Last Updated: 11/22/2025
🔒 Your Privacy Matters
This Privacy Policy explains how Cleared Roles collects, uses, discloses, and protects your personal information. We are committed to protecting job seeker anonymity and maintaining the security of all user data.
1. Introduction
Cleared Roles ("we," "us," "our," or "Company") operates an online platform connecting security-cleared professionals with verified employers (the "Platform"). This Privacy Policy describes our practices regarding the collection, use, disclosure, and protection of personal information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Personal Information Protection and Electronic Documents Act (PIPEDA), Privacy Act 1988 (Australia), and Privacy Act 2020 (New Zealand).
By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, you must discontinue use of the Platform immediately.
2. Information We Collect
2.1 Information Provided Directly by You
Job Seekers:
- Account Information: Email address, password (hashed and encrypted), country of residence
- Profile Information: Security clearance levels, skills, work experience, education, certifications, location (city/region), availability, salary expectations
- Anonymous Handle: Auto-generated identifier that protects your identity
- Resume/CV: Optional document uploads stored securely and not publicly visible
- Job Preferences: Desired job types, industries, locations, clearance levels
- Communications: Messages sent through the Platform, application materials, correspondence with recruiters
Recruiters:
- Account Information: Name, business email address, password (hashed and encrypted), job title
- Business Information: Company name, business address, phone number, company website, business registration details
- Verification Documents: Business email verification, company registration documents, authorized representative documentation
- Payment Information: Credit card details, billing address, tax identification numbers (processed and stored by Stripe, Inc.)
- Job Postings: Job descriptions, requirements, salary ranges, locations, clearance requirements
- Team Members: Information about additional team members added to your account
2.2 Information Collected Automatically
- Device Information: IP address, browser type and version, operating system, device type
- Usage Data: Pages visited, time spent on pages, click patterns, search queries, job views, applications submitted
- Cookies and Similar Technologies: Session cookies, authentication tokens, preference cookies
- Log Data: Access times, error logs, security events
- Analytics Data: Aggregate usage patterns, feature engagement, platform performance metrics
2.3 Information from Third Parties
- Authentication Providers: If you sign in using third-party services (e.g., Google, LinkedIn), we receive basic profile information
- Payment Processors: Transaction confirmation and payment status from Stripe
- Business Verification Services: Company validation data for recruiter verification
3. How We Use Your Information
3.1 To Provide and Improve Services
- Create and manage user accounts
- Facilitate job matching between candidates and employers
- Process job applications and direct offers
- Enable secure messaging between users
- Provide customer support and respond to inquiries
- Analyze usage patterns to improve Platform functionality
- Develop new features and services
3.2 For Verification and Security
- Verify recruiter business legitimacy
- Detect and prevent fraud, abuse, and security incidents
- Monitor for prohibited content, including classified information
- Enforce our Terms of Service
- Maintain platform security and integrity
3.3 For Payment Processing
- Process subscription payments and credit pack purchases
- Manage billing and invoicing
- Handle refund requests
- Maintain transaction records for tax compliance
3.4 For Communications
- Send transactional emails (account creation, password reset, payment confirmation)
- Deliver job alerts and notifications
- Provide customer support communications
- Send important service announcements
- Facilitate messaging between job seekers and recruiters
3.5 For Legal Compliance
- Comply with applicable laws, regulations, and legal processes
- Respond to lawful requests from government authorities
- Protect our rights, property, and safety, and that of our users
- Enforce our agreements and policies
- Report suspected violations of national security laws
4. Legal Bases for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal information based on the following legal grounds:
- Contract Performance: Processing necessary to provide services under our Terms of Service
- Consent: Where you have given explicit consent for specific processing activities
- Legitimate Interests: Processing necessary for our legitimate business interests (fraud prevention, platform security, service improvement) that do not override your rights
- Legal Obligation: Processing required to comply with applicable laws and regulations
5. Information Sharing and Disclosure
5.1 Job Seeker Anonymity Protection
We prioritize job seeker privacy. Your personal contact information (name, email, phone number) is NEVER shared with recruiters unless you explicitly choose to reveal it. Recruiters see only:
- Your auto-generated anonymous handle
- Your profile information (skills, clearances, experience, location at city/region level)
- Any information you voluntarily include in applications or messages
You maintain complete control over when and to whom you reveal your identity. Messages are relayed through the Platform to protect your email address.
5.2 With Verified Recruiters
Verified recruiters with active accounts can access job seeker profile information (excluding personal contact details) to facilitate job matching. Recruiters are contractually prohibited from attempting to identify or contact candidates outside the Platform.
5.3 With Service Providers
We share information with third-party service providers who perform services on our behalf:
- Hosting and Infrastructure: Cloud storage and computing services
- Payment Processing: Stripe, Inc. for payment and subscription processing
- Email Services: Transactional email delivery providers
- Analytics: Plausible Analytics - privacy-friendly, cookieless analytics (no personal data collected)
- Customer Support: Help desk and support ticket systems
All service providers are contractually bound to protect your information and use it only for specified purposes.
5.4 For Legal Reasons
We may disclose information when required by law or when we believe disclosure is necessary to:
- Comply with legal obligations, court orders, or government requests
- Enforce our Terms of Service or other agreements
- Detect, prevent, or address fraud, security, or technical issues
- Protect the rights, property, or safety of Cleared Roles, our users, or the public
- Report suspected violations of national security laws or regulations
5.5 Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor entity. We will provide notice before your information becomes subject to a different privacy policy.
5.6 With Your Consent
We may share information with third parties when you provide explicit consent for such sharing.
6. Data Security
6.1 Security Measures
We implement industry-standard security measures to protect your information:
- Encryption: TLS 1.2+ encryption for all data in transit; AES-256 encryption for sensitive data at rest
- Authentication: Passwords hashed using bcrypt with salting; multi-factor authentication available
- Access Controls: Role-based access control (RBAC); principle of least privilege
- Network Security: Firewall protection, intrusion detection systems, DDoS protection
- Monitoring: Continuous security monitoring and logging
- Audits: Regular security assessments and vulnerability testing
- Content Scanning: Automated screening for prohibited content including classified information
6.2 Data Breach Notification
In the event of a data breach affecting personal information, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of discovery.
6.3 Limitations
While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials.
7. Data Retention
7.1 Retention Periods
- Active Accounts: Information retained while your account remains active
- Inactive Accounts: Accounts inactive for 24 months are automatically deleted
- Deleted Accounts: Personal information deleted within 30 days of account deletion request
- Transaction Records: Retained for 7 years to comply with tax and financial regulations
- Audit Logs: Security and access logs retained for 12 months
- Legal Hold: Information may be retained longer when required by law or legal proceedings
- Aggregate Data: Anonymized, aggregate data may be retained indefinitely for analytics
7.2 Backup Retention
Backup copies of deleted data may persist for up to 90 days in our backup systems before permanent deletion.
8. Your Privacy Rights
8.1 Access and Portability
You have the right to request a copy of your personal information in a structured, machine-readable format. We will provide this data within 30 days of your request.
8.2 Correction and Update
You can update most of your information through your account settings. For information you cannot update yourself, contact us at privacy@clearedroles.com.
8.3 Deletion
You have the right to request deletion of your account and personal information. Account deletion can be initiated through account settings or by contacting us. Note that certain information may be retained as described in Section 7.
8.4 Objection and Restriction
You can object to certain processing activities or request restriction of processing. Contact us at privacy@clearedroles.com to exercise these rights.
8.5 Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
8.6 Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe we have violated your privacy rights.
9. International Data Transfers
9.1 Cross-Border Transfers
We operate globally and may transfer your information to countries outside your residence, including countries that may not provide the same level of data protection as your home country.
9.2 Safeguards
When transferring data internationally, we implement appropriate safeguards, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by relevant authorities
- Binding corporate rules
- Explicit user consent for transfers where required
10. Cookies and Tracking Technologies
10.1 Types of Cookies We Use
- Essential Cookies: Required for authentication, session management, and security (cannot be disabled)
- Functional Cookies: Remember your preferences and settings
10.2 Cookieless Analytics
We use Plausible Analytics, a privacy-friendly, cookieless analytics platform. Plausible:
- Does not use cookies or local storage
- Does not collect personal data or track individuals
- Is 100% GDPR, CCPA, and PECR compliant
- Collects only aggregate, anonymous usage statistics
- Does not share data with third parties for advertising
10.3 Third-Party Cookies
We do not use third-party advertising or tracking cookies. Payment processing by Stripe may set cookies subject to Stripe's privacy policy.
10.4 Cookie Management
You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality.
11. Children's Privacy
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us at privacy@clearedroles.com.
12. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature. Our Platform does not currently respond to DNT signals as there is no industry-standard for how to respond to such signals.
13. Third-Party Links
The Platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
14. Jurisdiction-Specific Rights
14.1 European Economic Area (GDPR)
If you are in the EEA, UK, or Switzerland, you have additional rights under GDPR, including:
- Right to object to processing based on legitimate interests
- Right to data portability
- Right not to be subject to automated decision-making
- Right to lodge complaints with supervisory authorities
14.2 California (CCPA)
California residents have the right to:
- Know what personal information is collected, used, shared, or sold
- Delete personal information (subject to exceptions)
- Opt-out of sale of personal information (we do not sell personal information)
- Non-discrimination for exercising CCPA rights
To exercise these rights, contact us at privacy@clearedroles.com or call our toll-free number (if applicable).
14.3 Canada (PIPEDA)
Canadian users have rights under PIPEDA, including the right to access personal information and challenge its accuracy.
14.4 Australia (Privacy Act 1988)
Australian users have rights under the Australian Privacy Principles (APPs), including the right to access and correct personal information.
14.5 New Zealand (Privacy Act 2020)
New Zealand users have rights under the Privacy Act 2020, including the right to access and correct personal information.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of material changes by:
- Posting the updated policy on the Platform with a new "Last Updated" date
- Sending email notification to your registered email address
- Displaying a prominent notice on the Platform
Your continued use of the Platform after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.
16. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Cleared Roles Contact
Email: contact@clearedroles.com
By using Cleared Roles, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy.
