Privacy Policy

MySecondAct (“we,” “us,” or “our”) operates mysecondact.io and the MySecondAct job matching service (the “Service”). This Privacy Policy explains what information we collect, how we use it, and your choices. By using the Service, you agree to this policy.

2.1 Information You Provide

• Account information (email address, bcrypt-hashed password)
• Profile data (name, title, skills, experience, location, industry, job preferences)
• Resume data (we extract structured data via AI and do not permanently store the original file)
• LinkedIn profile data (publicly available information if you provide a URL)
• Feedback (match ratings, dismissal reasons)
• Payment information (processed entirely by Stripe; we never store card numbers)

2.2 Automatically Collected

• Usage data (pages visited, features used, email open/click events)
• Device data (browser, OS, screen size)
• Log data (IP address, timestamps, referrers)

2.3 Third Parties

We aggregate publicly available job listings from third-party job boards. MySecondAct is not affiliated with, endorsed by, or partnered with any job board including Indeed, LinkedIn, Glassdoor, ZipRecruiter, or RemoteOK.

• To create and maintain your account
• To match you with jobs via AI scoring
• To deliver daily email digests
• To generate tailored application materials (cover letters, resume bullets)
• To generate interview preparation materials
• To improve matching quality from your feedback
• To process payments via Stripe
• To send transactional emails
• To monitor and improve the Service

We do NOT sell your personal information, share data with employers, recruiters, or advertisers, or use your data to train AI models.

We only share data with:

• Service providers (Stripe, SendGrid, Anthropic, Apify) who receive the minimum necessary data to operate the Service
• Legal requirements (law, subpoena, court order)
• Business transfers (with prior notification)

• Active accounts: retained while your account is active
• Job listings: up to 90 days, then purged
• Deleted accounts: data removed within 30 days; anonymized aggregates may remain
• Payment records:per Stripe's retention policy

We employ bcrypt password hashing, JWT authentication with expiring tokens, HTTPS encryption in transit, environment variables for secrets, and access controls. No system is 100% secure, but we take reasonable measures to protect your data.

• Access and update your data via the dashboard
• Export your match history as CSV
• Delete your account from Settings
• Adjust digest frequency or unsubscribe anytime
• Request a copy of your data by emailing support@mysecondact.io

CCPA: You have the right to know, delete, and opt out of sale of personal information (we do not sell your data).

GDPR: You have rights to access, rectify, erase, restrict processing, and port your data. Our legal basis for processing is contract performance and legitimate interest.

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children.

• Essential cookies for authentication and sessions only
• Analytics tools (PostHog/Plausible) if enabled
• No advertising cookies
• Email digests may contain open-tracking pixels

We will post updates to this policy and change the “Effective Date” at the top. Continued use of the Service after changes constitutes acceptance.

For any privacy-related questions or data requests, reach us at support@mysecondact.io.