← Back to Home

Privacy Policy

Last updated: January 2026

Overview

HenryHQ ("we," "our," or "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our job search strategy platform at henryhq.ai (the "Service").

By using HenryHQ, you consent to the data practices described in this policy. If you do not agree with our practices, please do not use our Service.

Information We Collect

Information you provide directly:

  • Resume and professional background information
  • LinkedIn profile data (when you choose to upload it)
  • Job descriptions you submit for analysis
  • Account information (email, password)
  • Application tracking data you input
  • Chat conversations with our AI assistant (Hey Henry)
  • Feedback and survey responses

Information collected automatically:

  • Device information (browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • IP address and approximate location
  • Cookies and similar tracking technologies

How We Use Your Information

We use the information we collect to:

  • Provide personalized job search strategy and document generation
  • Analyze job fit and provide honest assessments
  • Generate tailored resumes, cover letters, and other materials
  • Track your application pipeline
  • Improve our AI models and service quality
  • Send service-related communications
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

AI Training: We may use anonymized and aggregated data from user interactions to improve our AI systems. Your personal information is never sold or shared for advertising purposes.

Third-Party Services

We use the following third-party services to operate HenryHQ:

  • Anthropic (Claude API) - Powers our AI analysis and document generation. Your prompts and career data are sent to Anthropic for processing. Anthropic's privacy policy applies to this data: anthropic.com/privacy
  • Supabase - Provides database and authentication services with enterprise-grade security and encryption
  • Google Analytics - Collects anonymous usage statistics to help us improve the Service. You can opt out using browser extensions or settings
  • Vercel - Hosts our application infrastructure

We carefully vet our service providers and require them to protect your data in accordance with this policy.

Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences
  • Analyze how our Service is used
  • Improve user experience

Essential cookies are required for the Service to function. Analytics cookies (Google Analytics) help us understand usage patterns. You can control cookies through your browser settings, though this may affect functionality.

Data Storage and Security

Your data is stored securely using industry-standard encryption (TLS in transit, AES-256 at rest). We use Supabase for database services, which provides enterprise-grade security including row-level security policies.

Security measures include:

  • Encrypted data transmission (HTTPS)
  • Encrypted database storage
  • Regular security audits
  • Access controls and authentication
  • Rate limiting to prevent abuse

We do not sell or share your personal information with third parties for marketing purposes.

Data Retention

We retain your data as follows:

  • Account data: Retained while your account is active, deleted within 30 days of account deletion request
  • Generated documents: Retained while your account is active
  • Chat history: Last 20 messages retained for context; older messages automatically purged
  • Usage analytics: Aggregated data retained for up to 26 months

Your Rights

You have the right to:

  • Access - Request a copy of your personal data
  • Correction - Request correction of inaccurate data
  • Deletion - Request deletion of your account and data
  • Portability - Export your data in a machine-readable format
  • Restriction - Request limitation of processing in certain circumstances
  • Objection - Object to processing based on legitimate interests

To exercise these rights, contact us through our contact page. We will respond within 30 days.

International Users

HenryHQ is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

For EU/EEA users: We process your data based on your consent and our legitimate interests in providing the Service. You have rights under GDPR including those listed above.

For California residents: Under CCPA, you have the right to know what personal information we collect, request deletion, and opt out of sale (we do not sell personal information). Contact us to exercise these rights.

Children's Privacy

HenryHQ is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or your data, please visit our contact page.