Privacy Policy

Effective Date: March 25, 2026

SIFTED (“we,” “us,” or “our”) operates the website located at sifted.devand provides the SIFTED platform (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you access or use our Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information. When you sign in via Google OAuth, we receive your name, email address, and profile picture from your Google account.
  • Resume Data. If you upload a resume, we parse it using artificial intelligence to extract structured data including work history, education, skills, and achievements. The original file is processed in memory and is not permanently stored on our servers.
  • Campaign Data. Information you provide when creating outreach campaigns, including target roles, locations, and companies.
  • Email Content. Draft and sent email content generated through our platform, including subject lines and message bodies.

1.2 Information Collected Automatically

  • Usage Data. We collect information about how you interact with the Service, including pages visited, features used, and actions taken.
  • Email Tracking Data. When emails are sent through the Service, we may track whether recipients open the email using a tracking pixel. This data is associated with the specific email record and is used to provide you with delivery analytics.
  • Device and Connection Information. We may collect your IP address, browser type, operating system, and referring URLs when you access the Service.

1.3 Information from Third Parties

  • Google OAuth. We receive authentication tokens from Google to verify your identity and, with your explicit consent, to send emails on your behalf via the Gmail API.
  • Contact Enrichment Providers. We may use third-party data providers (such as ProxyCurl or web scraping services) to discover publicly available professional contact information for the purposes of your outreach campaigns.
  • Job Listing Providers. We aggregate job listings from third-party APIs to match them against your profile and preferences.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve the Service;
  • To authenticate your identity and manage your account;
  • To generate personalized email drafts using artificial intelligence;
  • To send emails on your behalf through the Gmail API, only with your explicit authorization;
  • To track email delivery and engagement metrics for your campaigns;
  • To match your resume data against job listings and identify relevant opportunities;
  • To discover and enrich professional contact information for your outreach campaigns;
  • To enforce our Terms of Service and prevent misuse of the platform;
  • To comply with applicable legal obligations.

3. Google API Services User Data Policy

SIFTED’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to the Gmail send scope (gmail.send) and use it solely to send emails that you have explicitly drafted and approved within the Service.
  • We do not read, scan, or index the content of your Gmail inbox.
  • Gmail access tokens and refresh tokens are stored securely and are used exclusively for the purpose of sending emails on your behalf.
  • You may revoke Gmail access at any time from the Settings page or from your Google Account permissions.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers. We engage third-party service providers to perform functions on our behalf, including hosting (Vercel), database services (Supabase), AI processing (Anthropic), and contact enrichment. These providers have access to your information only to the extent necessary to perform their functions and are contractually obligated to maintain confidentiality.
  • Email Recipients. When you send an email through the Service, the recipient will receive the email content, your name, and your email address. Emails are sent from your own Gmail account.
  • Legal Requirements. We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers. In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. You may delete your account and all associated data at any time from the Settings page. Upon account deletion, we will remove your data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

6. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted session tokens (HMAC-SHA256), HTTPS encryption in transit, and secure storage of OAuth credentials. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Access. You may request a copy of the personal information we hold about you.
  • Correction. You may request that we correct inaccurate or incomplete information.
  • Deletion. You may request that we delete your account and personal information.
  • Data Portability. You may export your data from the Settings page at any time.
  • Withdraw Consent. You may disconnect Gmail access or delete your account at any time.
  • Objection. You may object to certain processing activities where we rely on legitimate interests.

To exercise any of these rights, please contact us at privacy@sifted.dev.

8. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

9. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

10. Cookies and Tracking Technologies

We use a single session cookie (sifted_session) that is essential for authentication and the functioning of the Service. This cookie is HTTP-only, secure in production, and uses the SameSite “lax” attribute. We do not use advertising cookies, third-party tracking cookies, or analytics cookies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the “Effective Date” above. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

SIFTED
Email: privacy@sifted.dev