Privacy Policy

Boba ("we", "our", or "us") operates a talent sourcing platform connecting active job seekers with recruiters and hiring managers. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

We take your privacy seriously. We collect only what we need, store it securely, and never sell your personal data to third parties.

We collect information you provide directly when creating an account or filling out your profile:

• Account information: email address and password (hashed, never stored in plaintext)
• Candidate profiles: name, location, headline, bio, work experience, education, skills, salary expectations, and availability
• Resume files uploaded to our secure storage
• Contact information: phone number, LinkedIn, GitHub, and portfolio links (visible only to recruiters who unlock your profile)
• Recruiter information: company details and billing information processed by Stripe

We also collect limited usage data automatically, such as pages visited and features used, to improve the product. We do not use tracking pixels or third-party advertising SDKs.

We use the information we collect to:

• Provide and operate the Boba service
• Display candidate profiles to recruiters who have an active subscription
• Process subscription payments through Stripe
• Send transactional emails (account confirmation, password reset)
• Improve search relevance and platform quality
• Respond to support requests

We do not use your data for advertising, and we do not sell or share personal data with data brokers or marketers.

As a candidate, your profile (excluding direct contact information) is searchable by recruiters on Boba. Your email, phone number, and other contact details are hidden behind a credit gate, a recruiter must spend a contact credit to unlock them.

You can delete your profile at any time from your account settings. Deletion removes your profile from search results immediately and permanently removes your data from our systems within 30 days.

Your data is stored in Supabase (Postgres), hosted on infrastructure that complies with SOC 2 Type II standards. Resume files are stored in Supabase Storage with access-controlled URLs.

We use industry-standard encryption in transit (TLS 1.2+) and at rest. Passwords are hashed using bcrypt and are never stored in plaintext. We do not have access to your password.

We use the following third-party services, each with their own privacy policies:

• Supabase, database and authentication infrastructure
• Stripe, payment processing (we never store raw card details)
• Vercel, hosting and edge delivery

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your account and all associated data
• Export your profile data in a portable format
• Withdraw consent for data processing at any time

To exercise any of these rights, email us at privacy@getonboba.com. We will respond within 30 days.

We use strictly necessary session cookies for authentication. We do not use advertising cookies or third-party tracking cookies. You can disable cookies in your browser, but this will prevent you from staying signed in.

Boba is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date above. Continued use of Boba after changes constitutes acceptance of the updated policy.

Questions about this Privacy Policy? Reach us at privacy@getonboba.com.