Privacy Policy

CutTheCrapp is the data controller for personal data processed through our platform. For questions about this policy or your data rights, contact us at founder@cutthecrapp.me.

Candidates:

• Account information: email address, password (hashed)
• Profile data: first name, last name, city, country, work preference, years of experience
• Skills: primary skills, secondary skills
• Impact examples: project descriptions and scale indicators
• Assessment data: MCQ responses, voice recordings, transcripts
• Application data: roles applied to, swipe decisions, match status
• Device information: push notification tokens (for mobile notifications)

Hirers:

• Account information: email address, password (hashed)
• Company information: company name, contact email
• Role postings: job details, requirements, matching criteria
• Decisions: shortlist, pass, skip actions on candidates
• Communications: outreach messages sent through our relay system

Automatically collected:

• Login timestamps and last active dates
• Audit logs of platform actions (no message content logged)

• Matching: We use candidate skills, experience, and assessment results to match candidates with relevant roles. Matching is based on skills and evidence only — never on demographics, name, photo, or location bias.
• Anonymous review: Hirers review candidates anonymously. Candidate identity (name, contact details) is only revealed after a mutual match.
• Communication relay: We facilitate communication between matched hirers and candidates through an anonymous email relay. Neither party's real email is revealed unless they choose to share it directly.
• Platform improvement: Aggregated, anonymized data may be used to improve matching algorithms and platform features.
• Notifications: We send push notifications and emails for matches, application updates, and platform activity.

• Contract performance: Processing necessary to provide the matching service you signed up for.
• Consent: Voice recordings, push notifications, and optional profile fields are collected with your explicit consent.
• Legitimate interest: Platform security, fraud prevention, and service improvement.

We do not sell your personal data. We share data only as follows:

• With matched parties: After a mutual match, limited candidate information (first name, skills, assessment summary) is shared with the hirer. Full identity is revealed only upon match.
• With reviewers: Hirers may share anonymized candidate data (skills, scores, transcripts — never names or contact info) with designated reviewers via secure, time-limited links.
• Service providers: We use Supabase (database/auth), SendGrid (email), Expo (push notifications). These providers process data on our behalf under data processing agreements.
• Legal requirements: We may disclose data if required by UAE law or valid legal process.

• Active accounts: data retained while your account is active.
• Audit logs: retained for 90 days, then automatically deleted.
• Email relay records: relay addresses expire after 30 days of inactivity.
• Review share links: expire after 3, 7, or 14 days (hirer-configured).
• Voice recordings: retained while the associated role is active, deleted when the role expires or is archived.
• Deleted accounts: personal data is erased within 30 days of account deletion. Anonymized aggregate data may be retained.

• All data transmitted over HTTPS with TLS 1.3.
• Passwords are hashed using bcrypt (never stored in plaintext).
• Row-level security (RLS) ensures users can only access their own data.
• OTP verification required for sensitive operations (review link access).
• Rate limiting on all API endpoints to prevent abuse.
• No candidate identity revealed to hirers before mutual match.

Under the UAE PDPL and GDPR (where applicable), you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate data via your profile settings.
• Erasure: Request deletion of your account and associated data.
• Restriction: Request that we limit processing of your data.
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing based on legitimate interest.
• Withdraw consent: Withdraw consent for optional processing (e.g., voice recordings) at any time.

To exercise these rights, contact founder@cutthecrapp.me. We will respond within 30 days.

Your data may be processed on servers located outside the UAE (our infrastructure provider Supabase operates in multiple regions). Where data is transferred internationally, we ensure appropriate safeguards are in place as required by the PDPL, including standard contractual clauses where applicable.

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

We use essential cookies for authentication and session management only. We do not use advertising cookies, tracking pixels, or third-party analytics that track individual users across sites.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. The “Last updated” date at the top indicates the most recent revision.

For privacy inquiries, data requests, or complaints:

Email: founder@cutthecrapp.me

Website: cutthecrapp.me