Privacy

Privacy is the default, not a setting you have to find.

Fitlane AI hides your identity from companies until you decide to share. Here is exactly what we collect, how we use it, and what controls you have.

Last updated · May 13, 2026

The short version

If you read nothing else, read this.

Anonymous by default

Your last name, photo and contacts stay hidden until you decide to share them with a specific company.

You choose who sees you

Block specific companies or whole email domains so your profile never shows up in their search.

CV stays on our side

AI parses your CV into structured fields. The raw file is shared only when you explicitly grant access.

Delete anytime

Erase your profile, applications and uploaded files from your account settings — no support ticket required.

What we collect

Only what we need to run the platform — nothing else.

Account data

Email, password hash, role (candidate / company / recruiter), and the OAuth provider you used to sign in (Google, GitHub, LinkedIn).

Candidate profile

First name, role title, seniority, skills, salary expectation, English level, location and remote preferences. Last name, photo, phone and email are stored separately as private contact fields.

CV files

PDFs or DOCX you upload. We extract structured data from them automatically; the raw file is only shared with companies after you grant access.

Company data

Company name, website, domain (used for the verified badge), public description, logo and the team members you invite.

Activity

Job views, applications, messages, contact-reveal events, match-score breakdowns and saved searches — used to power your feed and analytics.

Technical data

IP address, user agent, language and minimal cookies needed for sessions, CSRF protection and rate limiting.

How we use it

Five purposes. That is the whole list.

  1. Run the platform

    Authenticate you, keep your session, deliver pages, run the in-platform hiring chat and send transactional emails about your own activity.

  2. Match candidates and jobs

    Compute the deterministic match score in our code and cache the result. The full database is never sent to an external model.

  3. AI assistance

    Parse the text of a CV or job description with AI (OpenAI is our processor) and generate plain-language match-score explanations. We never send the full candidate or job database to the model.

  4. Protect the platform

    Detect abuse, rate-limit suspicious traffic, prevent unauthorized contact-reveal attempts and recover lost accounts.

  5. Improve the product

    Aggregate, de-identified usage metrics so we know which features work. We do not sell personal data to advertisers.

Who we share data with

We do not sell your data. Period.

Companies you choose to engage with

A company sees your anonymous profile until you reveal your contacts to them. Revealing is logged so you have a record of who has seen what.

Companies that match your job preferences

Your anonymous profile may appear in a company's candidate search when their job description matches your stated preferences. They see your skills, seniority, salary and location range — not your identity.

AI provider (OpenAI)

Only the text we need to parse — the contents of one CV or one job description at a time, plus the structured fields we send for an explanation. No bulk database access. We do not use OpenAI for ranking.

Infrastructure providers

Hosting, email delivery and storage providers process data on our instructions, under contractual confidentiality obligations.

Legal

We disclose data when compelled by a binding court order or when needed to protect the platform from imminent abuse. We notify the affected user when legally permitted.

Your controls

Real buttons in real Settings — not vague promises.

Anonymous mode

Default on. Toggle name, photo and contact visibility from your profile.

Hidden companies

Block specific companies or whole email domains so your profile never surfaces in their searches.

Contact reveal log

See exactly which companies have unlocked your contacts and when.

Saved & hidden jobs

Curate your own feed — save what fits, hide what does not.

Export

Download a machine-readable copy of your profile, applications and messages.

Delete

Erase your account, CVs and conversations from Settings. Backup copies are purged within 30 days.

AI & your data

What AI does — and what it does not

AI does

  • Parse the text of one CV at a time into structured fields.
  • Parse one job description into a structured vacancy.
  • Generate plain-language explanations of a single match score.

AI does NOT

  • Rank candidates against jobs — that is deterministic PHP code, cached.
  • Receive your contacts, last name or photo.
  • See the full candidate or job database in a single prompt — ever.

AI provider: OpenAI. Inputs are sent over TLS with API access controls; we do not authorize the provider to use your data to train their models.

Public company profiles

Business information, not personal data.

Fitlane AI may display company profiles sourced from publicly available business information — such as company name, website, careers page, industry, location, company size, public description, technology tags and publicly listed vacancies. Company descriptions may be generated or summarized from public sources using AI.

We do not intentionally publish personal contact details of employees or recruiters without consent. This means we do not publish: personal email addresses, phone numbers, Telegram or LinkedIn personal profiles, employee names, CVs, or private messages.

If personal information appears on a company profile by mistake, you can submit a data removal request. Company representatives can also claim, update, or request removal of a profile at any time.

We track the source URL and the date each profile was last verified. We respect robots.txt directives and applicable terms of service when collecting public data.

How long we keep data

Defaults you can override by deleting your account.

Data Retention
Active accounts Kept while your account is active. You can delete at any time.
Deleted accounts Purged from primary databases immediately. Encrypted backups are rotated within 30 days.
Hiring chat history Kept while either side of the conversation has an active account. Deleted with the account that initiated it.
Billing records Kept for the period required by tax and accounting law in our jurisdiction (typically 5–10 years), even after account deletion.
Logs Security and rate-limit logs kept for up to 90 days, then rotated.

Other privacy topics

Cookies

We use first-party cookies for sessions, CSRF protection and saving your UI preferences. We do not run third-party advertising trackers.

Security

All traffic over TLS. Passwords stored with bcrypt. CV files stored with restricted access and signed download URLs. Rate limiting on authentication and contact-reveal events.

International transfers

Our primary infrastructure runs in the EU. Sub-processors outside the EU operate under standard contractual clauses.

Children

Fitlane AI is intended for users aged 16 and over. We do not knowingly collect data from anyone younger.

Changes

When we materially change this policy we update the "Last updated" date and notify active accounts by email at least 14 days before the change takes effect.

Your rights

Access, rectification, deletion, export and objection are all built into Settings. You can also email us directly.

Questions about your data?

Email us. A human at Fitlane AI will reply, not a ticket bot.

support@fitlaneai.com

See also: Terms of Service