Privacy Policy

Last updated: 22 May 2026

1. Who we are

Rebridge (“we”, “our”, “us”) operates the platform at rebridge.me. We connect job-seekers with employers through an anonymous-first matching platform. For the purposes of the EU General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act 2023 (DPDP Act), we act as the Data Controller for personal data collected on this platform.

Contact us at: privacy@rebridge.me

2. What data we collect

Candidates

  • Email address and password (via Supabase Auth)
  • Resume content: work history, skills, education, and inferred fields extracted by AI
  • Salary expectations (floor and display range)
  • Preferred location and work mode
  • Full name and phone number (stored but never shown to employers until you explicitly accept a connection)
  • AI-generated professional summary (editable by you)
  • Optional: employment gap explanations

Companies

  • Company name, website, industry, and size
  • Work email address (verified to prevent personal email signups)
  • Job postings and connection request history

Usage data

  • Server logs (IP address, browser type, pages visited) retained for up to 30 days
  • We do not use third-party advertising trackers or analytics cookies

3. How we use your data

  • To create and maintain your account
  • To power anonymous candidate profiles and AI matching
  • To send transactional emails (connection requests, messages, password reset). We never send marketing email without your explicit opt-in.
  • To detect and prevent fraud and abuse
  • To comply with legal obligations

We never sell your data. We never share your data with advertisers. Your identity (name, email, current employer) is never revealed to any company unless you explicitly accept their connection request.

4. Legal basis for processing (GDPR)

  • Contract performance — processing necessary to provide the service you signed up for
  • Legitimate interests — security, fraud prevention, product improvement
  • Legal obligation — compliance with applicable law
  • Consent — for any optional communications (e.g., newsletters, if introduced)

5. Data retention

  • Active accounts: data retained while your account is active
  • Deleted accounts: all personal data purged within 30 days of deletion request, except data we are legally required to retain
  • Connection request records: retained for 12 months for dispute resolution, then deleted

6. Sub-processors and third parties

We use a small number of sub-processors, each bound by data processing agreements:

  • Supabase — database and authentication (EU region)
  • Anthropic — AI resume parsing and summary generation (data sent per request, not retained by Anthropic for training without consent)
  • Resend — transactional email delivery
  • Hostinger — server hosting

We do not use Facebook Pixel, Google Analytics, or any advertising networks.

7. Your rights

Under GDPR (for EEA/UK users) and the DPDP Act (for Indian users), you have the right to:

  • Access — request a copy of all personal data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and all associated data
  • Portability — download your data in JSON format
  • Restriction — ask us to stop processing your data while a dispute is resolved
  • Object — object to processing based on legitimate interests
  • Withdraw consent — at any time, for any consent-based processing

You can exercise all data rights directly from your account dashboard. For requests not covered there, email privacy@rebridge.me. We respond within 30 days.

8. Cookies

We use only essential session cookies set by Supabase Auth to keep you signed in. We do not use cookies for advertising, analytics, or tracking across other websites. No cookie consent banner is required because we only use strictly necessary cookies.

9. Data security

All data is encrypted in transit (TLS 1.2+) and at rest. Access to production data is restricted to the founding team. We use row-level security (RLS) in Supabase to ensure each user can only access their own data. Candidate identities are never exposed in API responses to companies — only anonymous IDs and aggregated profile fields.

10. Children

Rebridge is intended for professional use by adults aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has registered, contact us at privacy@rebridge.me and we will delete the account promptly.

11. Changes to this policy

If we make material changes, we will notify active users by email at least 14 days before the change takes effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

12. Contact and complaints

For any privacy concern, email privacy@rebridge.me. If you are based in the EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.