Privacy Policy
Last updated: July 1, 2026
TexoByte, LLC ("we," "us," or "our") operates RoleShepherd ("RoleShepherd" or the "Service"). This Privacy Policy describes how we collect, use, and share information when you use our website and application.
Questions or requests: [email protected]
Our commitment to your data
RoleShepherd handles sensitive personal and professional information — resumes, work history, salary expectations, career goals, and application activity. We take that responsibility seriously and use reasonable technical and organizational measures, within the resources available to us as a small software company, to protect your personally identifiable information ("PII") and professional history from unauthorized access, use, or disclosure.
Protection measures are described in the Security section below. No system is perfectly secure; we cannot guarantee that unauthorized access, loss, or breach will never occur. By using the Service, you acknowledge these inherent risks.
Information we collect
We collect information you provide and data generated by your use of the Service:
- Account information: email address, display name, and password (stored as a secure hash). If you enable two-factor authentication, we store an encrypted authenticator secret and hashed one-time backup codes — we never store your raw TOTP codes.
- Profile and career data: resume content, work history, skills, preferences, salary expectations, career goals, and evidence you provide through onboarding, profile interviews, gap interviews, and monthly check-ins.
- Job and company data: dream company watchlists, job postings you add or we crawl, application tracking, scores, research notes, and generated materials (e.g. resume drafts).
- Billing information: subscription plan, payment-processor customer and subscription identifiers, and payment status. Payment card details are collected and processed by our payment processor — we do not store full card numbers.
- Usage and operational data: AI usage counts, feature quotas, worker job metadata, error logs, and first-party website analytics (page views, traffic source, device type, and anonymous engagement events on public pages).
- Session data: an essential session cookie used to keep you signed in.
How we use information
We use your information to:
- Provide, maintain, and improve the Service (scoring, research, resume drafts, interviews, digests).
- Monitor company career pages you add and qualify job postings against your profile.
- Send transactional and retention emails: password reset, email verification, welcome, weekly pulse, career check-in reminders, and trial-related notices.
- Process subscriptions and billing through our payment processor.
- Protect the Service, prevent abuse, and troubleshoot errors.
- Develop aggregated or de-identified insights about product usage and career-market trends, without identifying you in those outputs.
We do not sell your personal information to data brokers or advertising networks, and we do not use third-party advertising or analytics trackers. We operate first-party analytics on our public marketing pages to understand traffic and improve the product (see Cookies below). See "Sale of data and business transfers" and "Sharing with employers and recruiters" below for additional details on how our practices may change.
Sale of data and business transfers
Today, we do not sell your personal information to data brokers or other third parties for their own marketing or commercial use. We also do not sell, rent, or license datasets derived from your content for purposes unrelated to running RoleShepherd.
We may use aggregated or de-identified statistics internally to improve the product. Those outputs are not meant to identify you. If our practices ever changed in a meaningful way, we would update this policy and follow applicable law — including giving you notice and, where required, choices before anything new applied to you.
We are focused on building RoleShepherd for the long term. Like any company, we could someday merge, be acquired, or restructure. If that happened, your information might transfer as part of the transaction. We would provide notice as required by law, and the receiving organization would be bound by this policy or a successor policy that meets applicable legal requirements.
Sharing with employers and recruiters
RoleShepherd is built for you to manage your own job search. Today, we do not share your profile, resume, or application data with employers, recruiters, or other third parties so they can discover or contact you for job opportunities.
We have no plans to offer that kind of sharing. If we ever did, it would be a separate, opt-in feature — you would choose whether to participate, and we would explain how it works in an updated policy before it applied to you. Nothing in the current Service exposes your data to employers for sourcing or recruiting without your explicit action (such as applying to a job yourself).
Service providers and subprocessors
We use vetted third-party companies to help run the Service. We share information with them only as needed to perform their function on our behalf, under contractual obligations to protect your data and use it solely for providing services to us. These categories may include:
- AI and machine-learning providers — to run scoring, research, resume drafts, cover letter evaluation, interview prediction, profile interviews, and related features.
- Payment processors — to handle subscriptions, billing, and payment card transactions.
- Email delivery providers — to send transactional and account-related email.
- Web search and data providers — to support salary, culture, interview research, and company career-page discovery.
- Hosting and infrastructure providers — to store, process, and transmit data securely.
We may change providers over time without updating every reference in this policy. Content you submit for AI-assisted features may be processed on our servers and by AI subprocessors; related prompts may include job descriptions and your profile context. Do not submit information you are not comfortable having processed for the purpose of delivering the feature. Subprocessors handle data according to their own policies; we select providers we believe operate responsibly, but we do not control their systems. We do not publish a public subprocessor list. If you need details for a compliance or privacy review, email [email protected] and we will respond reasonably.
AI processing and your choices
AI-assisted features require sending relevant portions of your profile, job descriptions, and conversation content to our servers and to subprocessors that provide AI infrastructure. You can limit what you share by not using AI features, not uploading certain content, and reviewing generated output before exporting or sending it anywhere. You are responsible for deciding what information to enter into the Service and what to transmit to employers or third parties.
Cookies
We use a session cookie (roleshepherd_session) to maintain your authenticated session.
On public pages we store an anonymous visitor identifier in your browser's local storage to count unique visits and attribute traffic sources (including UTM campaign parameters).
We do not use third-party analytics or advertising cookies.
Data retention
We retain your account and profile data while your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. If you cancel a subscription, we may retain your account data so you can reactivate or export information upon request.
Your choices and rights
You may:
- Enable optional two-factor authentication in Settings → Account.
- Turn weekly pulse email on or off in Settings → Notifications.
- Configure career check-in reminders (in-app, email, or both) in Settings → Career check-ins.
- Delete your account and associated data from Settings → Account (password confirmation required).
- Cancel your subscription through the billing portal in your account settings (when available) or by contacting us.
- Request access to, correction of, or deletion of your personal data by emailing [email protected] if you cannot access your account.
We will respond to reasonable requests in a timely manner. Account deletion removes your profile, saved jobs, applications, uploaded files, and billing linkage from our systems.
Security
We use industry-standard measures, within our operational means, to protect your information:
- In transit: encrypted connections (HTTPS/TLS) between your browser and our servers.
- At rest: production database and application data reside on servers protected by full-disk encryption; exported files (such as resume PDFs) stored in cloud object storage use provider-side encryption; offsite database backups are encrypted before upload; MFA authenticator secrets are encrypted in the database with a dedicated key.
- Access controls: password hashing (bcrypt), optional two-factor authentication (TOTP), and tenant-scoped data access so each account sees only its own data.
- AI prompts: interview and scoring instructions are processed on our servers only — they are not exposed in the web application or in browser network traffic. Content you type in chat features is sent to our API over HTTPS; our servers may forward relevant context to subprocessors to run the feature (see Service providers and subprocessors).
No method of transmission or storage is completely secure. We cannot guarantee absolute security or that third-party processors will never experience a breach. If we become aware of a security incident affecting your personal information, we will notify you as required by applicable law.
California privacy rights
If you are a California resident, you may have rights under the CCPA/CPRA to access, correct, delete, or obtain a copy of your personal information, and to opt out of certain sales or sharing. We do not currently sell personal information as defined under those laws. Contact us at [email protected] to exercise your rights. We will respond as required by law.
European Economic Area, United Kingdom, and Switzerland
If you access the Service from the EEA, UK, or Switzerland, TexoByte, LLC is the controller of your personal data for purposes of applicable data-protection law.
Legal bases. We process your data when:
- Contract: to provide the Service you signed up for (account, profile, job tracking, AI features, billing).
- Legitimate interests: to secure and improve the Service, prevent abuse, and communicate about your account — balanced against your rights.
- Consent: where required (for example, optional marketing or a future opt-in feature). You may withdraw consent without affecting prior lawful processing.
- Legal obligation: where we must retain or disclose data to comply with law.
Your rights. Subject to applicable law, you may request access, correction, deletion, restriction, portability, or object to certain processing. You may also lodge a complaint with your local supervisory authority. Contact [email protected] to exercise these rights.
International transfers. We operate from the United States. Your data may be transferred to and processed in the U.S. and other countries where our service providers operate. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) for cross-border transfers.
Automated decision-making. The Service uses automated scoring and AI-generated suggestions to help you evaluate roles and prepare materials. These outputs are advisory only — they do not produce legal or similarly significant effects without your review and action. You may contact us with questions about how automated features use your data.
Other regions
Depending on where you live, you may have additional privacy rights. Contact [email protected] and we will honor applicable requests.
Children
The Service is not directed to individuals under 16. We do not knowingly collect personal information from children.
International users
The Service is operated from the United States (Tennessee). If you access the Service from outside the U.S., your information may be processed in the U.S. and other countries where our providers operate, as described above.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. Material changes may be communicated by email or in-app notice where appropriate. Continued use of the Service after changes take effect constitutes acceptance of the updated policy, except where your consent is required by law.
Contact
TexoByte, LLC
Tennessee, United States
Email: [email protected]