Effective 1 May 2025

Privacy Policy

Hudace Ltd operates Landed("the Service"). This policy explains what data we collect, why we collect it, how we protect it, and your rights as a user.

1. Who we are

Hudace Ltd ("we", "us", "our") provides Landed, an automated job-search and application platform accessible at landed.hudace.com. Questions or requests relating to this policy should be directed to privacy@hudace.com.

2. Data we collect

Account and profile data

When you create an account we collect your name, email address, professional field, target job title, years of experience, seniority level, job preferences, salary range, target locations, and your self-described niche. This is used solely to personalise job discovery and tailor application materials.

Resume data

If you upload a resume we store the file and extract its text content. If you build a resume through the platform we store the structured content you provide. Resume text is passed to our AI provider (Anthropic Claude) to produce tailored versions per application — it is not used to train any AI model.

Platform credentials (optional)

If you choose to connect job platforms (LinkedIn, Indeed, Naukri, Bayt), you may provide login credentials. These are encrypted end-to-end using AES-256-GCM before being stored. We never store credentials in plain text and they are only decrypted inside the browser-automation worker at the moment of use.

Gmail integration (optional)

If you connect Gmail, we store an OAuth refresh token (encrypted, never your password) and scan your inbox for application-related emails — rejections, interview invites, and recruiter replies. We read only emails relevant to your job search; we do not read, index, or store unrelated mail.

Application and activity data

We record every job application made on your behalf: company, job title, URL, application status, ATS score, and the tailored resume and cover letter used. This data is yours and is visible in your pipeline dashboard.

Usage data

We collect standard server logs — IP address, browser type, pages visited, and timestamps — for security monitoring and debugging. We do not sell this data or use it for advertising.

3. How we use your data

  • Discovering and scoring job listings that match your profile
  • Generating tailored resumes and cover letters via AI for each application
  • Submitting applications to job platforms on your behalf
  • Tracking application status by scanning your connected Gmail inbox
  • Sending email notifications about application activity (if enabled)
  • Improving the relevance of job matching over time
  • Complying with legal obligations

We never sell your data to third parties. We never use your resume or personal data to train AI models.

4. Third-party services

The Service relies on the following sub-processors. Each is bound by its own privacy policy and applicable data protection law.

ProviderPurposeData shared
ClerkAuthentication & session managementEmail, name
MongoDB AtlasPrimary databaseAll user and application data
Anthropic (Claude)Resume tailoring & keyword extractionResume text, job description
ResendTransactional email notificationsEmail address, application summary
Apollo.ioRecruiter contact enrichmentCompany name (no personal data)
Adzuna / JSearchJob discoverySearch query (field, location — no personal data)
VercelHosting & serverless computeHTTP request data, logs

5. Data security

We apply industry-standard security measures including:

  • AES-256-GCM encryption for all stored platform credentials and OAuth tokens
  • TLS 1.3 in transit for all API and database connections
  • Clerk-managed authentication with short-lived session tokens
  • Field-level select: false on sensitive database fields — credentials are never returned in general queries
  • Environment variables for all secrets — never committed to source control

No system is perfectly secure. In the event of a data breach that is likely to result in risk to your rights or freedoms, we will notify you and any applicable supervisory authority within 72 hours of becoming aware.

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, we delete your profile, credentials, and resume data within 30 days. Anonymised aggregate statistics (application counts, ATS score distributions) may be retained indefinitely with no link to your identity.

Application records and Gmail scan history are retained for 2 years from creation to allow you to refer back to your job-search history.

7. Your rights

Depending on your jurisdiction, you may have some or all of the following rights:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your account and all associated personal data.
  • Restriction: Ask us to stop processing certain data while a dispute is resolved.
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent: Withdraw any consent you have previously given at any time.

To exercise any of these rights, email privacy@hudace.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Cookies

We use a single session cookie (__landed_ob) to track whether you have completed onboarding. This cookie does not contain personal data, is not used for tracking or advertising, and expires in 5 years or when you delete your account.

Clerk may set additional authentication cookies required to maintain your login session. These are essential cookies and cannot be disabled without breaking the Service.

9. Children

The Service is not directed at anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at privacy@hudace.com and we will delete it promptly.

10. International transfers

Your data is primarily stored in MongoDB Atlas clusters in the US and EU regions, and processed on Vercel infrastructure globally. Where data is transferred outside of the EEA, we rely on Standard Contractual Clauses or adequacy decisions to ensure appropriate protection.

11. Changes to this policy

We may update this policy from time to time. When we make material changes we will notify you by email (if you have notifications enabled) and update the effective date at the top of this page. Continued use of the Service after the update constitutes acceptance of the revised policy.

12. Contact

For any privacy-related questions, requests, or complaints:

Hudace Ltd
landed.hudace.com

© 2026 Hudace Ltd. All rights reserved.