Privacy Policy.
Your data is yours. This explains what we collect, why, and how you stay in control of it — without the fog.
Draft · last updated pending launch
This is a plain-English preview, not final legal text. We're finalizing this policy with counsel — including retention windows, regional rights, and our sub-processor list — before iRocket's public launch. Questions in the meantime? Contact us.
We collect what we need to run your account, send the alerts you ask for, and keep the site working.
We don't sell your data, and we don't use it to follow you around the web.
Ask us for a copy of your data, or ask us to delete it, whenever you want — it's yours.
The short version: we collect what we need to run your account, send the job alerts you ask for, and keep the site working and safe. We don't sell your data, and we don't use it to follow you around the web. You can ask us for a copy of your data, or to delete it, whenever you want. That's the whole spirit of it — the detail is below.
1. Who we are
iRocket Careers (“iRocket,” “we,” “us”) is a job platform and a venture of Just Badge Worldwide. For your data, we're the “controller” — the ones who decide what's collected and why.
2. What we collect, and why
We keep this to what the service actually needs. Today that's:
Things you give us
- Account details — your email, and (if you sign in with Google, LinkedIn, or GitHub) basic profile info like your name from that provider. Why: to create and secure your account and sign you in.
- What you set up — saved jobs, saved searches, and job alerts, plus preferences like location or role type. Why: to save your jobs and send the alerts you asked for.
- Anything you send us — messages, support requests, or a job you report. Why: to help you and to keep listings clean.
Things we collect automatically
- Usage and device data — pages you view, searches you run, apply-out clicks, rough location from your IP, browser/device type, and similar. Why: to keep the site working, understand what's useful, and improve it (see Section 4).
- Essential cookies and similar tech — the bits needed to sign you in and remember your session (see Section 4).
Coming with our skills tools (not collected yet)
When our Skills Snapshot and matching features launch, we'll also collect the work and answers you choose to submit to be scored, and we'll generate a skills score, per-skill levels, matches, and the reasons behind them. We're flagging this now so you know what's ahead — we don't collect this today, and we'll update this policy with the specifics before those features go live. At that point you'll also be able to run some tools anonymously before making an account.
We don't intentionally collect sensitive categories of data (like health, race, or religion), and we ask you not to put them in free-text fields.
3. The legal bases we rely on
Where GDPR / UK GDPR applies, we rely on: contract (to run your account and deliver the alerts and features you ask for), legitimate interests (to keep the service secure, working, and improving — balanced against your rights), consent (for non-essential cookies/analytics where required, and which you can withdraw), and legal obligation (where the law requires us to keep or produce data).
4. Cookies & analytics — the honest version
We use analytics to improve the product, not to advertise to you.
- Product analytics — PostHog. We use PostHog to understand how people use iRocket — which pages help, where the flow breaks, whether alerts get set. This is product analytics, not ad-tracking. We don't use it to build advertising profiles, we don't follow you across other websites, and we don't sell this data to advertisers.
- Error monitoring — Sentry. When something breaks, Sentry helps us see the error so we can fix it. It captures technical diagnostic data, not marketing profiles.
- Essential cookies. A small set needed to sign you in and keep your session — the site can't work without these.
You can control non-essential cookies through our cookie settings, and we'll honor your choice.
5. Who we share it with
We don't sell your data. We share it only in these limited ways:
- Service providers that run iRocket for us, under contract, and only to do their job — Supabase (our database and account/auth system), Resend (transactional email like magic-link sign-in and job alerts), PostHog (product analytics), Sentry (error monitoring), Cloudflare Turnstile (bot and abuse protection), and our Coolify-managed hosting.
- The job sources — but not the way you might think. When you search, we send your search terms to the job APIs (Careerjet, Jooble, USAJobs, The Muse) to fetch matching listings — we don't send them your identity or account. When you click Apply, you leave iRocket for the source's or employer's own site, which then handles your application under their privacy policy.
- ELITE, only when you choose to verify (coming). When our verification feature launches and you choose “Get Verified,” the skills you opt to verify will be shared with ELITE, our sister platform, to issue your credential — under ELITE's own terms. Nothing goes to ELITE unless you start that yourself.
- Employers — only if you turn it on (coming). With the skills tools, you'll control whether your profile is anonymous or discoverable. Nothing about you goes to an employer unless you make yourself discoverable and choose what's shown.
- Legal and safety — if the law requires it, or to protect people, the service, or our rights.
- A business transfer — if iRocket is ever part of a merger or acquisition, data may transfer as part of it; we'll tell you if that changes anything material.
6. Where your data is stored
iRocket runs on infrastructure in the United States, and your data (including in Supabase) is stored there. If you're visiting from the EU, UK, or elsewhere, that means your data is transferred to and processed in the US, under appropriate safeguards.
7. How long we keep it
The short answer: as long as we need it for what it's for, then we remove it.
- Account data — while your account is open; deleted (or anonymized) after you close it, aside from anything we must keep by law.
- Usage/analytics data — kept for a limited window, then aggregated or removed.
- Anonymous tool sessions (coming) — held briefly and cleared if you don't save them.
- Support messages — kept for a reasonable period to help you and keep records.
8. Your rights & choices
You're in control of your data. Depending on where you live, you can:
- Access it — get a copy of what we hold.
- Export it — take it with you in a portable form.
- Correct it — fix anything wrong.
- Delete it — ask us to erase it.
- Object or restrict — push back on certain uses, and withdraw consent (like analytics) whenever you like.
Today, you can exercise these by contacting us — we'll respond within the timeframe the law requires — and you can update or close your account from your account settings. Self-serve export and delete tools are coming with a future release, so you'll be able to do these yourself in a click.
If you're in the EU / UK: you have the rights above under GDPR / UK GDPR, and you can complain to your local data-protection authority. If you're in California: under the CCPA/CPRA you can know, delete, correct, and opt out of “sale” or “sharing” of personal information — and to be clear, we don't sell your personal information. We won't discriminate against you for using any of these rights.
9. How we keep it safe
We protect your data with sensible, current safeguards — encryption in transit, access controls and least-privilege on our systems, row-level security in the database so people only reach their own data, secrets kept out of the client, and bot/abuse protection on our forms. No system is perfectly secure, so we can't promise absolute security — but if a breach ever affects you, we'll act on it and notify you and regulators where the law requires.
10. Children
iRocket isn't meant for children, and we don't knowingly collect data from anyone who isn't old enough to use the service under our Terms. If you believe a child has given us data, contact us and we'll remove it.
11. Automated scoring (coming — a heads-up)
When our skills features launch, your score and matches will be produced partly by automated tools. We're building them to be explainable and logged: every score and match will carry human-readable reasons, and we won't feed things like your name, age, or school into the scoring. A self-scored result is a signal, not a verified credential (see the Terms, Section 8). None of this runs today — we'll update this policy with the full detail before it does.
12. Changes to this policy
We'll update this policy as the product grows — especially when the skills tools ship. When we do, we'll change the “Last updated” date and, for meaningful changes, give you notice by email or in the product.
13. Third-party sites
iRocket links out a lot — to apply pages, employer sites, and source sites. Those places have their own privacy policies, and once you leave iRocket, theirs apply, not ours. We're not responsible for how they handle your data.
14. Contact us
Questions, or want to exercise a right? Reach our privacy contact at hello@irocketcareers.com — iRocket Careers, a Just Badge Worldwide venture.
Have a question about this policy? Contact us — a real person reads every message.