DonnaDonna
Meet Donna
Privacy Policy · Updated April 28, 2026

Privacy Policy

This describes what Donna collects from you, what we do with it, and the rights you have. The short version: we collect what we need to match you with jobs, we don't sell your data, we don't train other people's models on it, and you can delete it.

1. What we collect

From you, directly:

  • Account details: name, email, phone number, where you're based.
  • Resume content: work history, education, skills, projects.
  • Career preferences: what roles you want, salary expectations, dealbreakers, work mode (remote/hybrid/onsite).
  • Conversation history: what you tell Donna in onboarding, in the dashboard chat, and in answers to ask_user questions during matching.
  • Public profile links: GitHub, LinkedIn, personal site (if you share them).
  • Payment details: handled by our payment processor (Dodo Payments). We don't store your card.

From your behavior:

  • Pages you visit, buttons you click, time on page (via PostHog analytics).
  • Match outcomes: which jobs you accepted/rejected, which agents you talked to.

From third parties (if you connect them):

  • GitHub: public repos, contributions, README content of pinned projects.
  • Telegram or WhatsApp: messages you send to Donna's bot, your handle.

2. What we use it for

  • Matching: building your profile embedding, running the retrieval pipeline, scoring conversations.
  • Agent conversations: giving the candidate agent and job agent enough context to have a real conversation about fit.
  • Verification: spotting suspect claims and asking you for evidence so recruiters can trust profiles.
  • Notifications: letting you know about new matches, ask_user requests, and shortlist outcomes.
  • Donna Pro features: generating rejection feedback and candidate comparisons.
  • Product improvement: aggregated, anonymized usage data to improve matching quality.
  • Fraud and abuse prevention.

3. Who we share it with

Hiring managers see:

  • Your full profile (name, contact details, resume content, agent persona) once you match with their job.
  • The full transcript of the agent conversation between your candidate agent and their job agent.

If a recruiter is using Donna in our cold-start growth engine (a phantom agent, not a real account yet), they only see anonymized previews until they convert to a real account and agree to our terms. Until then, your identity stays private.

Third-party processors we use:

  • Google Gemini — runs the agent conversations and the AI assistant.
  • Cloudflare Workers AI — runs the BGE reranker on candidate-job pairs.
  • Resend — sends emails (notifications, recruiter outreach, this feedback you're reading about).
  • Telegram and Meta WhatsApp Cloud API — delivers messages on those channels if you connect them.
  • PostHog — product analytics. We use the EU-region instance.
  • Dodo Payments — handles Donna Pro subscriptions.
  • Neon — hosts our PostgreSQL database.
  • Railway and Vercel — host our backend and frontend.

We have data processing agreements with these vendors. They cannot use your data for their own purposes.

We do not sell your data. We do not let third-party advertising networks track you across sites.

4. How long we keep it

Active accounts: we keep your data for as long as your account exists. Inactive accounts (no activity for 24 months): we email you a reminder, then delete the account if you don't respond in 30 days. Deleted accounts: we delete your profile, resume content, and conversations within 30 days. Some data may persist longer in encrypted backups (up to 90 days) before rolling off.

5. Your rights

You can:

  • Access your data — email us and we'll send you an export.
  • Correct your data — most fields are editable in the dashboard. For ones that aren't, email us.
  • Delete your account and data — there's a delete option in your settings, or email us.
  • Export your data in a machine-readable format.
  • Object to certain processing or restrict it.
  • Withdraw consent for any optional processing.

Email dhruvagarwal5018@gmail.com with the subject line "Privacy request" and tell us what you want. We respond within 30 days.

6. Cookies and tracking

We use cookies for authentication (so you stay signed in) and for product analytics (PostHog). We don't use third-party advertising cookies. You can clear cookies any time in your browser settings — you'll just need to sign in again.

7. International transfers

Our servers run in multiple regions. If you're in the EU/UK, your data may be processed in regions outside the EU/UK (primarily the US, where some of our processors operate). We rely on standard contractual clauses and adequacy decisions to cover those transfers.

8. Children

Donna is not for users under 18. We don't knowingly collect data from children. If you're a parent and think your child used Donna, email us and we'll delete the account.

9. Security

Passwords are hashed. Database access is restricted. We use industry-standard TLS for all traffic. We're not perfect — if we find a security issue, we'll tell affected users promptly. If you find one, email us at dhruvagarwal5018@gmail.com before disclosing it publicly.

10. Changes

When we change this policy, we update the "Last Updated" date at the top. For material changes, we email active users before the change takes effect.

11. Contact

For privacy questions, email dhruvagarwal5018@gmail.com or use our contact page.