Privacy policy.

1. Information we collect

From employers:

• Company name, contact name, work email
• Hashed password (we never store plaintext)
• Job posting content you submit (titles, descriptions, compensation ranges, apply URLs)
• Billing information — invoice amount, payment method, and payment status. We do not collect or store credit card numbers. When an admin issues a Stripe-hosted payment link for an invoice, we store the resulting Stripe identifiers (e.g. payment intent id) on the related invoice row for audit and reconciliation only.
• Company logo and website (if provided)

From candidates (job seekers):

• Email address (required to receive application receipts)
• Profile data you choose to provide: first/last name, phone, LinkedIn URL, headline, city/state, years of experience, project types, certifications, union status, travel and employment preferences
• Resume file (PDF, DOC, or DOCX) — stored encrypted at rest in Cloudflare R2
• Applications you submit to posted jobs
• Saved jobs and job-alert filter criteria

Automatically: limited analytics (page views, referral source, device type) and standard web server logs (IP address, user agent, timestamp).

2. How we use your information

• Authenticate you and manage your account
• Publish job postings and deliver candidate applications
• Issue invoices and reconcile payments. Admins may send a Stripe-hosted payment link with an invoice; Stripe processes the card itself, and we receive only the resulting payment status.
• Send transactional email (account verification, password reset, application receipts, employer notifications of new applications, receipts)
• Send product emails only to users who have explicitly opted in (newsletter, weekly employer digest)
• Prevent abuse (rate limiting, content moderation, fraud detection on payment flows)
• Debug errors via anonymized Sentry traces
• Understand aggregate usage via PostHog analytics

3. Third-party processors

We rely on the following subprocessors, each with their own privacy policy:

• Neon (US) — PostgreSQL database hosting. SOC 2 Type II. Stores all application data.
• Cloudflare R2 (US) — object storage. Stores encrypted resume files and company logos.
• Vercel (US) — application hosting, edge network, SSL.
• Stripe (US) — PCI DSS Level 1 payment processing. Card data never touches our servers.
• Resend (US) — transactional email delivery (DKIM/SPF authenticated).
• Sentry (US) — error tracking. We scrub known PII from error payloads before sending.
• PostHog (US) — product analytics. Masks form inputs on authenticated surfaces; no third-party advertising cookies.

4. Data retention

• Active accounts: retained for as long as the account is active.
• Candidate deletion: on request, your profile, saved jobs, job alerts, resume files, and authentication tokens are deleted; applications you submitted are retained in anonymizedform (no name, no email, no resume) so employers keep an audit record of “someone applied on this date.”
• Employer deletion: on request, your employer account is deleted and any active job postings are closed. Paid-posting records are retained for tax and accounting purposes for up to 7 years.
• Aggregate analytics: retained indefinitely in non-identifiable form.
• Security logs: server logs and rate-limit buckets rotate on a 30-day window.

5. Your rights (access, correction, deletion, portability)

Regardless of your location, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data — candidates can edit their profile at any time; employers can edit company details in Settings.
• Deleteyour account — candidates via Profile → Delete my account; employers via Settings → Danger zone.
• Export your data in a portable format (email privacy@siteleadjobs.com).
• Opt out of non-transactional email at any time.

California residents have additional rights under CCPA/CPRA including the right to know categories of personal information collected and sold (we do not sell personal information). EU / UK residents have rights under GDPR/UK-GDPR including the right to restrict processing and the right to lodge a complaint with a supervisory authority. Email privacy@siteleadjobs.com to exercise any right.

6. Cookies and analytics

We use:

• Strictly necessary cookies — a secure HTTP-only session cookie for sign-in. Cannot be turned off without breaking authentication.
• Analytics cookies (PostHog)— first-party cookies for product analytics. You can opt out via the consent banner at the bottom of any page, or by enabling “Do Not Track” in your browser.

We do not use third-party advertising cookies, cross-site tracking, or retargeting pixels.

7. Candidate-specific notices

When you apply to a job, the employer receives your email, the profile data you've chosen to share, and a link to your resume. Employers agree under their own Terms of Service to use candidate data solely for evaluating the application and not to share it externally or use it for unrelated purposes. If you believe an employer has misused your data, contact us at privacy@siteleadjobs.com.

8. Employer-specific notices

Employers act as independent data controllers for the candidate data they receive through our platform and are responsible for their own compliance with applicable privacy and employment laws (EEOC, ADA, GDPR, CCPA, state fair-hiring statutes). SiteLeadJobs acts as a processor solely for the transmission and delivery of applications.

9. Changes to this policy

Material changes will be announced by email to affected users at least 14 days before taking effect. Non-material changes will be reflected in the “Effective” date at the top of this page. Continued use of the platform after the effective date constitutes acceptance of the revised policy.