PEARCH.AI
Privacy policy
By logging into your Pearch.ai account you agree to be bound by our Privacy Policy.
Last updated: Nov 21, 2025
This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.
We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Privacy Policy Generator.
Interpretation and Definitions
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
Account means a unique account created for You to access our Service or parts of our Service.
Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to B4 Networking, Inc, 843 Enchanted Way Pacific Palisades, CA 90272, USA.
Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Country refers to: California, United States
Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
Service refers to the Website.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website refers to Pearch.ai, accessible from https://pearch.ai
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Collecting and Using Your Personal Data
Types of Data Collected
CCPA Notice at Collection
This Notice at Collection applies to California residents under the California Consumer Privacy Act (CCPA).
Below we describe the categories of personal information we collect, the sources of that information, and our purposes for using it.
Categories of Personal Information We Collect (as defined by CCPA)
Under CCPA, “collect” includes receiving information from third-party providers and public sources. We collect only the information needed to operate our professional search and matching service:
Sources of Personal Information
We receive personal information from the following sources:
We use personal information only for:
Disclosure / Sale
We do not sell or share personal information as defined under the CCPA.
Clarification under CCPA:
For avoidance of doubt, providing candidate search results to our business customers does not constitute a “sale” of personal information under the CCPA because:
We provide search results to our customers, but we do not transfer ownership of personal information or disclose raw personal data to third parties for their independent use.
California residents may opt out of any processing that could be interpreted as a “sale” under the CCPA by using the “Do Not Sell My Data” link in our website footer.
Personal Data
When you register or log in via Google, we collect your full name and email address from your Google account to create and manage your user account. We do not access any other information from your Google account.
Usage Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.
Use of Your Personal Data
The Company may use Personal Data for the following purposes:
To provide and maintain our Service, including to monitor the usage of our Service.
To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
To contact You: We may contact you by email with essential service communications (such as registration confirmation, notifications when your search is ready, and security updates). We may also occasionally send important updates about new features or improvements. You can unsubscribe from non-essential updates at any time by following the instructions in the email.
To manage Your requests: To attend and manage Your requests to Us.
For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
We may share Your personal information in the following situations:
With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
With Your consent: We may disclose Your personal information for any other purpose with Your consent.
Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
Data Retention for Indexed Professional Data
For professional profile data:
Suppression Record (Re-Indexing Prevention)
When we delete a profile, we store only a minimal hashed suppression record to prevent the profile from being re-indexed in the future.
This suppression record does not contain readable or usable personal data and cannot be linked back to the individual.
It exists solely to honor deletion requests and ensure the data does not reappear
Data Retention by Category (CCPA Requirement)
We retain personal information for the minimum period necessary for the purposes described above.
Approximate retention periods by category:
We may retain certain information longer if required by law or for security purposes.
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
International Transfers
When we transfer personal data outside the EU/EEA/UK — for example, to our infrastructure in the United States — we do so in full compliance with applicable data protection laws. We do not transfer personal data to countries without adequate safeguards unless such transfers are covered by a lawful transfer mechanism.
These transfers are made only when necessary for providing our Services, and are always protected by legally required safeguards, including:
Together, these steps ensure that any personal data transferred outside the EU/EEA/UK remains protected at a level essentially equivalent to that guaranteed by GDPR.
For customers located in the EU/EEA/UK, our data transfers are governed by our Data Processing Addendum (DPA), which includes the Standard Contractual Clauses (SCC). The DPA is available at https://pearch.ai/dpa and forms part of your agreement with us.
Subprocessors
We use several third-party service providers (“subprocessors”).
They help us run our platform and process personal data on our behalf.
All subprocessors follow GDPR rules.
They also work under Standard Contractual Clauses (SCC) when required.
Below is the current list.
1. Google Cloud Platform (GCP)
Services: BigQuery, Cloud Storage, AlloyDB, GKE, Cloud Logging
Purpose: hosting, storage, candidate index, infrastructure, logs
Data processed: candidate profiles, derived features, user account data, queries, usage logs
Location: EU / USA regions
Safeguards: SCC, encryption, access control
2. Turbopuffer
Purpose: high-performance data storage for raw candidate fields and derived features
Data processed: professional profile data, embeddings, vectors, ranking signals
Location: USA
Safeguards: SCC, encryption, access control
3. Supabase
Purpose: user authentication and account management
Data processed: email, name (if provided), login events, tokens
Location: EU / USA
Safeguards: DPA, SCC
4. Google Analytics 4
Purpose: website analytics
Data processed: IP (with anonymization), device and usage data
Location: EU / USA
Safeguards: SCC, IP anonymization
5. HubSpot
Purpose: CRM and customer communication
Location: US/EU
Safeguards: DPA, SCC
Updates to This List
We may update this list from time to time.
If we add a new subprocessor or change something important, we will update this section of our Privacy Policy.
Delete Your Personal Data
You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.
Our Service may give You the ability to delete certain information about You from within the Service.
You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.
Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.
Legal Basis for Processing (GDPR Article 6)
We rely on the following legal bases to process personal data of individuals in the EU/EEA/UK:
Contract (Art. 6(1)(b))
For account creation, authentication, providing access to the platform, and running searches requested by the customer.
Legitimate Interests (Art. 6(1)(f))
We process publicly available professional information and licensed professional data for:
We conducted a Legitimate Interest Assessment (LIA) and concluded that the impact on individuals is minimal and proportionate, since:
Consent (only where required)
For optional cookies, analytics, or marketing emails.
Categories of Data We Process as a Data Controller
We act as a data controller for:
Publicly Available Professional Data
(name, job title, company, skills, work history, social profile URLs)
Licensed Third-Party Professional Data
(contact data such as business email or business phone—only if lawfully obtained by data vendors)
Derived and System-Generated Signals
(seniority estimation, industry alignment, experience patterns, ranking features)
Suppression/Opt-Out Records
We store suppression records so we do not re-index removed profiles.
We do not process sensitive data.
Sources of Personal Data (GDPR Article 14)
We obtain personal data from the following sources:
Public web sources, such as publicly visible professional profiles.
Licensed data providers, who confirm they collected data lawfully.
Some business contact information (such as work email or work phone) may be provided by licensed third-party data vendors. These vendors confirm that they collected and shared this data lawfully and in compliance with GDPR and local privacy laws. We do not receive or use any private, non-public, or sensitive data from these vendors.
Customers, when they submit job descriptions or search queries.
Internal enrichment, where we compute job-related relevance signals.
We do not collect data from private or password-protected sources.
Purposes of Processing
We use professional data for the following purposes:
We do not use candidate data for behavioral profiling, or automated decision-making with legal effects.
Disclosure of Your Personal Data
Business Transactions
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.
Law enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
Children's Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Changes to this Privacy Policy
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Your Rights Under the GDPR
Depending on your location, you may have rights under data protection laws, including:
Your Rights Under the CCPA
California residents have the following rights:
• Right to Know — You may request that we disclose the categories and specific pieces of personal information we have collected about you.
• Right to Delete — You may request that we delete personal information we have collected about you.
• Right to Correct — You may request that we correct inaccurate personal information.
• Right to Opt-Out of Sale or Sharing — Although we do not “sell” or “share” personal information as defined under the CCPA, we provide a “Do Not Sell My Data” mechanism for clarity and transparency.
• Right to Limit Use of Sensitive Personal Information — We do not collect or process sensitive personal information as defined by the CCPA, but you have the right to request limitations if this changes.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.
To exercise these rights, please contact us at f@pearch.ai. We may need to confirm your identity before processing your request.
Your Rights Under GDPR (Expanded)
In addition to previously listed rights, individuals in the EU/EEA/UK have the right to:
Non-Discrimination
We do not discriminate against individuals who exercise their rights under the CCPA.
This includes not denying services, not charging different prices, and not providing a different level of service because you exercised your privacy rights.
To exercise your rights, contact: f@pearch.ai
Response Time
We will respond to CCPA requests within 45 days.
If we need more time, we may extend the response period to 90 days, and we will inform you of the reason for the extension.
EU/UK Representative (GDPR Article 27)
If required by law, we will appoint an EU or UK representative.
We will update this section once appointed.
Contact Us
If you have any questions about this Privacy Policy, You can contact us:
By email: f@pearch.ai
This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.
We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Privacy Policy Generator.
Interpretation and Definitions
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
Account means a unique account created for You to access our Service or parts of our Service.
Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to B4 Networking, Inc, 843 Enchanted Way Pacific Palisades, CA 90272, USA.
Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Country refers to: California, United States
Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
Service refers to the Website.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website refers to Pearch.ai, accessible from https://pearch.ai
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Collecting and Using Your Personal Data
Types of Data Collected
CCPA Notice at Collection
This Notice at Collection applies to California residents under the California Consumer Privacy Act (CCPA).
Below we describe the categories of personal information we collect, the sources of that information, and our purposes for using it.
Categories of Personal Information We Collect (as defined by CCPA)
Under CCPA, “collect” includes receiving information from third-party providers and public sources. We collect only the information needed to operate our professional search and matching service:
- Professional Information: job title, employer name, seniority level, employment history.
- Publicly Available Professional Data: information from public sources such as professional profiles.
- Identifiers: name and work email address (provided during Google login or received from trusted data providers).
- Internet or Other Electronic Activity: IP address, browser type, device information, and basic usage logs generated automatically by your browser when using the Service.
- Inferences: limited professional-relevance signals used solely to improve search quality.
- We do not collect sensitive personal information.
Sources of Personal Information
We receive personal information from the following sources:
- Directly from you (e.g., through Google login).
- Automatically from your device (e.g., IP address, logs).
- From trusted third-party data providers.
- From publicly available sources.
We use personal information only for:
- Providing and maintaining our professional search and matching Service.
- Improving ranking relevance and search accuracy.
- Securing and monitoring the platform.
- Responding to user requests and customer support needs.
- Complying with applicable legal requirements.
Disclosure / Sale
We do not sell or share personal information as defined under the CCPA.
Clarification under CCPA:
For avoidance of doubt, providing candidate search results to our business customers does not constitute a “sale” of personal information under the CCPA because:
- we do not transfer ownership of personal data;
- customers cannot reuse, resell, or independently exploit the data outside of the Service;
- personal information is provided only as part of a contracted service, not as a standalone data product;
- we do not disclose raw datasets to customers.
We provide search results to our customers, but we do not transfer ownership of personal information or disclose raw personal data to third parties for their independent use.
California residents may opt out of any processing that could be interpreted as a “sale” under the CCPA by using the “Do Not Sell My Data” link in our website footer.
Personal Data
When you register or log in via Google, we collect your full name and email address from your Google account to create and manage your user account. We do not access any other information from your Google account.
Usage Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.
Use of Your Personal Data
The Company may use Personal Data for the following purposes:
To provide and maintain our Service, including to monitor the usage of our Service.
To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
To contact You: We may contact you by email with essential service communications (such as registration confirmation, notifications when your search is ready, and security updates). We may also occasionally send important updates about new features or improvements. You can unsubscribe from non-essential updates at any time by following the instructions in the email.
To manage Your requests: To attend and manage Your requests to Us.
For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
We may share Your personal information in the following situations:
With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
With Your consent: We may disclose Your personal information for any other purpose with Your consent.
Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
Data Retention for Indexed Professional Data
For professional profile data:
- We periodically refresh and update indexed data.
- We retain professional data only as long as it remains relevant for recruitment matching.
- If an individual requests deletion, we remove their profile and keep only a minimal suppression record to prevent re-indexing.
Suppression Record (Re-Indexing Prevention)
When we delete a profile, we store only a minimal hashed suppression record to prevent the profile from being re-indexed in the future.
This suppression record does not contain readable or usable personal data and cannot be linked back to the individual.
It exists solely to honor deletion requests and ensure the data does not reappear
Data Retention by Category (CCPA Requirement)
We retain personal information for the minimum period necessary for the purposes described above.
Approximate retention periods by category:
Category of Personal Information | Retention Period |
Identifiers (name, email) | Up to 3 years after last account activity |
Professional Information | Updated continually; retained up to 3 years |
Internet / Activity Data | 12–24 months |
Publicly Available Information | As long as necessary for service functionality |
Inferences | Up to 12 months; used only to improve search relevance |
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
International Transfers
When we transfer personal data outside the EU/EEA/UK — for example, to our infrastructure in the United States — we do so in full compliance with applicable data protection laws. We do not transfer personal data to countries without adequate safeguards unless such transfers are covered by a lawful transfer mechanism.
These transfers are made only when necessary for providing our Services, and are always protected by legally required safeguards, including:
- Standard Contractual Clauses (SCC 2021/914,Module 2) between the data exporter and the data importer;
- Transfer Impact Assessments (TIA), where required by law, that evaluate the receiving country’s laws and risks;
- Supplementary technical and organizational measures, such as encryption, strict access controls, and data minimization.
Together, these steps ensure that any personal data transferred outside the EU/EEA/UK remains protected at a level essentially equivalent to that guaranteed by GDPR.
For customers located in the EU/EEA/UK, our data transfers are governed by our Data Processing Addendum (DPA), which includes the Standard Contractual Clauses (SCC). The DPA is available at https://pearch.ai/dpa and forms part of your agreement with us.
Subprocessors
We use several third-party service providers (“subprocessors”).
They help us run our platform and process personal data on our behalf.
All subprocessors follow GDPR rules.
They also work under Standard Contractual Clauses (SCC) when required.
Below is the current list.
1. Google Cloud Platform (GCP)
Services: BigQuery, Cloud Storage, AlloyDB, GKE, Cloud Logging
Purpose: hosting, storage, candidate index, infrastructure, logs
Data processed: candidate profiles, derived features, user account data, queries, usage logs
Location: EU / USA regions
Safeguards: SCC, encryption, access control
2. Turbopuffer
Purpose: high-performance data storage for raw candidate fields and derived features
Data processed: professional profile data, embeddings, vectors, ranking signals
Location: USA
Safeguards: SCC, encryption, access control
3. Supabase
Purpose: user authentication and account management
Data processed: email, name (if provided), login events, tokens
Location: EU / USA
Safeguards: DPA, SCC
4. Google Analytics 4
Purpose: website analytics
Data processed: IP (with anonymization), device and usage data
Location: EU / USA
Safeguards: SCC, IP anonymization
5. HubSpot
Purpose: CRM and customer communication
Location: US/EU
Safeguards: DPA, SCC
Updates to This List
We may update this list from time to time.
If we add a new subprocessor or change something important, we will update this section of our Privacy Policy.
Delete Your Personal Data
You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.
Our Service may give You the ability to delete certain information about You from within the Service.
You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.
Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.
Legal Basis for Processing (GDPR Article 6)
We rely on the following legal bases to process personal data of individuals in the EU/EEA/UK:
Contract (Art. 6(1)(b))
For account creation, authentication, providing access to the platform, and running searches requested by the customer.
Legitimate Interests (Art. 6(1)(f))
We process publicly available professional information and licensed professional data for:
- building and maintaining our candidate index
- returning relevant candidates in response to customer queries
- improving ranking quality and search performance
- preventing abuse and ensuring platform security
We conducted a Legitimate Interest Assessment (LIA) and concluded that the impact on individuals is minimal and proportionate, since:
- we process only professional, publicly available or licensed data
- individuals can verify and delete their data at any time
- the processing is for recruitment relevance, not consumer profiling
Consent (only where required)
For optional cookies, analytics, or marketing emails.
Categories of Data We Process as a Data Controller
We act as a data controller for:
Publicly Available Professional Data
(name, job title, company, skills, work history, social profile URLs)
Licensed Third-Party Professional Data
(contact data such as business email or business phone—only if lawfully obtained by data vendors)
Derived and System-Generated Signals
(seniority estimation, industry alignment, experience patterns, ranking features)
Suppression/Opt-Out Records
We store suppression records so we do not re-index removed profiles.
We do not process sensitive data.
Sources of Personal Data (GDPR Article 14)
We obtain personal data from the following sources:
Public web sources, such as publicly visible professional profiles.
Licensed data providers, who confirm they collected data lawfully.
Some business contact information (such as work email or work phone) may be provided by licensed third-party data vendors. These vendors confirm that they collected and shared this data lawfully and in compliance with GDPR and local privacy laws. We do not receive or use any private, non-public, or sensitive data from these vendors.
Customers, when they submit job descriptions or search queries.
Internal enrichment, where we compute job-related relevance signals.
We do not collect data from private or password-protected sources.
Purposes of Processing
We use professional data for the following purposes:
- creating and maintaining a real-time people-search index
- matching natural-language queries to relevant candidates
- generating relevance scores and insights
- returning candidate results to customers via API or UI
- improving ranking models and search quality
- preventing platform abuse
- responding to opt-out and deletion requests
We do not use candidate data for behavioral profiling, or automated decision-making with legal effects.
Disclosure of Your Personal Data
Business Transactions
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.
Law enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
Children's Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Changes to this Privacy Policy
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Your Rights Under the GDPR
Depending on your location, you may have rights under data protection laws, including:
- The right to access the personal data we hold about you.
- The right to request correction or deletion of your data.
- The right to restrict or object to processing of your data.
- The right to data portability.
- The right to lodge a complaint with your local data protection authority.
Your Rights Under the CCPA
California residents have the following rights:
• Right to Know — You may request that we disclose the categories and specific pieces of personal information we have collected about you.
• Right to Delete — You may request that we delete personal information we have collected about you.
• Right to Correct — You may request that we correct inaccurate personal information.
• Right to Opt-Out of Sale or Sharing — Although we do not “sell” or “share” personal information as defined under the CCPA, we provide a “Do Not Sell My Data” mechanism for clarity and transparency.
• Right to Limit Use of Sensitive Personal Information — We do not collect or process sensitive personal information as defined by the CCPA, but you have the right to request limitations if this changes.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.
To exercise these rights, please contact us at f@pearch.ai. We may need to confirm your identity before processing your request.
Your Rights Under GDPR (Expanded)
In addition to previously listed rights, individuals in the EU/EEA/UK have the right to:
- object to processing based on legitimate interest
- request restriction of processing
- request information about international transfers
- request deletion from our index (“Do Not Index”)
- You have the right to request high-level information about how our relevance scoring and matching processes operate. We provide general explanations, but we do not disclose proprietary algorithms, internal signals, model weights, or technical details, as these are protected trade secrets.
Non-Discrimination
We do not discriminate against individuals who exercise their rights under the CCPA.
This includes not denying services, not charging different prices, and not providing a different level of service because you exercised your privacy rights.
To exercise your rights, contact: f@pearch.ai
Response Time
We will respond to CCPA requests within 45 days.
If we need more time, we may extend the response period to 90 days, and we will inform you of the reason for the extension.
EU/UK Representative (GDPR Article 27)
If required by law, we will appoint an EU or UK representative.
We will update this section once appointed.
Contact Us
If you have any questions about this Privacy Policy, You can contact us:
By email: f@pearch.ai