Security & Privacy Policy

How we protect your data

OfferProof lets candidates share anonymized resumes, track verifications, and tailor applications. This page explains what we collect, how we use it, and how you stay in control.

How OfferProof Handles Your Data

We take security and privacy seriously — here’s the quick overview of how your data and verification info are handled:

  • Infra: OfferProof runs on Supabase (Postgres + Storage) and Vercel (Next.js), both SOC 2 / ISO 27001–certified providers.
  • Encryption: All network connections are HTTPS/TLS 1.2+.
  • Verification data: Offer letters and work emails are checked once, never stored long-term, and deleted after validation.
  • Storage: Uploaded files are stored privately until you publish them. Public and private content are kept separate.
  • Control: You can delete any upload or account at any time.

Want the full details? Read our complete privacy policy below.

Data we collect

  • Account & authentication

    Email address, login metadata, and session tokens handled by Supabase Auth.

  • Resume & verification content

    Uploaded resumes, preview images, tags, notes, and any verification evidence you submit (all post-redaction).

  • Usage & analytics

    Page views, clicks, and event data captured with PostHog and Sentry to keep OfferProof reliable.

  • Billing data

    If you upgrade, Stripe securely processes payment details—we never store card numbers.

Why we collect it

  • Publish anonymized resumes to the public directory with appropriate verification badges.
  • Provide AI tailoring responses powered by OpenAI (resume & job text is sent to OpenAI for processing).
  • Prevent abuse with rate limiting (Upstash Redis) and monitor reliability through logs.
  • Send account or verification-related email via Resend when you request it.

How we share data

We only share data with vendors that power OfferProof:

  • Supabase for authentication, database storage, and file hosting.
  • OpenAI to generate tailored resume suggestions (inputs are anonymized when possible).
  • Stripe for subscription billing (card data never touches our servers).
  • Resend to deliver verification and account emails.
  • PostHog & Sentry for product analytics and error monitoring.
  • Upstash for API rate limiting.

We do not sell customer data. Vendors are bound by their own privacy commitments and only receive the minimum information needed to provide their service.

Retention & security

Resumes, tailoring history, and verification assets remain until you delete them or close your account. Saved usage metrics are aggregated for product analytics. We use Supabase Row Level Security and role-based access to ensure only you (and authorized admins) can view private data.

You can delete a resume at any time from the dashboard. For account deletion or data export requests, email us at support@offerproof.io.

Your choices

  • Control which resumes are public versus private.
  • Opt out of non-essential emails by replying Unsubscribe.
  • Request account deletion or a copy of your data at any time.

International users

OfferProof is based in the United States. If you access the service from another region, your data may be transferred to the U.S. for processing by our vendors.

Updates & contact

We will update this page when we introduce new features or vendors. Significant changes will be communicated in-app or via email.

Have questions? Email us at support@offerproof.io.