Privacy Policy

Last updated: April 2026

ThanksImHired is a tool that helps you find work by reaching out to local businesses that might not have a job ad live yet. This policy explains how we handle your data and the data we find about businesses you might want to work for.

We operate in the UK and follow the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

ThanksImHired is an online service. You can get in touch with us through the app's support features or by emailing our team directly.

Data we collect about you

When you use the app, we need certain information to make things work. This includes:

Google account details: We use Google OAuth for sign-in, so we receive your name, email address, and profile picture.
Your resume: If you upload a CV to help the AI write better emails, we store that file.
Campaign details: Information you provide about the roles you want, like job titles, industries, and locations you're targeting.
Email content: The drafts and sent messages you create using our AI tools.
Usage analytics: Basic data on how you move through the app so we can fix bugs and make it easier to use.

Data we collect about businesses

Our app pulls publicly available information to help you find potential employers. This is data about business entities, not private individuals. We collect:

Business name and description
Physical address and website
Publicly listed phone numbers and email addresses
Business category (e.g., "Architecture Firm" or "Bakery")

We only pull this from publicly available sources to help you find a way to get your foot in the door.

Why we process this data

We have a few legal reasons for handling this information:

Contract performance: We need your Google details and campaign info to provide the service you've signed up for.
Legitimate interests (Article 6(1)(f) UK GDPR): We process public business contact data because it's necessary for our core service. This is standard B2B outreach practice and does not override the rights of the businesses involved.
Consent: We only track optional analytics if you accept via our cookie banner.

Who else sees your data

We don't sell your data. We use the following third-party services to run ThanksImHired:

Convex — hosts our database (US-based). They are our primary data processor.
OpenAI — provides the AI that generates your personalised emails (US-based). Please note that OpenAI may use prompts submitted through their API to improve their models unless you have opted out via their data controls. The content of your emails and your resume may be included in these prompts.
Google — handles your sign-in and powers email sending through your own Gmail account (US-based).
PostHog — handles our analytics (EU-based). Only active if you accept cookies.
Serper — the search API we use to find local business listings (US-based).

For data sent outside the UK, we rely on the UK-US Data Bridge and Standard Contractual Clauses to ensure your data stays protected to UK standards.

How long we keep things

We keep your account information while your account is active. If you stop using the app, we retain your campaign data for 12 months after your last activity in case you return. If you delete a campaign, the business data scraped for that campaign is deleted immediately.

Your rights

Under the UK GDPR, you have the right to:

Access the data we hold about you
Rectification if anything is inaccurate
Erasure of your data
Restriction of processing in certain circumstances
Data portability

To exercise any of these rights, reach out through the app. If you're not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), though we'd appreciate the chance to put things right first.

Cookies

We use strictly necessary cookies to keep you logged in. If you accept via our cookie banner, we also use PostHog to understand how people use the site. You can change your mind on analytics cookies at any time.

Your responsibility

ThanksImHired is a tool. When you use it to send emails, you are the "data controller" for the business contact data you choose to process. You must ensure your campaigns comply with the law, including the Privacy and Electronic Communications Regulations (PECR) and the UK GDPR.

Don't spam people. Keep your outreach professional, relevant, and targeted. We provide the platform, but you're responsible for how you use it.

Security

Everything runs over HTTPS. We use strict access controls and industry-standard authentication. Your data is stored on secured infrastructure managed by our third-party providers.

Changes to this policy

We may update this policy from time to time as we add features or the law changes. Check back here to stay in the loop.