Privacy Policy

Last updated: April 13, 2026

1. Introduction
2. Information We Collect
3. How We Use Your Information
4. AI Processing Disclosure
5. Data Storage and Security
6. Data Retention
7. Your Rights (DPDP Act)
8. Children's Privacy
9. Third-Party Services
10. Changes to This Policy
11. Contact Us

1. Introduction

Welcome to Clear Desk ("Company," "we," "us," or "our"). Clear Desk is an AI-powered resume screening platform designed to help HR teams and recruiters evaluate and rank job candidates efficiently.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at cleardesk.app and our web application (collectively, the "Service"). Please read this policy carefully. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

We collect information in the following categories:

2.1 Account Information

When you register, we collect your name, email address, and optionally your company name. This information is required to create and manage your account.

2.2 Resume Data

When you upload resumes for screening, we process the text content of PDF files. Resume data may include candidate names, contact information, work history, education, and skills. You are responsible for ensuring you have proper authorization to upload this data.

2.3 Job Descriptions

Job descriptions you create or generate using our AI tools are stored in your account and used to perform resume screening.

2.4 Usage Data

We collect information about how you use the Service, including the number of screenings performed, features used, timestamps of activity, and screening results.

2.5 Technical Data

We automatically collect IP addresses, browser type and version, device information, operating system, referring URLs, and pages visited. This data helps us maintain security and improve the Service.

2.6 Cookies

We use strictly necessary cookies for authentication session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the AI resume screening service
Process resumes against job descriptions and generate match scores
Generate AI-powered job descriptions and interview questions
Send service communications (account verification, password resets, important updates)
Improve our AI prompts and service quality using anonymized, aggregated data only
Prevent fraud, abuse, and unauthorized access
Comply with legal obligations

What We Do NOT Do

We do NOT sell your personal data to any third party
We do NOT share resume data with third parties for marketing purposes
We do NOT use your data for advertising
We do NOT use your data to train AI models

4. AI Processing Disclosure

Transparency about our AI processing is important to us. Here is how we handle your data in our AI pipeline:

AI Provider:Resume text is sent to Groq Inc.'s API for analysis using large language models (LLMs). Groq processes the data in real-time and does not store your data after processing.
Processing: Analysis is performed in real-time. Resume text is sent to the AI, a response is generated, and results are returned to our servers within seconds.
Storage: AI-generated analysis results (match scores, skill assessments, summaries) are stored in our database, associated with your account.
No Model Training: Your resume data and job descriptions are NOT used to train, fine-tune, or improve any AI models. Data is used solely for providing the screening service.

5. Data Storage and Security

We take the security of your data seriously and implement multiple layers of protection:

Database: Data is stored on Supabase, a hosted PostgreSQL database with enterprise-grade security features.
Encryption in Transit: All data is encrypted during transmission using HTTPS/TLS 1.3.
Row Level Security: Supabase Row Level Security (RLS) policies ensure complete data isolation between users. You can only access your own data.
Authentication: User authentication is handled by Supabase Auth with secure password hashing (bcrypt) and session management.
Backups: Regular automated database backups are maintained.
Access Controls: Administrative access to production systems is restricted and logged.

6. Data Retention

We retain your data according to the following schedule:

Account Data: Retained until you delete your account.
Resume Data: Uploaded resume text is retained for 90 days after upload, then automatically deleted. Screening results are retained separately.
Screening Results: AI analysis results, match scores, and candidate data are retained until you delete your account or manually remove them.
Server Logs: Technical and access logs are retained for 30 days, then automatically purged.

7. Your Rights (DPDP Act — India)

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, you have the following rights:

Right to Access: You may request a copy of all personal data we hold about you.
Right to Correction: You may request correction of any inaccurate or incomplete personal data.
Right to Erasure: You may request deletion of your personal data. We will comply within 30 days, subject to legal retention requirements.
Right to Data Portability: You may export your data (job postings, candidate results) in CSV format using our built-in export feature.
Right to Withdraw Consent: You may withdraw consent for data processing at any time by deleting your account.

To exercise any of these rights, contact us at privacy@cleardesk.app. We will respond within 30 days.

8. Children's Privacy

Clear Desk is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that a user is under 18, we will promptly delete their account and associated data.

9. Third-Party Services

We use the following third-party services to operate Clear Desk:

Supabase (supabase.com) — Database hosting, user authentication, and file storage. Receives: account information, job data, screening results.
Groq (groq.com) — AI inference provider. Receives: resume text and job descriptions for real-time analysis. Data is not stored by Groq after processing.
Vercel (vercel.com) — Application hosting and CDN. Receives: technical request data (IP, user agent) for serving the application.

Each third-party service operates under their own privacy policy. We encourage you to review their policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will notify users via email and/or a prominent notice on the Service. The "Last Updated" date at the top of this policy will be revised accordingly.

Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@cleardesk.app
Response Time: We aim to respond to all inquiries within 30 business days.