Needl logoneedl.
Log in

Privacy Policy

tryneedl.ai

Effective Date: March 20, 2026

Gorberro, LLC (“we,” “us,” or “our”) operates the career platform available at tryneedl.ai (the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service. By accessing or using the Service, you agree to the practices described in this Privacy Policy.

We are committed to protecting your privacy and ensuring transparency about how your data is handled. If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when using the Service, including:

  • Account Information: Name, email address, and authentication credentials when you create an account.
  • Professional Information: Resumes, work history, skills, education, certifications, career goals, and other professional data you upload or provide during coaching sessions.
  • Coaching Session Data: Your responses during AI-guided coaching sessions, including self-discovery exercises (such as the Petal Exercise), mock interview responses, and feedback interactions.
  • Job Application Data: Job descriptions you submit, interview tracking details, recruiter and interviewer contact information, scheduling notes, interview notes including questions and answers, and application status updates.
  • Reference Data: Information provided by professional references you invite to complete AI-guided reference interviews, including their names, professional relationship to you, and interview responses.
  • Payment Information: Billing details processed through Stripe. tryneedl.ai does not directly store your full credit card number or banking information; this data is handled by Stripe in accordance with PCI-DSS standards.
  • API Keys (BYOK Users): If you use the Bring Your Own Key plan, we store your third-party API keys in encrypted vault storage (Supabase Vault) for the sole purpose of enabling AI features on your behalf.
  • Communications: Messages you send to our support team or feedback you provide about the Service.

1.2 Information Collected Automatically

When you access the Service, we may automatically collect:

  • Usage Data: Pages visited, features used, session duration, coaching sessions initiated, and interactions with the Service.
  • Device and Browser Information: IP address, browser type, operating system, device identifiers, and screen resolution.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies for authentication, session management, analytics, and to remember your preferences. See Section 7 (Cookies) for more details.
  • Bot Protection Data: We use reCAPTCHA v3 to protect against automated abuse. This may collect information as described in Google’s Privacy Policy.

1.3 Information Generated by the Service

Through your use of the Service, we generate:

  • AI Persona (“Agent”): A synthesized candidate profile distilled from your coaching sessions, capturing your qualifications, communication style, motivations, and professional identity.
  • Generated Content: Tailored resumes, cover letters, readiness analyses, coaching feedback, and AI agent responses produced from your data.
  • Skills Inventory: Hard and soft skills extracted from your resumes and coaching conversations, as confirmed by you.

2. How We Use Your Information

We use your information for the following purposes:

  • Providing the Service: To deliver AI coaching, generate your persona and AI agent, create tailored application materials, track job applications, and manage references.
  • Personalization: To tailor coaching sessions, readiness analyses, and generated content to your specific profile and target roles.
  • AI Agent Interactions: To enable your shareable AI agent to respond to inquiries from third parties (recruiters, hiring managers) based on your persona and visibility settings.
  • Account Management: To manage your account, process payments, and communicate with you about your subscription.
  • Service Improvement: To analyze usage patterns, diagnose technical issues, and improve the quality and features of the Service. We may use aggregated, de-identified data for this purpose.
  • Security: To detect, prevent, and respond to fraud, abuse, and security incidents.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

We do not sell your personal information. We do not use your User Content or coaching data to train AI models, but the foundational models that we use, provided by Anthropic, OpenAI, or Alphabet may. Here are the privacy policies for Anthropic, OpenAI, and Gemini.

3. How We Share Your Information

We share your information only in the following circumstances:

3.1 At Your Direction

  • AI Agent Access: When you share your AI agent link, third parties who access that link can interact with your agent and receive information based on your configured visibility settings and trust levels. You control what your agent can and cannot disclose.
  • References: Reference data is shared only with parties you authorize through your access-control settings.

3.2 Service Providers

We share information with third-party service providers who process data on our behalf, including:

  • Anthropic: Coaching session data and professional information are processed by Anthropic’s Claude AI models to deliver coaching, persona distillation, and content generation features.
  • OpenAI (BYOK users only): If you provide an OpenAI API key, your data may be processed by OpenAI’s models in accordance with their usage policies.
  • Stripe: Payment and billing data is processed by Stripe for subscription management.
  • Supabase: Account data, User Content, and application data are stored in Supabase infrastructure for authentication, database, and real-time features.
  • Vercel: The Service is hosted on Vercel’s infrastructure.
  • Google (reCAPTCHA): Limited data is shared with Google for bot protection purposes.

3.3 Legal Requirements

We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to comply with a legal obligation, protect our rights or safety, or investigate potential violations of these Terms.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your User Content from active systems within 30 days. We may retain certain information for longer periods as necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

Aggregated or de-identified data that cannot reasonably be used to identify you may be retained indefinitely for analytics and service improvement purposes.

5. Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encrypted storage for sensitive credentials (API keys stored in Supabase Vault)
  • HTTPS encryption for all data in transit
  • Authentication middleware and session management
  • HTTP security headers and Content Security Policy (CSP) protections
  • Bot protection via reCAPTCHA v3
  • Regular security audits

While we strive to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: You may request a copy of the personal information we hold about you.
  • Correction: You may request that we correct inaccurate or incomplete personal information.
  • Deletion: You may request that we delete your personal information. You can also delete your account and data directly through the Service.
  • Export: You may export your data from the Service at any time.
  • Restriction: You may request that we restrict processing of your personal information in certain circumstances.
  • Objection: You may object to our processing of your personal information where we rely on legitimate interests as the legal basis.
  • Withdraw Consent: Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Agent Visibility Controls: You may adjust per-topic visibility settings and trust levels at any time to control what your AI agent shares with third parties.

To exercise any of these rights, please contact us at privacy@tryneedl.ai. We will respond to your request within 30 days, or as required by applicable law.

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for authentication, session management, and core functionality of the Service. These cannot be disabled.
  • Analytics Cookies: Used to understand how users interact with the Service, helping us improve features and performance.
  • Preference Cookies: Used to remember your settings and preferences across sessions.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

8. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States or other jurisdictions where our service providers operate. By using the Service, you consent to such transfers. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

9. Additional Information for EEA and UK Users

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional provisions apply:

  • Legal Basis for Processing: We process your personal data based on: (a) your consent; (b) the necessity of performing our contract with you (providing the Service); (c) our legitimate interests (improving the Service, preventing fraud); or (d) compliance with legal obligations.
  • Data Protection Rights: In addition to the rights listed in Section 6, you have the right to lodge a complaint with your local data protection authority.
  • Data Transfers: When transferring data outside the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

10. Additional Information for California Users

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights, including:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected, the sources from which it was collected, the purposes for collection, and the categories of third parties with whom it was shared.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt Out: We do not sell your personal information. We do not use your personal information for cross-context behavioral advertising.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your CCPA/CPRA rights, contact us at privacy@tryneedl.ai.

11. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@tryneedl.ai.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services (such as LinkedIn profiles stored in contact management). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service you interact with.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the “Effective Date” above. For significant changes, we may also notify you by email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Needl
Email: privacy@tryneedl.ai
General Inquiries: getsupport@tryneedl.ai
Website: https://tryneedl.ai