Privacy

What HAP is, in one line

HAP turns your public work into a verified profile that applies to roles for you. The trust root is dereferenced evidence, not self-reported text. Hiring decisions are always made by humans — HAP only verifies what you cited.

What we collect

• Public GitHub data we pull on your behalf when you build a profile: your handle, public repos, public commits whose author email matches your verified GitHub identity, public talks and links you cite.
• Opt-in local Claude Code footprint metadata: project names and session counts only — never raw transcript text, prompts, or code. This is read on your own machine, never uploaded raw, and only triggered when you pass --with-claude.
• If you sign in with GitHub: your GitHub login, display name, and avatar URL — stored only in a signed cookie on your device, not in our database.
• If you apply to a role: the application packet (your answers + cited evidence) is sent to the employer's HAP inbox. We do not see it unless the employer is running the reference inbox on infrastructure we operate.
• If you opt in to the discovery index: your hap.profile (excluding inbox contact) becomes searchable by identified recruiters, ranked on verified evidence only. Your contact is gated by the per-day cap you set.

What we do not collect

• Private GitHub repositories or their contents.
• Raw Claude Code transcripts, prompts, or code from your local sessions.
• Anything an OAuth scope wider than read:user would unlock — we don't request more.
• Tracking cookies, analytics fingerprints, or third-party ad pixels on the landing site. Only localStorage is used, and only for your theme + language preference.

Third parties

• GitHub API — to verify cited links and (if you sign in) confirm your identity. Subject to GitHub's terms.
• Optional LLM provider — OpenAI or Anthropic, used only for the candidate-agent's text generation. If you don't configure a key, HAP falls back to template answers. Your evidence URLs are sent; your private data is not.
• Fly.io — if you use the reference inbox/index deployments operated by renlab, traffic and the SQLite volume live on Fly's infrastructure in our chosen region.

Automated decisions

HAP's scorer is a verification tool, not a hiring decision. It opens cited links, checks whether they exist and are yours, and produces a verdict (fit / no_fit / needs_review). The employer always reads it; the hire/no-hire decision is human. We do this deliberately so HAP works under GDPR Article 22, NYC LL144, and the EU AI Act's hiring provisions.

Your rights

• Unpublish from the discovery index at any time (npm run profile … or DELETE on the index).
• Ask the employer who received your application to delete it — they hold the data, not us.
• Export everything: your hap.profile is a JSON file you already own.
• If you signed in with GitHub, sign out at any time at /sign-in — the cookie is the only thing we hold for you.
• If you are in the EU, UK, or jurisdictions with equivalent rights (right of access, rectification, erasure, restriction, portability, objection), email the contact below.

Retention

Applications received by an employer live in that employer's inbox database; the employer chooses how long to keep them. Discovery-index entries live until you unpublish. Sign-in cookies expire 30 days after issue and on logout.

Security

Inbox-to-dashboard reads are gated by a bearer token only the operator and the dashboard hold. Discovery search requires a recruiter identity and is rate-limited per recruiter. Identity claims are lifted from asserted to proven via a HAP-PROOF gist on your GitHub. None of this prevents a determined impersonator with full control of someone's GitHub — HAP is honest about "防君子不防小人".

Children

HAP is not intended for users under 16. Don't use it if you are under that age.

Changes

We'll bump the date at the top and, if anything material changes, note it in the GitHub repo's CHANGELOG. The full history of this page is in git.

Contact

Privacy questions or rights requests: jobs@renlab.ai. The source for this page lives at apps/web/app/privacy/page.tsx in the public repo.