Privacy Policy

OctoRoles (“we”, “us”, “our”) is operated by The O’Brien Consultancy Ltd, trading as OctoRoles, based in Oxford, United Kingdom. We are committed to protecting your personal data and being transparent about how we use it.

This policy explains what data we collect, why we collect it, how we store it and what rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. What data we collect

When you create an account using Google sign-in, we receive your name and email address from Google. We do not receive or store your Google password.

When you use OctoRoles, we may also collect and process the following data that you provide directly: your CV or resume text, cover letter text, LinkedIn profile text, job search preferences (such as job titles, location and salary expectations), notes you add to job applications and any other text you enter into the application.

We also collect technical data automatically, including your IP address, browser type, pages visited and timestamps. This data is used for security, debugging and improving the service.

2. Why we collect your data

We process your data for the following purposes, each with a lawful basis under UK GDPR.

To provide the OctoRoles service, including matching you with relevant job roles, scoring your application materials against job requirements and helping you prepare application documents. Lawful basis: performance of a contract.

To create and manage your account. Lawful basis: performance of a contract.

To improve the service, fix bugs and monitor performance. Lawful basis: legitimate interest.

To send you service-related communications such as changes to these terms. Lawful basis: legitimate interest.

To send you marketing communications, only with your explicit consent. Lawful basis: consent, which you can withdraw at any time.

3. How we use Google user data

When you sign in with Google, we access only your basic profile information (name and email address) through Google’s OAuth 2.0 service. We use this data solely to create and identify your account.

We do not access your Gmail, Google Drive, Google Calendar or any other Google service. We do not share your Google user data with third parties. We do not use your Google user data for advertising. We do not sell your Google user data.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

4. How we use LinkedIn user data

If you choose to connect your LinkedIn account to OctoRoles, we use LinkedIn’s Sign In with LinkedIn using OpenID Connect service. When you connect, LinkedIn asks you to confirm what you are sharing with us on a consent screen, and you can decline at any point.

What we receive from LinkedIn. With your permission, LinkedIn provides us with a limited set of identity information, which is your name, your profile picture, your LinkedIn member identifier, your locale and your email address where you have allowed it. We do not receive your connections, your activity, your posts or any data about other LinkedIn members.

What we do with it. We use this information only to set up and personalise your OctoRoles account, for example to show your name and profile picture inside the product. We do not use your LinkedIn data for advertising. We do not sell it. We do not share it with third parties for their own purposes. We do not combine your LinkedIn data with data from other sources to build a profile of you beyond your own OctoRoles account.

About and experience text you choose to add. Separately from the LinkedIn connection, OctoRoles lets you paste text such as your professional summary and your roles and experience into your profile so the product can score how well roles align with your background. This text is content you provide directly to us. It is stored against your OctoRoles account and used only to provide the scoring and tailoring features to you.

How we store it. Your LinkedIn identity information and any text you provide is stored securely against your account and is only accessible to you within your OctoRoles account.

Your control and deletion. You can disconnect your LinkedIn account from OctoRoles at any time, and you can ask us to delete the LinkedIn data we hold about you. When you delete your OctoRoles account, the LinkedIn data we hold is deleted with it. You can also review and remove OctoRoles from the connected applications list in your LinkedIn settings, which stops LinkedIn sharing further data with us.

Our use of LinkedIn data complies with LinkedIn’s API Terms of Use.

5. How we store your data

Your data is stored securely using Supabase, a cloud database platform. Our database is hosted in the European Union. All data is encrypted in transit (TLS) and at rest. Access to your data is protected by row-level security policies that ensure only you can access your own records.

We do not store your data on local servers or personal devices.

6. Third-party services

We use the following third-party services to operate OctoRoles.

Supabase provides database and authentication services, hosted in the EU. Vercel provides web hosting. OpenRouter and Google AI Studio provide AI language models for scoring and document preparation, processing text you submit. Stripe handles payment processing if you subscribe to a paid tier. ConvertAPI provides document format conversion. Job listing aggregators find and display job listings relevant to your search.

These services process data only as necessary to provide their function. We do not sell or share your personal data with advertisers or data brokers.

7. AI processing

OctoRoles uses AI language models to score your application materials against job descriptions and to help prepare tailored application documents. When you use these features, the relevant text from your profile and the job description is sent to our AI providers for processing.

AI providers process this data only to generate a response and do not retain it for training their models. We select providers that offer data processing agreements consistent with GDPR requirements.

8. Cookies

We use essential cookies to manage your login session. We do not use advertising cookies or third-party tracking cookies. We may use analytics in the future. If so, this policy will be updated and you will be asked for consent.

9. Your rights

Under UK GDPR, you have the right to access the personal data we hold about you, correct inaccurate personal data, request deletion of your personal data, restrict or object to processing of your personal data, receive your data in a portable format and withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@octoroles.com. We will respond within 30 days.

10. Data retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain certain records.

11. Children

OctoRoles is not intended for users under the age of 16. We do not knowingly collect data from anyone under 16. If you believe we have collected data from a child, please contact us immediately.

12. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or through the application. The “last updated” date at the top of this page will always reflect the current version.

13. Contact

If you have questions about this policy or your data, contact us at:

Email: privacy@octoroles.com

Address: 15-17 Upper George Street, Connaught House, Luton, England, LU1 2RD

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.