YOUR DATA.
YOUR CAMPAIGN.
FULL STOP.

Scoutwork (“we,” “us,” or “the product”) is a career offense platform built to help professionals reach target companies before roles are publicly posted. This policy describes what data we collect when you use Scoutwork, how we use it, and the controls you have over it.

We are currently in closed beta. By requesting an invite or using the product, you agree to the practices described here.

Scoutwork is operated as a sole proprietorship. Questions, corrections, and deletion requests go to the email address at the bottom of this page and will be handled directly.

• Email address — collected when you request an invite or create an account.
• Resume or career history — uploaded voluntarily to generate a positioning brief. Stored to power the Positioning module.
• Target company names and domains — entered by you to trigger company intelligence research.
• Contact names, titles, and notes — added by you as part of campaign tracking.
• Outreach drafts and artifacts — generated and saved within the product at your direction.

• Authentication data — session tokens and OAuth tokens issued by Supabase and Google.
• Usage logs — pages visited, features triggered, and timestamps. Used to diagnose bugs and understand how the product is used. Not sold or shared with advertisers.
• Browser and device metadata — user agent, viewport size. Collected by Vercel infrastructure logs.

• Google account profile — if you sign in with Google, we receive your name and email address from Google OAuth. We do not request access to your Gmail inbox, Google Drive, or any other Google service beyond authentication unless explicitly stated and consented to separately.
• Hunter.io — if you use the email finder feature, a contact's name and company domain are sent to Hunter.io to retrieve a likely email address. Hunter.io's privacy policy governs their handling of that data.

• Provide and operate the product — generate intelligence briefs, positioning documents, and outreach artifacts.
• Authenticate your account and maintain your session.
• Store your campaign data so it persists between sessions.
• Diagnose errors and improve product reliability.
• Send you product updates and beta access notifications if you have requested an invite. You can opt out of these at any time.

We do not use your resume, campaign data, or outreach drafts to train AI models. The Anthropic API is used to generate content; Anthropic's usage policies govern how API inputs are handled on their side.

We do not sell, rent, or trade your personal data to any third party for advertising, marketing, or commercial purposes.

• Infrastructure providers — Vercel (hosting), Supabase (database and authentication), and Anthropic (AI generation) process data on our behalf. Each is bound by their own privacy policies and, where applicable, data processing agreements.
• Hunter.io — name and domain data is shared when you explicitly use the email finder feature. No data is shared passively.
• Legal requirements — we will disclose data if required by law, court order, or to protect the safety of users or others.

We do not have advertising partners. We do not use tracking pixels or third-party analytics SDKs beyond what Vercel infrastructure logs collect by default.

• We request your name and email address only. We do not request access to your Gmail, Google Drive, Google Calendar, or any other Google service as part of the standard authentication flow.
• Your Google refresh token is stored securely in our Supabase database and used only to maintain your authenticated session.
• If we add Gmail send functionality in the future, we will request that additional scope separately, explain clearly what it does, and require your explicit consent before enabling it.
• You can revoke Scoutwork's access to your Google account at any time by visiting myaccount.google.com/permissions.

Scoutwork's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

We retain your data for as long as your account is active. If you close your account or request deletion, we will remove your personal data within 30 days, except where retention is required by law.

Invite list emails are retained until you ask to be removed or the beta concludes, whichever comes first.

Vercel infrastructure logs are retained per Vercel's default retention policies (typically 30 days).

User data is transmitted over HTTPS and stored in Supabase, which encrypts data at rest. Access to the database is restricted to the product infrastructure; no data is accessible to unauthorized parties. We follow Supabase's security practices for data protection.

• Access — request a copy of the data we hold about you.
• Correction — ask us to fix inaccurate data.
• Deletion — ask us to delete your account and associated data.
• Portability — request your campaign data in a structured, machine-readable format.
• Opt-out — unsubscribe from product emails at any time.

To exercise any of these rights, email us at the address in the Contact section. We will respond within 30 days.

We do not discriminate against users who exercise privacy rights.

This policy may be updated as the product evolves. Material changes will be communicated to registered users by email before they take effect.