PRIVACY POLICY
Last updated: March 2026
1. INTRODUCTION
Nabbed.io ("Nabbed," "we," "us," or "our") is operated by [Nabbed LLC — update with legal entity name]. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at nabbed.io, the Nabbed Chrome extension, and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. DATA WE COLLECT
Account Data
When you create an account, we collect your name and email address. Passwords are hashed and managed securely through Supabase Auth — we never store plaintext passwords.
Job Search Data
Data you create within the Service, including job applications, pipeline entries, contacts, notes, cover letters, resumes, and related career management content. This data is created by you and stored on your behalf.
Usage Data
We collect anonymized usage data including page views, feature usage, and session information to improve the Service. This data is collected via Google Analytics.
Payment Data
Payment processing is handled entirely by Stripe. Nabbed does not store, process, or have access to your full credit card numbers, bank account details, or other payment instrument data. Stripe's handling of your data is governed by their privacy policy.
Chrome Extension Data
The Nabbed Chrome extension operates locally in your browser. When you explicitly trigger it on a job board page, it reads page content to extract job details for autofill purposes. This page content is processed locally and is not stored on our servers unless you choose to save the extracted job to your pipeline. The extension does not read or collect data from pages you have not navigated to.
Waitlist Data
If you join our waitlist, we collect only your email address.
3. HOW WE USE YOUR DATA
- To provide, operate, and improve the Nabbed Service
- To process payments via Stripe
- To send transactional emails related to your account and billing via HubSpot
- To enrich contact and company data you add to Nabbed via People Data Labs (PDL)
- To power AI features (cover letter generation, resume matching, fit scoring) via the Anthropic Claude API — user content may be sent to Anthropic for processing
- To analyze usage patterns and improve the Service via Google Analytics
We do not sell your personal data to third parties.
We do not use your data to train AI models without your explicit consent.
4. THIRD-PARTY SERVICES
We use the following third-party services to operate Nabbed. Each has its own privacy policy governing how they handle data:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database & authentication | supabase.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| Anthropic (Claude API) | AI-powered features | anthropic.com/privacy |
| People Data Labs | Contact & company enrichment | peopledatalabs.com/privacy |
| Vercel | Hosting & deployment | vercel.com/legal/privacy-policy |
| HubSpot | Email & CRM | legal.hubspot.com/privacy-policy |
| Google Analytics | Site analytics | policies.google.com/privacy |
5. COOKIES
Essential Cookies
We use session cookies for authentication purposes. These are required for the Service to function and cannot be declined.
Analytics Cookies
We use Google Analytics cookies to understand how visitors interact with our site. You may decline analytics cookies through your browser settings.
No Advertising Cookies
Nabbed does not use advertising or tracking cookies. We do not serve ads.
6. DATA RETENTION
- Active accounts: Your data is retained for as long as your account is active.
- Deleted accounts: Upon account deletion, all associated data is permanently purged within 30 days.
- Waitlist emails: Retained until product launch plus 90 days, then deleted.
7. YOUR RIGHTS (GDPR / CCPA)
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right to access — Request a copy of the personal data we hold about you
- Right to correction — Request correction of inaccurate personal data
- Right to deletion — Request deletion of your personal data
- Right to data portability — Request an export of your data in a machine-readable format
- Right to restrict processing — Request that we limit how we use your data
- Right to object — Object to our processing of your personal data
To exercise any of these rights, contact us at privacy@nabbed.io. Data deletion requests are honored within 30 days.
California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to opt out of the sale of personal information. As stated above, Nabbed does not sell personal data.
8. CHILDREN
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.
9. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at the address associated with your account. Your continued use of the Service after such notification constitutes acceptance of the updated policy.
10. CONTACT
If you have questions about this Privacy Policy or how your data is handled, please contact us at: