Privacy Policy

Controller and contact

WithMira is the controller for account, candidate-profile, resume, application, newsletter, alert, campaign, and recruiter-workflow data processed in the platform. The privacy and LGPD data-subject channel is [email protected].

What WithMira collects

WithMira collects account details, sign-in provider identifiers, candidate profile fields, resumes, parsed resume data, newsletter subscriptions and preferences, job alerts, saved jobs, applications, recruiter messages, privacy requests, and basic usage events needed to operate and improve the platform.

Purposes and legal bases

Account, profile, resume, application, saved-job, alert, and recruiter-message data are processed to provide the requested platform features and pre-contractual hiring workflows. Security, abuse prevention, audit logs, and operational diagnostics are processed under legitimate interests and legal defense needs. Newsletter delivery and optional analytics or marketing cookies are based on consent or an equivalent opt-in action where required.

Resume and profile data

Resumes are stored privately. Extracted text and structured profile fields are used to help candidates review their profile, apply to roles, and help authorized recruiters evaluate applications for a specific position. Do not upload sensitive personal data unless it is necessary for the hiring context. If sensitive information appears in a resume, WithMira limits processing to profile, application, recruiter-review, security, and legal request handling.

LinkedIn sign-in

LinkedIn login uses OpenID Connect. WithMira stores basic account fields such as name, email, profile image, and LinkedIn account identifier when provided by the sign-in flow. OAuth access tokens, refresh tokens, session tokens, and verification tokens are not included in user data exports.

Emails and notifications

WithMira may send sign-in codes, application updates, newsletters, alert confirmations, and message notifications when email delivery is enabled. Newsletter and alert emails include unsubscribe or disable links where applicable.

Analytics, campaigns, and ads

Campaign attribution may store page views and conversion events such as signup, newsletter subscription, newsletter email clicks, unsubscribe requests, alert creation, saved jobs, or applications. Advertising placements are disabled by default and should only be enabled after privacy and placement review.

Google Analytics may be used when analytics is explicitly enabled. Analytics events are limited to public pages and product actions such as job views, application clicks, signup completion, and campaign conversions; profile pages, recruiter pages, admin pages, resumes, candidate names, emails, and message content are not sent as analytics event data.

Cookie preferences

Essential cookies are required for sign-in, security, and saving privacy choices. Optional analytics cookies measure public job discovery and product events. Optional marketing cookies enable campaign attribution, Google Ads conversion tags, and LinkedIn Insight tags when those tools are configured.

Optional cookies are disabled until a visitor accepts them or saves a preference. Preferences can be changed from the Cookie preferences control in the footer.

Sharing and processors

Candidate application data is visible to authorized recruiter or admin users for the relevant workflow. Public job pages and public job APIs do not expose candidate personal data. WithMira may use infrastructure, database, storage, email, analytics, advertising, authentication, LLM, and social-platform providers to operate the service. These providers process data only for the configured service purpose and may involve international transfers.

Automated matching and human review

WithMira may generate profile summaries, candidate recommendations, and match-review notes from resumes, applications, and job requirements. These outputs are assistive. They do not automatically accept, reject, contact, or hire candidates. Candidates can request review of automated matching or profile inferences through the privacy request form.

Retention

Account, profile, resume, application, message, saved-job, and alert data are retained while the account or hiring workflow remains active, then deleted, anonymized, or restricted when no longer needed unless retention is required for security, audit, legal defense, fraud prevention, unsubscribe suppression, or compliance. Newsletter delivery records, campaign events, and audit logs are retained only as long as needed for operations and accountability.

Your LGPD rights

You can request confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information about sharing, consent withdrawal, objection, restriction, and review of automated decisions affecting your interests. Signed-in users can download a JSON data export. All users can submit a privacy request.

Open privacy requests

Security and incidents

WithMira uses authenticated access controls, private resume storage, role checks for recruiter/admin surfaces, and consent gates for optional tracking. If a security incident creates relevant risk or damage to data subjects, WithMira will assess and make the required communications to affected users and the ANPD.