RProleprep
Privacy Policy

How roleprep.ai handles your data

Last updated: April 19, 2026

roleprep.ai ("we", "us") runs a resume-vs-job-description analysis tool. This page explains what we collect, why, and who we share it with. Plain English, no surprises.

What we collect

  • Resume PDFs. The file you upload and the text we extract from it.
  • Job descriptions. The text you paste into the intake form.
  • Analysis reports. The generated fit score, overlap and gap summaries, prep plan, and checklist or resource progress you create.
  • Account data. Your email address (and optional display name) when you sign in through a magic link. The timestamp of your last sign-in.
  • Request metadata. A SHA-256 hash of your IP address, used to enforce the anonymous free-tier quota and to power admin abuse controls. We do not store your raw IP in analytics logs. The admin block list stores raw IP addresses we have chosen to block.
  • OAuth client records. If you connect a third-party AI client (Claude, Gemini, ChatGPT) to roleprep.ai through our MCP server, we store the registered client metadata and the hashed access tokens issued to it.

Why we collect it

We use the data to run the analysis you asked for, save your results so you can revisit them, deliver sign-in links, and prevent abuse of the free tier. We do not sell data and we do not run advertising or behavioral tracking.

Who we share data with

We use a short list of processors to run the service. Each one only sees the data it needs.

  • LLM providers. Your resume text and the job description are sent to Google Gemini, GitHub Models, or OpenAI to generate the analysis. We route to whichever provider is available at the time. Each provider handles data under its own terms.
  • Database. Turso hosts our SQLite database and stores your account, reports, resume PDFs, and job descriptions.
  • Email. Resend sends magic-link sign-in emails to the address you provide.
  • Hosting. Vercel serves the website and runs our API.

We do not share your data with anyone else except when required by law.

Cookies and sessions

We set two cookies. One keeps you signed in after you click a magic link. The other ties anonymous analyses to your browser so you can return to them before signing in. Both are http-only and strict-same-site. We do not use analytics or advertising cookies.

Retention

We keep your analyses for as long as your account exists or until you ask us to delete them. Magic link tokens expire after 15 minutes. OAuth access tokens expire after 30 days. Anonymous usage records expire naturally once they fall outside the 24-hour rolling quota window and may be pruned at any time.

Your rights

You can request a copy of the data we have about you, ask us to correct it, or ask us to delete it. Email hello@roleprep.ai with your request. We will confirm your identity by sending a verification link to the email on file.

Residents of California (CCPA/CPRA), the EU and UK (GDPR), and similar jurisdictions have additional rights including the right to object to processing and to lodge a complaint with a supervisory authority. Contact us at the same address to exercise them.

Children

roleprep.ai is not intended for anyone under 18. Do not use the service or create an account if you are under 18.

Security

We use TLS in transit. We do not store passwords. Tokens and IP hashes are stored as SHA-256 digests so a database leak would not expose the plaintext values. That said, no service is immune to incidents. If we confirm a breach that affects your data we will notify you promptly.

Changes

If we update this policy we will change the date at the top and, if the change is material, notify signed-in users by email.

Contact

Questions, deletion requests, or anything else: email hello@roleprep.ai.