EvenBetter
Sign inGet started
Legal

Privacy

Last updated: 13 May 2026

This notice explains what personal information EvenBetter collects, what we do with it, and the controls you have over it. Section 4 covers our use of de-identified inputs to improve benchmark quality — read it carefully.

1. Who we are

EvenBetter is operated by EvenBetter Technology Pty Ltd, an Australian company. This Privacy notice explains what personal information we collect when you use the EvenBetter Service, what we do with it, and the controls you have over it. It works alongside our Terms & Conditions.

2. What we collect

We collect the following categories of information:

  • Account information — name, work email, organisation, password hash (managed by our auth provider), and authentication timestamps. We never see your password.
  • Service inputs — the job descriptions and offer details you paste, the extracted role facts (title, skills, location, experience band, expected pay), and the benchmark reports we generate for you.
  • Technical & usage data — IP address, browser/device, pages visited, feature interactions, error logs, and performance traces. Used to keep the Service running and improve UX.
  • Billing data — handled by our payment processor (Stripe). We see plan tier, credit balance, and invoice metadata; we never see full card numbers.
  • Support communications — anything you email us, chat to us, or submit via feedback forms.

3. How we use your information

We use the information we collect to:

  • Provide the Service and deliver benchmark reports to you.
  • Maintain account security and detect abuse (rate-limiting, anomaly detection, fraud prevention).
  • Bill, collect payments, and meet our tax / record-keeping obligations.
  • Improve the Service — including the de-identified use described in Section 4 below.
  • Respond to support requests and operational notifications (e.g. credit-balance alerts, scheduled maintenance).
  • Comply with applicable Australian and overseas law, and cooperate with lawful regulator or court requests.

We do not use your account-linked inputs to train large language models for other parties, and we do not sell your personal information.

4. Use of de-identified inputs

To improve benchmark accuracy and user value, EvenBetter may retain and analyse the job descriptions, offer details, and report outputs you submit in a de-identified, aggregated form.

Before any input enters the improvement pipeline, we strip the identifiers that could tie it back to you or your organisation: your name, account email, employer name, internal job codes, and account-linked metadata. De-identified inputs are then blended with data from other users and never attributed back to you, your account, or your organisation. We do not sell, license, or otherwise share your raw inputs (identified or de-identified) with third parties for their own marketing or recruitment purposes.

The operative legal language is in Terms & Conditions §5. If you would prefer your inputs not be used to improve the Service, email [email protected] and we will exclude your account from the pipeline within 30 days.

5. Sub-processors and disclosure to third parties

We use a small set of vetted sub-processors to run the Service. Each handles a specific function and accesses only what it needs:

  • Clerk (US) — authentication, account management.
  • Vercel (US) — application hosting and edge delivery.
  • Neon (US/EU) — primary database (account, reports, transactions).
  • Anthropic (US) — large-language-model inference for JD extraction and report orchestration. JD content is sent to Anthropic as untrusted text; we strip PII via a Haiku pre-pass before any persistence.
  • Stripe (US) — payment processing and invoicing.
  • Sentry (US) — error monitoring and performance traces.
  • Job-board data providers (LinkedIn, Indeed, SEEK, ABS, and AU salary guide publishers) — read-only sources that we query, never write to.

We disclose your personal information only to (a) these sub-processors to operate the Service, (b) where you instruct us to (e.g. inviting a teammate), or (c) where required by law. We do not sell your personal information.

6. International transfers

Several of our sub-processors are based in the United States. When your personal information is transferred outside Australia, we rely on contractual safeguards (data-processing agreements with each sub-processor) and on Australian Privacy Principle 8 protections. By using the Service you consent to these transfers. You can review our current sub-processor list above in Section 5; we will update it whenever a sub-processor changes.

7. Cookies and tracking

We use a small number of first-party cookies for session management (managed by Clerk) and a single localStorage entry (evenbetter.terms.accepted) to remember that you accepted our Terms during sign-up. We do not deploy advertising or cross-site tracking cookies, and we do not embed third-party analytics that fingerprint visitors. Anonymous server-side request logs are retained for 30 days for security and debugging.

8. Data retention

We retain account-linked data for as long as your account is active. After you delete your account or request erasure (see Section 9), we delete account records within 30 days, subject to:

  • Backups, which expire on a 30-day rolling schedule — deleted records vanish from backups within that window.
  • Billing records, which we retain for 7 years to meet Australian tax-recordkeeping requirements.
  • De-identified inputs in the improvement pipeline, which are not tied to your account and remain in the aggregated dataset (see Section 4). Excluding your account from the pipeline going forward is separate from removing past inputs that have already been de-identified and merged.

9. Your rights

Under Australian Privacy Principles you can:

  • Access — request a copy of the personal information we hold about you.
  • Correct — ask us to fix inaccurate or out-of-date information.
  • Delete — close your account and have your account-linked data erased (subject to the retention exceptions in Section 8).
  • Opt out of the improvement pipeline — exclude your future inputs from the de-identified improvement use described in Section 4.
  • Object to processing — tell us if you object to a particular use of your information.

To exercise any of these rights, email [email protected]. We will respond within 30 days. We may need to verify your identity before acting on a request.

10. Security

We use industry-standard technical and organisational measures to protect personal information: encryption in transit (TLS 1.3) and at rest, scoped access controls for staff, audit logs on database reads/writes, and regular dependency-vulnerability scanning. No method of transmission or storage is 100% secure — if we become aware of an eligible data breach we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme.

11. Children

The Service is intended for adults using EvenBetter in a professional capacity. We do not knowingly collect personal information from anyone under 18. If you believe a minor has signed up, contact [email protected] and we will delete the account.

12. Complaints

If you believe we have mishandled your personal information, please contact us first at [email protected]. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

13. Changes to this notice

We may update this Privacy notice from time to time. Material changes will be notified via email or an in-app banner at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the current revision.

14. Contact

Questions about this notice or your personal information? Email [email protected].

EvenBetter is operated by EvenBetter Technology Pty Ltd. This notice is provided in plain English for the v1.1 validation phase; a fully Privacy-Act / GDPR-reviewed version will replace it before public launch.