Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

LinkedIn Profile URLs. When you submit a LinkedIn URL, we access publicly available information on that profile page (name, headline, job history, education, skills, certifications, languages, awards, and profile photo URL) to generate your doom analysis. We use multiple retrieval strategies (including standard HTTP requests with various user-agent headers) to obtain this publicly accessible data.

Pasted Profile Text. If automatic retrieval fails, you may paste LinkedIn profile text manually. We process this text the same way as automatically retrieved data.

CV / Resume Uploads. If you upload a PDF resume, we extract the text content in memory to generate your doom analysis. The original PDF file is not written to persistent storage. Only the extracted text (up to 10,000 characters) is stored alongside your analysis record.

Free-Text Input. You may type a company name, job title, industry, country, or organization name for analysis. We store the text you submit (up to 10,000 characters) alongside your analysis results.

Email Address. If you subscribe to the Doom Newsletter, we collect and store your email address. Subscription is entirely optional and is not required to use the Service.

1.2 Information Collected via LinkedIn Sign-In

If you choose to sign in with LinkedIn (OAuth / OpenID Connect), LinkedIn shares the following with us: your name, email address, profile picture URL, and LinkedIn user identifier (sub). We store this information in an encrypted JSON Web Token (JWT) session cookie on your device. We also store the OAuth access token in the JWT so we can call LinkedIn's userinfo endpoint on your behalf to retrieve your basic profile data. The access token is never exposed to client-side code or stored in our database.

1.3 Information We Generate

Doom Analysis Results. When you submit data, we generate and store: a numerical doom score (0–100), a category label, a tagline, a summary, skills-at-risk and skills-that-save-you breakdowns, a years-until-doom estimate, career pivot suggestions or survival guide tips, and an industry classification. This information is stored in our database and accessible via your unique results URL.

Percentile Ranking. We calculate your doom score's percentile rank relative to all other analyses. This aggregate statistic is displayed on your results page and does not expose other users' data.

Profile Metadata. For LinkedIn-based analyses, we may store the profile name and profile image URL alongside your analysis for display on the results page, the public doom page, the leaderboard, and in dynamically generated social sharing images (Open Graph).

1.4 Information Collected Automatically

Analytics. We use Plausible Analytics, a privacy-focused, cookie-free analytics service. Plausible does not use cookies, does not collect personal data, and does not track users across sites. It collects aggregate page-view counts, referral sources, browser types, and country-level location data. No personal identifiers are transmitted to Plausible. For more information, see Plausible's Data Policy.

Server Logs. Our hosting provider (Railway) may automatically collect standard server logs including your IP address, browser type, operating system, referring URLs, pages visited, and timestamps. This data is used for operational purposes such as debugging, security monitoring, and understanding aggregate usage patterns.

Cookies. The Service uses essential cookies only: (a) a session cookie if you sign in with LinkedIn (encrypted JWT containing your name, email, and profile picture from LinkedIn); and (b) any cookies required by our hosting infrastructure. We do not use advertising cookies, third-party tracking cookies, or marketing pixels.

Rate Limiting. We track request counts per IP address in server memory to enforce rate limits and prevent abuse. This data is ephemeral and is not written to persistent storage.

2. How We Use Your Information

We use the information we collect to:

• Generate and display your doom analysis results
• Create shareable results pages and dynamic social sharing images (Open Graph)
• Display your analysis on the public leaderboard (ranked by doom score)
• Calculate and display your percentile ranking relative to other analyses
• Enable the Doom Challenge feature, letting users share analyses with friends
• Send you the Doom Newsletter if you subscribe
• Display aggregated, anonymized data on the AI Job Losses tracker
• Monitor aggregate site usage via Plausible Analytics (no personal data)
• Enforce rate limits and prevent abuse of the Service
• Monitor, maintain, and improve the Service
• Detect and prevent abuse, fraud, or technical issues
• Comply with legal obligations

3. Public Visibility of Analyses

Results Pages. Each doom analysis generates a unique URL. Anyone with that URL can view the full results, including score, category, tagline, summary, profile name, and profile photo (if available).

Leaderboard. The top doom scores are displayed on the public leaderboard page. This includes the profile name (or “Anonymous” if no name is available), doom score, category, tagline, and entity type. By generating an analysis, you acknowledge that your results may appear on the leaderboard.

Social Sharing Images. We dynamically generate Open Graph images for each analysis that include the doom score, profile name, and category. These images appear when results are shared on social media platforms.

4. Third-Party Services and Data Sharing

4.1 Anthropic (Claude AI)

Your submitted profile text, CV text, or free-text input is sent to Anthropic's Claude API to generate the doom analysis. Data is transmitted securely over HTTPS. Per Anthropic's commercial API terms, data sent through the API is not used to train their models. See Anthropic's Privacy Policy and API Terms.

4.2 LinkedIn

When you submit a LinkedIn URL, we access the publicly available content of that profile page. If you sign in with LinkedIn, we receive basic identity data through LinkedIn's OpenID Connect flow and may call LinkedIn's userinfo API using your authorized access token for your own profile data only. We are not affiliated with, endorsed by, or officially connected to LinkedIn or Microsoft in any way.

4.3 Plausible Analytics

We use Plausible Analytics for privacy-friendly website analytics. Plausible is hosted in the EU, does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR. No personal identifiers are shared with Plausible.

4.4 Hosting and Infrastructure

The Service is hosted on Railway. Your data is stored in a PostgreSQL database managed by Railway. Railway's infrastructure and data handling practices are governed by their own Privacy Policy.

4.5 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing, advertising, or any other purpose. We do not share your data with any parties other than those described in this section.

5. Data Retention

Analysis Results. Doom analysis results are stored indefinitely so that shared result links remain accessible. We may periodically delete analyses older than 12 months.

Email Addresses. Subscriber email addresses are retained until you unsubscribe or request deletion.

Uploaded Files. PDF/CV files are processed in memory only and are never written to persistent storage. Only the extracted text (up to 10,000 characters) is stored as part of the analysis record.

LinkedIn Profile Data. We do not store raw LinkedIn HTML. Only the extracted text sent to the AI model and the resulting analysis are retained. LinkedIn OAuth session data (name, email, picture) is stored in an encrypted cookie on your device and is not persisted in our database.

Rate Limit Data. IP-based rate limit counters are stored in server memory only and are cleared when the server restarts. They are never written to permanent storage.

6. Data Security

We implement industry-standard security measures including: HTTPS (TLS) encryption for all data in transit; secure, HTTP-only session cookies with encryption; environment-variable based secret management (no hardcoded credentials); input validation and sanitization on all API endpoints; SSRF protection on URL inputs; Content Security Policy (CSP) headers; rate limiting per IP address on all API routes; and strict CORS configuration. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (“right to be forgotten”)
• Object to or restrict processing of your data
• Port your data to another service
• Withdraw consent at any time (for example, unsubscribing from emails)

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

8. International Data Transfers

The Service is operated from servers that may be located in the United States or other countries. If you access the Service from outside the United States, your data may be transferred to and processed in jurisdictions with different data protection laws than your own. By using the Service, you consent to such transfers. We rely on standard contractual clauses and other appropriate safeguards where required.

9. Children's Privacy

The Service is not directed at anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.

10. Third-Party Links

The Service may contain links to external websites (including LinkedIn profiles, Anthropic's website, and social sharing platforms). We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Additional Information for EEA Users (GDPR)

If you are located in the European Economic Area, the legal bases for processing your personal data are:

• Consent — when you voluntarily submit data for analysis, sign in with LinkedIn, or subscribe to emails
• Legitimate interest — to operate, maintain, secure, and improve the Service, enforce rate limits, and prevent abuse
• Legal obligation — when required by applicable law

You have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully. Our analytics provider (Plausible) is hosted in the EU and does not transfer personal data outside the EEA.

13. Additional Information for California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and the California Privacy Rights Act, California residents have the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate information, and the right to opt out of the sale or sharing of personal information. As stated above, we do not sell or share your personal information for cross-context behavioral advertising. To submit a verifiable consumer request, contact us at the address below.

14. Additional Information for UK Users

If you are located in the United Kingdom, your data is protected under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. You have the same rights as described in Section 7 above, and you may lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been processed unlawfully.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

contact@doomed.com

Reflective Investments L.L.C-FZ

Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.