Privacy & Security

1. Who we are

RiseMe is operated from the United States. For privacy questions or requests, contact support@riseme.ai. Our postal contact is RiseMe, Los Angeles, California, USA.

2. Information we collect

We collect information in the following categories:

2.1 Account information

When you create an account, we collect identifiers needed to authenticate you (for example, email address) and optional profile identifiers such as your name. Authentication and account storage may be handled by our service providers (see Section 7).

2.2 Career profile and content you provide

To power matching, recommendations, resume tools, and related features, you may provide:

• Resume or CV files and extracted text (skills, roles, employers, education, and similar professional details)
• LinkedIn URL or synced professional profile fields when you choose to connect or paste that information
• Skills, work history, "about" summaries, target role, and preferences
• Job-search preferences such as desired locations or regions, work arrangements, salary expectations, and visa-sponsorship needs
• Optional profile photo or attachments where the product invites you to upload them

Providing this content is voluntary, but limiting it may restrict certain features (for example, JD-level evaluations or tailoring that rely on an up-to-date profile).

2.3 Usage and device information

We automatically collect:

• Diagnostic and security data typical of hosted web apps: IP address, approximate location derived by our hosting provider where available, browser and device type, referring URLs, and timestamps
• In-app analytics when enabled (see Section 6), such as aggregated events tied to pages and features you use

2.4 Cookies and similar technologies

We use cookies and related technologies for:

• Keeping you signed in and securing sessions
• Remembering preferences where applicable
• Measuring Site traffic through Google Analytics 4 when we have configured a measurement ID—see Google's Privacy Policy and your browser controls for opting out or limiting cookies

2.5 Payments

Paid plans are processed by our payment processor. We receive subscription status, identifiers needed to reconcile your account with that processor, and limited billing metadata—not your full payment card number, which is handled directly by the processor according to its terms and privacy notice.

2.6 Communications

If you email us or use in-product contact paths, we keep those messages as needed to respond and improve support. Transactional emails (account, receipts, digest or product updates you have subscribed to) are sent through our email delivery provider using the address on file until you unsubscribe where applicable.

3. How we use your information

We use the information above to:

• Provide, operate, and secure the Service (authentication, troubleshooting, fraud prevention)
• Run job discovery, personalization, recommendation, and search experiences you request
• Generate AI-assisted outputs—for example JD-grounded evaluations, tailoring suggestions, interview prep materials, or embeddings—using the profile and job content you provide or that is needed for the task
• Deliver optional emails you have opted into (such as digest mail) with working unsubscribe mechanisms
• Understand aggregate usage trends to improve reliability and user experience
• Comply with law, enforce our terms, and protect rights and safety

4. Employer data sharing and applying

RiseMe helps you evaluate and prepare for listings; it is not an automatic recruiter marketplace that shares your resume with employers without your knowledge.

• No sale of personal information. We do not sell your personal information in the ordinary sense (no paid lists of job seekers).
• No employer sharing without your intentional action. We do not give your resume, inbox, or private profile dossier to prospective employers purely because you viewed a role. If you apply to an opportunity, submit materials, or disclose information outside RiseMe—typically on an employer's site or ATS—those actions are governed by that third party's policies.
• Vendors only as described. Third parties that help us operate the Service (hosting, email, analytics, AI, payments) process data under contractual obligations appropriate to their role, not for their independent marketing use of your career profile.

Public job listings aggregated on RiseMe originate from publicly available postings and partners; RiseMe's indexing of those postings does not by itself disclose your identity to those employers.

5. Artificial intelligence and model providers

Certain features rely on artificial intelligence hosted by vendors (for example, Google Gemini and, on some code paths, other providers such as OpenAI or Anthropic as configured in our environment). When you use those features, portions of your profile, resume text, job descriptions, or related prompts may be transmitted to the relevant vendor to generate a response.

We design flows to limit what is sent to what is needed for the feature. Model providers publish their own terms, privacy policies, and data-use rules; you should review them if you want detail on subprocessors and regions. Outputs are computed for Service delivery, caching, or quality—we do not knowingly use third-party APIs in a manner that repurposes your content for unrelated advertising by RiseMe beyond what each provider permits in its standard API offerings.

AI-generated guidance can be inaccurate; use human judgment before making career or legal decisions.

6. Analytics

Where Google Analytics 4 is enabled on the Site, we use it to understand traffic and conversion in aggregate. You may use browser extensions, device settings, or Google's opt-out mechanisms to reduce tracking. Locally stored events do not replace our server-side protections for authenticated data stores.

7. Service providers

We rely on vendors that process data solely to provide the Service, including:

• Database, authentication, and file storage (for example, Supabase)
• Application hosting and edge infrastructure (for example, Vercel)
• Caching and rate limiting (for example, Upstash Redis)
• Email delivery (for example, Resend)
• Payments and billing (Stripe)
• AI and embeddings providers (Google and others as configured)
• Product analytics (Google Analytics when enabled)

We vet providers for suitability and constrain use by contract where practicable. Substitutions may occur as we improve reliability; materially different practices will be reflected in updates to this Privacy Policy where appropriate.

8. Legal bases (EEA, UK, and similar jurisdictions)

If applicable law requires a "legal basis," we rely on one or more of:

• Contract: processing necessary to deliver the Service you signed up for
• Legitimate interests: securing the Site, analyzing aggregate usage, communicating about the product proportional to expectation
• Consent: optional cookies or emails where consent is required, which you can withdraw
• Legal obligation: compliance with subpoenas or regulators where mandated

9. Retention

We retain information as long as your account exists and for a reasonable period afterward for backups, dispute resolution, and legal compliance. Some derived data (for example cached scores) may persist for limited periods to improve performance and may be refreshed or purged as systems evolve. You may request deletion of personal data subject to exceptions (for example, records we must keep for tax or security).

10. Security

We take the security of your data seriously and apply multiple layers of protection:

10.1 Encryption

• In transit: all connections between your browser and our servers use TLS (HTTPS). Data is never transmitted in plain text.
• At rest: our database provider encrypts all stored data using AES-256, an industry-standard encryption algorithm used by banks and government agencies.

10.2 Access control

• Row-level security (RLS): database policies enforce that each user can only read and modify their own profile, skills, work history, and related data. No user can access another user's information through our API.
• Authentication: every request is verified with a signed JWT token. Elevated operations (such as background enrichment) use a separate service role that is never exposed to the browser.

10.3 What we do not do

• We do not expose your profile, resume, or personal details to other users, employers, or recruiters without your explicit action.
• We do not build a searchable candidate database for hiring companies.
• We do not sell or share your data for advertising or lead generation.

No online service is perfectly secure. We encourage you to use a strong, unique password and protect your devices. If you believe your account has been compromised, contact support@riseme.ai immediately.

11. International transfers

We are US-based and store and process personal data primarily in the United States. If you access the Service from other countries, your information may cross borders; where required, we rely on lawful transfer mechanisms recognized by regulators.

12. Your rights and choices

Depending where you live, you may have the right to:

• Access, correct, or delete personal information
• Object to or limit certain processing
• Withdraw consent where processing was consent-based
• Appeal denied requests where law provides appeal rights
• Submit privacy requests through support@riseme.ai. We may verify your identity before acting.

California residents may have additional rights under the CPRA—for example rights to know, delete, and correct certain information, and to limit use or disclosure of sensitive personal information in defined circumstances. RiseMe does not "sell" covered personal information as traditionally defined here, or "share" it for cross-context behavioral advertising as disclosed in Sections 4 and 6. You may still contact us via the email above.

13. Children

The Service is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. The Service is intended for users who are old enough to use job-search and career tools under applicable law. If you believe we have collected information from a child without appropriate consent, contact us and we will take appropriate steps.

14. Third-party links

The Service may link to employer career pages, ATS pages, social networks, and other sites not operated by RiseMe. Those sites' privacy practices govern once you leave our Service.

15. Changes

We may update this Privacy Policy to reflect operational, technical, or legal changes. We will post revisions on this page and adjust the effective date below. Continue using the Service after changes constitutes acceptance unless law requires explicit consent for a given change.

16. Contact

For privacy inquiries or requests:

Email: support@riseme.ai
Mail: RiseMe · Los Angeles, California, USA