Privacy Policy
We respect your privacy. This page explains what personal data we collect, why we collect it, how long we keep it, and the choices you have.
Last updated: November 1, 2025
1. Introduction
Bespree ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our job search platform and services.
2. Information We Collect
2.1 Personal Information
When you register for an account, we may collect:
- Name and contact information (email address, phone number)
- Profile information (location, work preferences)
- Resume and employment history
- Authentication information (through Google Sign-In)
2.2 Usage Information
We automatically collect information about your use of our services:
- Device information and browser type
- IP address and location data
- Usage patterns and preferences
- Cookies and similar technologies
3. How We Use Your Information
We use your information to:
- Provide and improve our job search services
- Match you with relevant job opportunities
- Communicate with you about our services
- Ensure security and prevent fraud
- Comply with legal obligations
4. Information Sharing
We may share your information with:
- Employers when you apply for jobs
- Service providers who assist our operations
- Legal authorities when required by law
- Business partners with your consent
We do not sell your personal information to third parties.
5. Google Sign-In
We use Google OAuth 2.0 to let you sign in securely with your Google account. We do not receive your Google password.
- Data we receive: your Google account ID, name, email address, and profile picture (if available).
- Scopes we request:
openid,email,profile. We do not request access to Gmail, Contacts, Calendar, Drive, or other Google data. - How we use it: solely for authentication and account creation (and to prefill your profile, if you choose). We do not post to Google or share this information with third parties without your consent.
- Token handling: we store minimal OAuth identifiers/tokens needed to maintain your session. Tokens are subject to provider expiry/rotation and are protected in our systems (e.g., encryption at rest where supported).
- Disconnect at any time: you can disconnect Google from your Bespree account in Settings, or revoke access from Google’s Third‑party access page.
Your use of Google services is governed by Google’s Privacy Policy and Terms of Service.
5a. Facebook Login
If you choose to sign in using Facebook Login, we receive limited information from Facebook such as your name, email address, and profile picture (if available). We use this information solely for authentication and account creation. Your use of Facebook is also governed by Facebook’s Privacy Policy.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
7. Geolocation and Analytics
This section explains how we process IP addresses and derived location data for localization, security, and analytics. We apply safeguards so that only pseudonymized information is retained.
7.1 How we collect location information
We derive an approximate location from the network connection used to access our services. Our servers receive the IP address with your request (either directly or via trusted proxies) and apply internal truncation before any logging or storage (we require this ordering in production), so only a pseudonymized IP and coarse geographic attributes are retained. We do not use third‑party geolocation APIs, GPS, Bluetooth beacons, or mobile device sensors for this purpose.
7.2 Data we process
- Ephemeral (in memory only): raw client IP used momentarily to determine geography, then discarded.
- Pseudonymized data we retain: truncated IP (IPv4 last octet masked; IPv6 first three segments kept ≈ /48 and the rest truncated) and coarse attributes (country, region/state, time zone, EU/California indicator), plus minimal cache metadata.
- We do not store: precise street address or household-level coordinates, full IP addresses in logs/datastores, ISP/carrier identifiers, or location linked to identified profiles without a separate lawful basis.
7.3 Legal basis and transfers
We rely primarily on legitimate interests (GDPR Art. 6(1)(f))to provide localized content, maintain security, and prevent abuse. Where local law requires consent for specific analytics features, we will request it separately. For cross‑border transfers, we rely on recognized safeguards such as our EU–US Data Privacy Framework self‑certification (if applicable) or standard contractual clauses. You may object to this processing at any time—see your rights below.
7.4 Retention
- Pseudonymized IP and derived geo attributes: up to 60 days.
- GeoIP cache entries (geoip-lite): up to 24 hours.
- Aggregated, non‑identifiable statistics may be retained longer for analytics and reporting.
7.5 Sharing and disclosure
We do not sell geolocation data or share it for cross‑context behavioral advertising. Access is limited to authorized personnel, service providers under appropriate agreements, and regulators when required by law.
7.6 Your choices and rights
Depending on your location, you may have rights to object, access, correct, delete, or restrict processing of pseudonymized geolocation data, and to exercise California privacy rights. To exercise these rights, contact us at privacy@bespree.com or use the options available in your account or via our contact form.
7.7 Safeguards
- Pseudonymization of IP addresses before storage or logging
- Encryption in transit; at‑rest encryption where supported by our infrastructure
- Role‑based access controls; audit logging for privacy events where implemented
- Retention schedules and deletion processes (automation where available)
- Privacy reviews for features using geolocation data
Data Retention
We retain personal data only as long as necessary for the stated purposes.
| Category | Purpose | Retention |
|---|---|---|
| Account profile | Provide and secure your account | While account is active + 24 months after last activity |
| Applications/Resumes | Job application workflows | Until you delete, or 24 months after submission (configurable) |
| Support tickets | Customer support & QA | 24 months |
| Billing/transactions | Tax and accounting | 7 years (or local law) |
| Server logs (pseudonymized) | Security & abuse prevention | ≤ 60 days (roll/rotate) |
| Geo cache (pseudonymized) | Performance | 24 hours |
Retention may be extended to comply with legal obligations or to establish, exercise, or defend legal claims.
Legal Bases (GDPR)
| Purpose | Legal Basis | Examples |
|---|---|---|
| Provide the service | Art. 6(1)(b) Contract | Account creation, job applications, resume builder |
| Security & fraud prevention | Art. 6(1)(f) Legitimate interests | Abuse monitoring, pseudonymized logging |
| Analytics (non-essential) | Art. 6(1)(a) Consent | Aggregated product analytics (if enabled) |
| Payments & invoicing | Art. 6(1)(c) Legal obligation | Tax, accounting retention |
Where we rely on legitimate interests, we perform a balancing test and apply safeguards (e.g., pseudonymization, limited retention).
8. Your Rights
You have the right to:
- Access and update your personal information
- Delete your account and associated data
- Opt-out of marketing communications
- Request data portability
Need to delete your data? Visit our Data Deletion page for detailed instructions on how to request deletion of your personal information.
9. Cookies & Analytics
We use essential cookies for core functionality. If you consent, we also use analytics to understand product usage and improve performance. We use Google Analytics to collect aggregated usage metrics. IPs are truncated and data is subject to Google’s policies. You can opt out via your browser settings or our cookie controls.
- Essential cookies: strictly necessary for security and sign-in.
- Analytics cookies (optional): measure usage and product performance.
See our Cookie Policy for details.
10. Children's Privacy
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.
12. Contact Us
Email: privacy@bespree.com
Postal address available upon request. For legal notices, email privacy@bespree.com and we will provide mailing details.
If you are in the EEA/UK, you may also contact your local supervisory authority.
If you have any questions about this Privacy Policy, we're here to help.
Privacy Questions?
Our privacy team is here to help with any concerns.
Website: bespree.com