Updated 8 May 2026

Privacy Policy

SalaryArc (“we”, “us”) is built by 0to10.ai. This page explains what we collect, why, and what we do with it. We try to keep it short and human.

1. What we collect

  • Account info — email, full name, password (hashed by Supabase auth), and the profile you fill in: current role, industry, location, salary, target role.
  • Resume uploads — when you upload a resume we store the file in our private Supabase Storage bucket and an extracted text snapshot. Only you can read your own files; row-level security blocks every other user.
  • Career activity — the daily tasks you complete, your streak, skills added, and the AI-generated career maps we build for you.
  • Operational logs — IP address, timestamp, and route accessed for the standard reasons (debugging, abuse prevention). Logs are retained for 30 days.

2. How we use it

  • To run the product — render your dashboard, generate your career map, benchmark your salary.
  • To send you product email — daily-coach reminders, weekly recaps, market alerts. You can turn each of these off in Settings → Notifications.
  • To improve SalaryArc — aggregate, de-identified usage stats only.

We never sell your data. We never share your resume, salary, or AI conversations with third parties beyond the strict subprocessors listed below.

3. Subprocessors

  • Supabase (Postgres + auth + Storage) — primary data store. AWS-backed, ap-southeast-1 region.
  • OpenAI (gpt-4o-mini) — receives your profile snippets + resume text to generate career suggestions and chat responses. We do not opt into OpenAI training; per their API terms your data isn't used to train their models.
  • Adzuna & JSearch (job-board APIs) — receive only the role + city you're benchmarking, never personal data.
  • Stripe (when you upgrade to Pro) — handles all card data; we never see or store card numbers.
  • Vercel (hosting) — receives request headers + IPs for the duration of each request.

4. Your rights

You can:

  • Download a copy of everything we hold on you (email privacy@salaryarc.com).
  • Delete your account from Settings → Privacy → Delete account. This removes your profile, resumes, skills, career maps, and chat history within 7 days.
  • Object to processing or correct inaccurate data — same email address.

If you're in the EU/UK, you have GDPR rights including the right to lodge a complaint with your local supervisory authority. If you're in California, you have CCPA rights.

5. Cookies

We use one essential cookie for your auth session. We don't use third-party advertising or analytics cookies.

6. Contact

Questions? Email privacy@salaryarc.com.