Privacy Policy

Welcome to HuntingPad - the Gamified Job Application Tracker (the "Extension," "we," "us," or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Chrome Extension.

This policy is designed to be transparent and compliant with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), UK, and Switzerland, and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for residents of California, USA.

Please read this policy carefully. By using the Extension, you acknowledge you have read and understood this Privacy Policy.

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("Personal Information"). We strive to collect only the minimum amount of Personal Information necessary for the specified purposes (Data Minimization).

We may collect the following categories of Personal Information:

• Identifiers: Such as your Google Account identifiers (e.g., email address, name, profile picture, depending on the permissions you grant during Google OAuth sign-in), unique identifiers associated with your Extension account, and IP address.
• Customer Records Information: Information you provide for your account or potential premium services, which may overlap with Identifiers obtained via Google OAuth.
• Commercial Information: Records related to potential future premium subscriptions purchased (processed via Stripe).
• Internet or Other Electronic Network Activity Information: Information about your interaction with our Extension, such as feature usage, clicks, gamification activity logs, XP earned, levels achieved, badges earned, challenge participation, and general engagement metrics. This may include browser type and technical logs for operational purposes.
• Professional or Employment-Related Information: Job application details you voluntarily provide, such as job titles, company names, application status, notes, and deadlines. If you use future premium features, this may include text selected from job ads for AI processing.
• Inferences: We may derive inferences from the information above to understand user preferences or engagement patterns (e.g., likelihood of burnout based on activity).

Sources of Information:

• Directly from You: When you manually input job data, interact with features, or contact us.
• Via Google OAuth: When you sign up or log in using your Google Account, Google provides us with certain profile information based on the permissions requested and granted.
• Automatically: When you use the Extension (usage data, technical data).
• From Third Parties: Such as our payment processor (Stripe).

Sensitive Personal Information: We do not intentionally collect sensitive personal information (like government IDs, precise geolocation, race, religion, health data, genetic data, or contents of private communications) unless it's strictly necessary for a service you request and explicit consent is obtained where required. Account credentials (passwords) are managed by Google; we do not receive or store your Google password.

We use your Personal Information only for specific, explicit, and legitimate purposes (Purpose Limitation). Our purposes for using your Personal Information and the GDPR legal bases are:

• To Provide and Manage the Service: To authenticate you via Google OAuth, operate the core job tracking, gamification, and anonymous squad features of the Extension, manage your account, provide customer support, and fulfill our contractual obligations to you.
  GDPR Legal Basis: Performance of a Contract, Legitimate Interest (to provide and improve the service).
• To Provide Premium Features (Future): To deliver AI-assisted features and process payments via Stripe for premium subscriptions.
  GDPR Legal Basis: Performance of a Contract.
• To Improve and Personalize the Service: To analyze usage trends, understand user needs, troubleshoot issues, improve features, and personalize your experience (e.g., through gamification).
  GDPR Legal Basis: Legitimate Interest (to enhance our service), Consent (where specific personalization requires it).
• For Security and Compliance: To maintain the security and integrity of our Extension, prevent fraud, enforce our terms, and comply with legal obligations.
  GDPR Legal Basis: Legal Obligation, Legitimate Interest (to protect our service and users).
• To Communicate With You: To send service-related notifications, respond to inquiries, and inform you about updates (you may opt-out of non-essential communications).
  GDPR Legal Basis: Performance of a Contract, Legitimate Interest.

We do not "sell" your Personal Information as the term is traditionally understood or as defined under the CCPA. We also do not "share" your Personal Information for cross-context behavioral advertising. We may disclose your Personal Information for business purposes to the following categories of recipients:

• Service Providers: We engage third-party companies and individuals to perform services on our behalf, such as:
  • Authentication: Google (handles sign-up/login via OAuth). Note: Google acts as the identity provider; we receive information from them based on your consent.
  • Payment Processing: Stripe (handles premium subscription payments).
  • Hosting & Infrastructure: Providers for our backend (e.g., Ruby on Rails API hosting).
  • Analytics: Providers to help us understand usage patterns.
  • Future AI Services: Providers for premium AI features.

  These providers have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose (except for Google, whose use of data is governed by their own Privacy Policy when you use their services). We have contracts in place with other providers requiring them to protect your data.

• Within Anonymous Squads: Anonymized activity (like earning a badge or reacting with an emoji) may be visible to members of your anonymous squad to foster camaraderie. Your identity is not revealed to squad members through this feature.
• Legal Requirements: If required by law, regulation, legal process, or governmental request (e.g., subpoena, court order).
• Protection of Rights: To enforce our terms, protect our rights, privacy, safety, or property, and/or that of you or others.
• Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

In the preceding 12 months, we have disclosed the categories of Personal Information listed in Section 2 for the business purposes described in Section 3 to the categories of recipients listed above (primarily Service Providers like Google and Stripe).

We and our third-party service providers may use cookies (small text files placed on your device) and similar tracking technologies (like web beacons or pixels) to operate the Extension, facilitate authentication (including supporting Google OAuth flows), analyze usage, and support service functionality. You can typically control cookies through your browser settings, but disabling them may affect the functionality of the Extension. We currently do not respond to Do Not Track (DNT) signals.

We implement reasonable technical and organizational security measures designed to protect the security of any Personal Information we process. This includes measures like encryption (where appropriate), access controls, and regular security assessments. However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

We retain your Personal Information only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as for tax, accounting, or other legal requirements). Generally, this means we keep your account information (received via Google OAuth and generated within the app) and associated data for as long as your account is active. When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

Depending on your location, you may have the following rights regarding your Personal Information:

A. Rights for All Users (including under GDPR):

• Right to be Informed: The right to know how your Personal Information is collected and used (as outlined in this Policy).
• Right of Access: The right to request access to the Personal Information we hold about you and receive a copy of it.
• Right to Rectification: The right to request correction of inaccurate or incomplete Personal Information we hold about you. (Note: Some information, like your name or email linked via Google, may need to be updated within your Google Account).
• Right to Erasure ('Right to be Forgotten'): The right to request deletion of your Personal Information under certain conditions (e.g., it's no longer necessary for the purposes collected, you withdraw consent).
• Right to Restrict Processing: The right to request the restriction of processing of your Personal Information under certain conditions (e.g., while accuracy is contested).
• Right to Data Portability: The right to receive the Personal Information you provided to us in a structured, commonly used, and machine-readable format and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.
• Right to Object: The right to object to the processing of your Personal Information based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing for that purpose.
• Rights Related to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (we do not currently engage in such processing).

B. Rights for California Residents (under CCPA/CPRA):

In addition to some of the rights above, California residents have the following specific rights:

• Right to Know: You have the right to request that we disclose certain information about our collection and use of your Personal Information over the past 12 months, including:
  • Categories of Personal Information collected.
  • Categories of sources for the Personal Information collected (including Google OAuth).
  • Our business or commercial purpose for collecting that Personal Information.
  • Categories of third parties with whom we disclose that Personal Information.
  • Specific pieces of Personal Information collected about you.
  • If we disclosed Personal Information for a business purpose, a list identifying the categories recipient groups received.
• Right to Delete: You have the right to request deletion of your Personal Information that we collected, subject to certain exceptions (e.g., necessary to complete a transaction, detect security incidents, comply with legal obligations).
• Right to Correct: You have the right to request correction of inaccurate Personal Information we maintain about you. (Again, some info may need correction via your Google Account).
• Right to Opt-Out of Sale/Sharing: We do not "sell" or "share" (for cross-context behavioral advertising) your Personal Information. Therefore, we do not offer an opt-out link for this purpose.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use or disclosure of your Sensitive Personal Information (SPI) if we use it for purposes beyond what is necessary to provide the services requested. As we generally do not collect SPI or use it beyond necessary purposes, a limitation mechanism is not currently offered, but we will reassess if our data practices change.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

C. Exercising Your Rights:

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We will respond to verifiable consumer requests within the timeframes required by law (e.g., typically within 45 days for CCPA requests, potentially extendable). We may need to verify your identity before processing your request (which may involve confirming access to the Google Account used for sign-in). You may designate an authorized agent to make a request on your behalf.

Your information may be transferred to, stored, and processed in countries other than your own, including the United States, where our servers or our third-party service providers (like Google and Stripe) may be located. These countries may have data protection laws that are different from the laws of your country.

If we transfer Personal Information from the EEA, UK, or Switzerland to other countries not deemed adequate by the relevant authorities, we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, UK Addendum, or Swiss equivalents, or other legal mechanisms (including adequacy decisions where applicable, such as for transfers to Google under relevant frameworks), to ensure your rights are protected.

The Extension is not intended for or directed at children under the age of 16. We do not knowingly collect Personal Information from children under 16. If we become aware that we have collected Personal Information from a child under 16 without verification of parental consent (or appropriate consent mechanism for 13-16 year olds under CCPA for any potential "sale"/"sharing," which we state we do not do), we will take steps to remove that information from our servers. If you believe we might have any information from or about a child under 16, please contact us.

Our Extension uses third-party services like Google (authentication) and Stripe (payments). This Privacy Policy does not apply to the practices of these third parties. We encourage you to review their privacy policies to understand their data practices:

• Google: https://policies.google.com/privacy
• Stripe: https://stripe.com/privacy

We may update this Privacy Policy from time to time to reflect changes in our practices or relevant laws. We will notify you of any material changes by posting the new policy within the Extension or on our website and updating the "Last Updated" date. We encourage you to review this policy periodically (at least every 12 months as recommended under CCPA) to stay informed. Your continued use of the Extension after any modification constitutes your acceptance of the revised policy.

We are committed to ensuring this Privacy Policy is accessible. If you have difficulty accessing the information in this policy, please contact us using the details below, and we will provide it in an alternative format.

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please contact us at:

PT LIMA SATU NEW YORK / HuntingPad
Attn: Privacy Inquiries - HuntingPad
Email: [email protected]
Address: South Quarter Tower A 18th Floor, Jl. R.A. Kartini No.Kav. 8, Cilandak Barat, Cilandak, Jakarta Selatan, DKI Jakarta 12430, Indonesia

If you are in the EEA or UK and have unresolved concerns, you have the right to lodge a complaint with your local data protection supervisory authority.