Privacy Policy
Effective 2026-05-04This Privacy Policy explains how Reso ("we", "us") collects, uses, and protects personal data when you use joinreso.io and related services (the "Service").
What we collect
- Account data — email address, display name, profile photo, and authentication tokens needed to keep you signed in.
- Profile data — anything you choose to add: bio, specialization, phone, public booking handle.
- Workspace data — job briefs you claim, candidates you add, pipeline state, notes, scheduling records.
- Calendar and scheduling data — if you connect Google Calendar, we store an OAuth refresh token plus your Google email so we can read your free/busy windows and create calendar events on your behalf.
- Booking-page invitee data — when someone books a slot via a public booking page, we collect their name, email, and any optional fields configured by the booking owner.
- Technical data — standard server logs (IP, user agent, request path) retained on a short rolling window for security and debugging.
We do not sell personal data. We do not use third-party advertising or behavioural tracking SDKs.
Why we process your data
- To provide the Service you signed up for (account, scheduling, workspace).
- To secure the Service and prevent abuse.
- To send transactional emails about your account or activity.
- To improve the Service through aggregated, non-identifying analysis.
Google API services
Reso requests the following Google scopes when you connect a Google account. We use them only for the stated purpose, never for advertising or resale.
| Scope | Why we need it |
|---|---|
openid | Identify the user signing in. |
https://www.googleapis.com/auth/userinfo.email | Provision the account against the user's Google email. |
https://www.googleapis.com/auth/userinfo.profile | Populate the user's display name and avatar from their Google profile. |
https://www.googleapis.com/auth/calendar.events | Create and read calendar events when the user schedules interviews or accepts bookings via their public booking page. Required for two-way calendar sync. |
Reso's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Cookies
Reso uses only strictly necessary cookies and local storage to keep you signed in and to remember your UI preferences. We do not use cookies for advertising or cross-site tracking.
Sharing
We share personal data only with vetted service providers that help us run the Service, including Supabase (database, authentication), Vercel (hosting), Google (calendar sync, OAuth sign-in), and Stripe (payments, where applicable). Each operates under a Data Processing Agreement.
Your rights
You have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Have your data erased
- Receive a portable export of your data
- Withdraw consent at any time
Authenticated users can request a portable data export and can delete their account from the Settings page. For either request, email hello@joinreso.io. We respond within 30 days.
Security
Personal data is encrypted in transit and at rest. Database access is gated by row-level security policies. OAuth tokens are stored encrypted.
Children
The Service is not directed at children under 16 and we do not knowingly collect personal data from them.
Changes
We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the latest substantive update.
Contact
Questions or requests: hello@joinreso.io.