Crosslinked Back to jobs

Privacy Policy

Effective: March 9, 2026

Crosslinked is a one-person project built by Brenden Ferland, a materials science PhD student at UConn. This policy explains exactly what data we collect, why, and what happens to it. No legalese, no surprises.

1. What We Collect

Account information. When you create an account, we collect your email address and (if you use a password) a hashed version of your password. If you sign in with Google or LinkedIn, we receive your name, email address, and profile picture from that provider. We do not receive or store your password.

Profile information. During onboarding and profile editing, you may provide:

  • Highest degree and years of experience
  • Materials you work with (e.g., PEEK, epoxy, natural rubber)
  • Techniques and instruments you use (e.g., DSC, rheometry, SEM)
  • Preferred role type, work setting, and locations
  • Target salary range
  • Work authorization status and relocation preference
  • Professional headline and job search status
  • Professional memberships

All profile fields are optional. You can skip any question during onboarding.

Saved searches and alerts. If you save a search, we store the filter criteria (keywords, materials, location, salary range, etc.) and your alert preference (daily or weekly). We log which jobs have been included in your alerts to avoid sending duplicates.

Email-only subscriptions. If you enter your email in a subscribe form without creating an account, we store your email address and which form you used. That's it.

Saved jobs. Job bookmarks are stored in your browser's local storage. They are never sent to our servers.

Analytics data. We use PostHog for analytics (see Section 4). For anonymous visitors, this includes page views, browser type, and general session data. If you are logged in, we link this to your account so we can improve the product.

2. How We Use Your Data

  • Job matching. Your profile data (degree, materials, techniques, salary range, etc.) is used to calculate match scores on job listings and personalize your feed.
  • Email alerts. We use your saved search criteria and email address to send you new job matches at the frequency you choose.
  • Product improvement. We use analytics data to understand how the site is used so we can make it better.
  • Account security. We use your email to send transactional messages (sign-in links, password resets).

We do not use your data for advertising. We do not sell your data.

3. Profile Visibility

Your profile has three visibility settings:

SettingWho can see your profile
Private (default)Only you. No one else can see any of your profile data.
DiscoverableYour profile may appear in employer search results. Employers can see your degree, experience, materials, techniques, role preferences, work authorization, and salary range.
PublicYour full profile is visible to other users, including your professional headline and all fields you have filled in.

You can change your visibility setting at any time. New accounts default to Private. We will never change your visibility without your explicit action.

Note: Employer-facing search is not yet available. When it launches, only users who have opted into Discoverable or Public visibility will appear. We will notify existing users before enabling employer access.

4. Third-Party Services

We use a small number of third-party services to operate Crosslinked:

ServicePurposeWhat they receive
SupabaseDatabase, authenticationAll account and profile data
CloudflareHosting, CDNHTTP requests (IP addresses, URLs) as part of normal web serving
ResendEmail deliveryYour email address and the content of alert/digest emails (job listings only, no profile data)
PostHogProduct analyticsPage views, session data; your user ID and email if logged in. Not loaded for visitors in the EU/EEA.
Google / LinkedInSign-in (if you choose)Standard OAuth exchange; we receive your name, email, and profile picture

We may use anonymized or aggregated data to improve our services, including job classification and matching.

5. Cookies and Local Storage

Crosslinked does not set cookies directly. However:

  • PostHog sets first-party analytics cookies for session tracking.
  • Cloudflare may set infrastructure cookies for security and performance.
  • Supabase stores your authentication session in your browser's local storage (not cookies).
  • Saved jobs and UI preferences are stored in local storage.

6. Email Communications

We send the following emails:

  • Transactional: Sign-in magic links, password reset links. Sent only when you request them.
  • Job alerts: New job matches based on your saved searches. Sent daily or weekly per your preference. You can pause or delete any saved search from the My Alerts page to stop these.
  • Weekly digest: A summary of the job market sent on Mondays if you have any active saved search.

To stop all alert emails, delete your saved searches in the app or email alerts@crosslinked.io and we will unsubscribe you.

7. Data Security

Your data is stored in a secure, managed database with access controls that restrict data to your own account. Authentication tokens are encrypted. Passwords are hashed and never stored in plain text. All connections use HTTPS/TLS.

That said, no system is perfectly secure. We're a small project, not a bank. We take reasonable precautions but cannot guarantee absolute security.

8. Data Retention and Deletion

Account deletion: If you delete your account, all your data is permanently removed: your profile, saved searches, alert history, and any other records tied to your account.

What persists after deletion:

  • Analytics data in PostHog may retain your historical session data. We can request its deletion from PostHog on your behalf.
  • If you submitted your email via a subscribe form without creating an account, that email is stored separately and must be deleted by request.
  • Saved jobs in your browser's local storage are not affected by account deletion (they're only in your browser).

To request account deletion, email brenden@crosslinked.io. We will process deletion requests within 7 days.

9. Your Rights

You have the right to:

  • Access your data. Your profile and saved searches are visible in the app. For a full data export, email us.
  • Correct your data. Edit your profile at any time.
  • Delete your data. See Section 8.
  • Object to processing. You can set your profile to Private and delete saved searches to stop all non-essential data processing.
  • Withdraw consent for analytics by using a browser tracker blocker.

If you are in the EU/EEA, you have additional rights under GDPR. If you are in California, you have rights under CCPA. We will honor all valid requests regardless of where you live. Email brenden@crosslinked.io.

10. Children

Crosslinked is designed for working professionals and students in higher education. We do not knowingly collect data from anyone under 16. If you believe a minor has created an account, please contact us and we will delete it.

11. Changes to This Policy

If we make material changes to this policy, we will notify registered users by email and update this page with a new effective date. We will not retroactively reduce your privacy protections without your consent.

12. Contact

Crosslinked is operated by Brenden Ferland.
Email: brenden@crosslinked.io
Website: crosslinked.io