Shortlisted

Legal

Privacy Policy

Last updated: April 19, 2026

This policy explains what data Shortlisted collects, how we use it, and your rights. We try to write it in plain English.

The short version

  • We collect your resume, account info, and the usage data needed to run the service.
  • We do not sell your data.
  • We do not run advertising or targeted ads.
  • We send your resume content to Anthropic (our AI provider) for processing — Anthropic does not train on it.
  • You can delete all your data at any time from account settings or by emailing hello@shortlisted.site.

What we collect

Account data. Email address, name (optional), authentication provider (if you use Google or LinkedIn login).

Resume and profile data. The resume you upload or build, your role preferences, target geographies, salary expectations, career history, and skills inventory. This is the core data we use to give you fit analyses and tailored applications.

Search and application data. Jobs you’ve bookmarked, fit analyses we’ve run for you, resumes and cover letters we’ve generated, and your application pipeline status.

Usage and technical data. Pages visited, features used, browser type, device info, IP address, and session timestamps. Used for debugging, improving the product, and preventing abuse.

Billing data. If you subscribe, Stripe handles payment information. We see your subscription status, plan, and billing email — we never see your full card number.

How we use it

  • To run the Shortlisted service (fit analysis, resume tailoring, search).
  • To process payments via Stripe.
  • To send you account-related emails (magic links, receipts, security notices).
  • To debug problems and improve the product.
  • To prevent abuse (rate limiting, fraud detection).
  • To comply with legal obligations.

Who we share it with

We use a small set of service providers, each bound by data processing agreements:

  • Anthropic. We send resume content, job descriptions, and conversation history to Anthropic’s Claude API to generate fit analyses, tailored resumes, and cover letters. Anthropic does not train on data sent via their API.
  • Neon. Our PostgreSQL database provider. Stores your account and profile data at rest, encrypted.
  • Vercel. Our hosting provider. Runs the web application and serverless functions.
  • Stripe. Payment processing for Pro subscriptions.
  • Resend. Transactional email delivery (magic links, receipts).

We do not sell, rent, or trade your personal data to third parties for their own marketing. We do not run ad networks on the site.

Your rights

Under GDPR, CCPA, and similar laws, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and all associated data.
  • Export your data in a portable format.
  • Object to processing and withdraw consent.

To exercise any of these, email hello@shortlisted.site. We respond within 30 days.

Data retention

Account and profile data: kept while your account is active, plus 30 days after deletion (for backup rotation). Usage logs: kept up to 12 months. Billing records: kept 7 years for tax and audit compliance.

Cookies

We use a session cookie (jobsearch_session) to keep you logged in. We do not use third-party tracking cookies or advertising cookies.

Children’s privacy

Shortlisted is not intended for users under 16. We do not knowingly collect data from children. If you believe we have, email us and we will delete it.

Changes to this policy

If we materially change how we handle your data, we will email registered users and post a notice on the site at least 14 days before the change takes effect.

Contact

Questions? Email hello@shortlisted.site.