Data Retention Policy
Version 1.0 · February 2026 · Broadlake Technologies LLC
This policy describes what data HireProxy.ai collects, where it is stored, and how long it is retained. HireProxy.ai is a multi-tenant SaaS platform where candidates create AI-powered career assistants. Data is managed across several services, each with specific retention practices.
Data We Collect & Retain
Account & Profile Data
Email address, hashed password, display name, and account settings. Stored in Supabase (PostgreSQL) with authentication managed by Supabase Auth.
Retention: Active account lifetime. Deleted within 30 days of account deletion request.
Career Data (Knowledge Base)
User profiles, work history, career stories, employment gaps, branding preferences, and other candidate-provided information used to power AI career assistants. Stored in Supabase (PostgreSQL) with Row Level Security enforcing tenant isolation. File attachments stored in Supabase Storage.
Retention: Active account lifetime. Candidates may edit or delete individual items at any time. All data deleted within 30 days of account deletion.
Conversation Logs
Messages exchanged between recruiters/hiring managers and AI career assistants, including questions asked and AI-generated responses. Stored in Supabase (PostgreSQL) and scoped to the respective tenant. Conversation content is also sent to the Anthropic Claude API for processing; see Anthropic's Privacy Policy for their data handling practices.
Retention: 90 days from creation, then automatically purged. Candidates may request earlier deletion.
Contact Events & AI Reports
Records of recruiter contact events and AI-generated summaries of interactions. Stored in Supabase (PostgreSQL) and associated with the candidate's tenant.
Retention: Active account lifetime. Deleted with the account.
Payment Data
Subscription and billing information processed through LemonSqueezy. HireProxy.ai does not store credit card numbers or full payment credentials directly. We retain a LemonSqueezy customer ID and subscription status in Supabase for account management.
Retention: Transaction records retained by LemonSqueezy per their data retention policies. Local subscription status retained for active account lifetime.
Transactional Email Logs
Email delivery records for account verification, password resets, and contact event notifications sent via Resend.
Retention: Delivery metadata retained by Resend per their data retention policies (typically 30 days). We do not store email content locally after dispatch.
Rate Limiting & Session Data
Truncated IP addresses, request counts, and timestamps used for rate limiting and abuse prevention. Stored in Vercel KV (Redis).
Retention: Expires automatically via TTL (typically minutes to hours). Not persisted long-term.
Error Monitoring Data
Application errors, stack traces, and performance metrics collected by Sentry for debugging and reliability improvement. May include request metadata but does not intentionally capture personal data.
Retention: Per Sentry's data retention settings (default 90 days).
Analytics Data
Page views and general usage patterns. Cookie consent is built into the platform but currently disabled behind the NEXT_PUBLIC_ENABLE_TRACKING feature flag. No tracking pixels are active at launch.
Retention: Per Vercel Analytics policy (typically 30 days) when enabled.
Data We Do Not Collect
- Social Security numbers, government-issued IDs, or biometric data
- Full credit card numbers or payment credentials (handled by LemonSqueezy)
- Precise geolocation data beyond IP address
- Cookies for tracking or advertising (consent mechanism is disabled at launch)
Your Rights
- Access: Contact us to request a copy of the personal data we hold about you
- Correction: Update your career data and profile information directly within the platform at any time
- Deletion: Request account deletion, which removes all associated data within 30 days. Conversation logs can be deleted independently.
- Portability: Request an export of your candidate-provided data in a standard format
- Opt-out: Deactivate your AI assistant or close your account at any time
Data Security
- All data transmitted over HTTPS with TLS encryption in transit
- Supabase provides encryption at rest for PostgreSQL and Storage
- API keys and secrets stored as environment variables, never in source code
- Row Level Security (RLS) enforces tenant data isolation at the database level
- Supabase Auth manages authentication with secure password hashing
Contact
Questions about data handling or retention: privacy@hireproxy.ai