: In the unlikely event of a data breach, we will notify affected users and regulatory authorities within the legally required timeframe (72 hours for GDPR, without unreasonable delay for California residents under California's data breach notification law, typically within 30-45 days)

However, no security system is 100% secure. Please protect your password and notify us immediately if you suspect unauthorized access to your account.

8. Data Storage & International Transfers

KnowSomeone is based in California, USA. Your data is primarily stored in the United States. If you're in the EU or another jurisdiction, your data may be transferred to and stored in the US for processing and service delivery. We rely on Data Processing Agreements with our processors (Supabase, Vercel, Stripe, Anthropic) to ensure adequate protection under Standard Contractual Clauses or similar legal mechanisms.

For EU Users: If you request an EU data region, Supabase can store your data in eu-west-1 (Ireland) to comply with GDPR localization preferences. To request this, email privacy@know-someone.com.

By using KnowSomeone, you consent to the transfer of your data to the US and other countries for processing and storage as described in this Policy.

9. GDPR-Specific Disclosures

10. CCPA/CPRA-Specific Disclosures

11. Third-Party Contact Data Disclaimer

When you add professional contacts (names, emails, LinkedIn URLs) to KnowSomeone, you represent that:

• You have a lawful basis to collect and store this information (e.g., you met them at work, at a conference, or through a mutual connection)
• You comply with all applicable privacy laws (GDPR, CCPA, etc.) when collecting and using this data
• You will use this contact data only for legitimate networking purposes (job referrals, professional outreach)
• You have not collected this data without consent or through deceptive means

KnowSomeone is not responsible for your compliance with privacy laws in your own outreach.If a contact recipient files a complaint about your messages, you are solely liable. We recommend you follow best GDPR best practices: don't send more than one follow-up email to unresponsive contacts within 30 days, honor unsubscribe requests immediately, and keep records of consent.

12. Children's Privacy

KnowSomeone is intended for adults and job seekers age 18 and older. We do not knowingly collect personal information from children under 13 (as required by the Children's Online Privacy Protection Act, COPPA). If we discover that a child under 13 has created an account, we will delete their account and all associated data immediately. Parents or guardians who believe their child has provided us with personal information should contact us at privacy@know-someone.com.

13. AI Features & Chat Disclosure

If you enable the Chat feature in KnowSomeone, you authorize us to send your prompts and job/contact data to Anthropic's Claude API for AI processing. Here's what you should know:

• Data Sharing: Your Chat prompts and relevant context (job details, contact names) are encrypted and sent to Anthropic's servers
• No Training on Your Data: Under Anthropic's commercial terms, your conversations are not used to train future AI models
• Data Encryption: Data is encrypted in transit (TLS) and at rest by Anthropic
• Retention: Anthropic retains conversation data for a limited period to improve services; we recommend not sharing highly sensitive information in Chat
• Your Responsibility: Never share passwords, social security numbers, credit card numbers, or other highly sensitive data in Chat prompts

You can disable Chat at any time in your account settings. All Chat suggestions are optional, and you remain in control of your outreach messages.

14. Contact Us

Have questions about this Privacy Policy or our data practices? Reach out:

15. California Data Breach Notification

California Civil Code Section 1798.82 requires us to notify you without unreasonable delay if we discover a breach of security involving your unencrypted or unredacted personal information.

In the event of a data breach affecting California residents, we will:

• Notify affected California residents without unreasonable delay (typically within 30-45 days)
• Notify the California Attorney General if the breach affects more than 500 California residents
• Provide information about what data was breached, what we're doing to investigate, and steps you can take to protect yourself
• Not require affected individuals to pay for credit monitoring services if it's included in our response

We take data security seriously and maintain incident response procedures to comply with California breach notification requirements.

16. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Email you 30 days in advance of the changes
• Post the updated policy on this page with a new "Last Updated" date
• Require your explicit consent for significant changes (e.g., new types of data sharing)

Your continued use of KnowSomeone after changes take effect means you accept the updated Privacy Policy. If you disagree with changes, you can delete your account anytime.

17. Additional California Consumer Rights

California Residents - Right to Request a Summary: Under California Civil Code Section 1798.100(d), you may request a summary of specific information regarding the categories of personal information we've collected about you, the sources of that information, and our business purposes for collecting it.

California Online Privacy Protection Act (CalOPPE) Compliance: This Privacy Policy is designed to comply with California's laws regarding online privacy and consumer protection. California residents have the right to know what information we collect, how it's used, and to whom it's disclosed.

Shine the Light Law: California residents may request information about whether we share personal information with third parties for their direct marketing purposes. If you're a California resident and would like to make such a request, email privacy@know-someone.com with "California Shine the Light" in the subject line. Please include your name and email address. We will respond within 30 days.