Privacy Policy
Effective 22 April 2026
OmniGrade (“we”, “us”) helps you find jobs that match your skills and preferences. This policy explains what personal data we collect, why we collect it, and the rights you have over it. We serve users internationally, including in the EU/EEA, UK, and California, and this policy is written to meet GDPR and CCPA standards.
1. Who we are
OmniGrade is operated by Omnissiah Tech, LLC. For any privacy questions or requests, contact contact@omnissiahtech.com. We are the “data controller” (GDPR) / “business” (CCPA) for the data described below.
2. Data we collect
From Google sign-in
When you sign in with Google, we receive your email address, display name, and profile photo URL. We do not receive your Google password or any other Google account data.
From your CV and preferences
During onboarding you upload a CV and set job preferences. We store:
- The CV file (PDF/text) you upload.
- Structured fields extracted from it — skills, job titles, seniority, years of experience, education.
- Preferences you set — desired location, remote policy, seniority, company stage, salary floor, dealbreakers.
From your use of the service
- Jobs we surface to you, and jobs you dismiss (plus any feedback text you provide).
- Email digest interactions — opens, clicks, and unsubscribe events reported by our email provider.
- Product analytics events — page views, button clicks, session metadata. These are tied to an opaque internal user ID, not to your email or name.
- Server logs — IP address, user-agent, and request path, kept for up to 30 days for security and debugging.
3. Why we use it
- Authenticate you — Google email is our account identifier.
- Match you to jobs — we score every scraped job against your CV and preferences; this requires processing both.
- Send you your daily digest — to the email address tied to your Google account.
- Improve the product — aggregated analytics help us see what works and where users drop off.
- Keep the service secure — logs help us detect abuse and debug failures.
4. Legal basis (GDPR)
- Contract — processing your CV, preferences, and generating digests is necessary to deliver the service you signed up for.
- Legitimate interest — product analytics, server logs, and abuse prevention.
- Consent — optional cookies or marketing are not used today; if that changes, we will ask first.
5. Who we share it with
We do not sell your personal data. We share it only with the service providers (“subprocessors”) that make OmniGrade work:
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud (Firebase Auth, Cloud Run, Cloud SQL) | Authentication, hosting, database | United States |
| Resend | Sending digest and transactional emails | United States |
| PostHog | Product analytics | United States |
| Anthropic | LLM-based CV parsing (processes CV text) | United States |
| Google Maps Platform | Geocoding the location you enter | United States |
| Google Analytics (GA4) | Aggregate traffic measurement | United States |
Anthropic processes the text of your CV to extract structured fields; it does not train its models on this data under our API terms. Other providers receive only the data needed for their function (e.g., Resend receives your email to deliver the digest).
6. International transfers
Our servers and all subprocessors listed above are based in the United States. If you are located in the EU/EEA, UK, or Switzerland, your data is transferred outside your jurisdiction. These transfers rely on the EU Standard Contractual Clauses and equivalent UK/Swiss mechanisms offered by each subprocessor.
7. How long we keep it
We keep your account data — CV, extracted fields, preferences, match history — for as long as your account exists. Server logs are retained for up to 30 days. Analytics events are retained for up to 12 months.
When you delete your account, we delete all of the data listed above from our primary database within 30 days. Backups containing your data are overwritten on a rolling 30-day cycle. We may keep minimal records (e.g., unsubscribe tokens) where required to honor a prior request.
8. Your rights
Regardless of where you live, you can:
- Access the data we hold about you.
- Correct inaccurate data (you can edit your profile directly in the app).
- Delete your account and all associated data.
- Export your data in a portable format.
- Object to processing based on legitimate interest, or restrict processing while we resolve a concern.
- Withdraw consent where processing was based on consent.
An in-app account deletion flow is being built. Until it ships, email contact@omnissiahtech.com from the address associated with your account and we will delete everything within 30 days.
If you are in the EU/EEA or UK and believe we have mishandled your data, you have the right to complain to your local data protection authority. If you are in California, you additionally have the right not to be discriminated against for exercising any of the rights above.
9. Security
Data is encrypted in transit (HTTPS) and at rest (managed by Google Cloud). Access to production data is limited to the operator and requires authenticated admin access. We do not store passwords — authentication is delegated to Google.
10. Children
OmniGrade is not intended for anyone under 16. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will remove the account.
11. Cookies
We use a single session cookie to keep you signed in after you authenticate with Google. Our analytics providers (PostHog, GA4) set their own cookies or use local storage for anonymous usage measurement. We do not use advertising or tracking cookies.
12. Changes to this policy
If we make material changes, we will update the “Effective” date at the top and notify active users by email. Minor clarifications may be made without notice.
13. Contact
Questions, requests, or complaints: contact@omnissiahtech.com.
Omnissiah Tech, LLC.