Privacy Policy
Last updated: 8 May 2026. Effective date: 8 May 2026.
This Privacy Policy explains how Scout The Corgi LLC (“Scout”, “we”, “us”) collects, uses, shares, and protects your personal data when you use our service at heyscout.me, scout-the-corgi.com, or related applications (the “Service”).
We are committed to protecting your privacy and handling your data transparently. This policy is written to be readable; defined legal terms are kept to a minimum.
1. Who we are
Data Controller: Scout The Corgi LLC, a limited liability company incorporated in the State of Tennessee, United States.
- Registered address: 217 6th Ave N STE 43832, Nashville, TN 37219, United States
- Contact: hey@scout-the-corgi.com
- Tennessee Filing Number: 002096430
- EU VAT Registration (OSS): EU372097451
EU/EEA Representative (GDPR Article 27)
For users in the European Union and European Economic Area, our appointed Representative under Article 27 of the General Data Protection Regulation is:
DataRep77 Camden Street Lower
Dublin, D02 XE80, Ireland
Email available via online form at: https://www.datarep.com/data-request
You may contact DataRep regarding the processing of your personal data. You may also contact your local data protection supervisory authority.
UK Representative (UK GDPR Article 27)
For users in the United Kingdom, our appointed UK Representative is the same DataRep entity above, acting in capacity as our UK GDPR Representative.
EU Digital Services Act Representative
For matters relating to our service under the EU Digital Services Act, our appointed Legal Representative is:
Data Protection Representative Limited (trading as DataRep)The Cube, Monahan Road
Cork, T12 H1XY, Republic of Ireland
Email: digitalrequest@datarep.com
Telephone: +353 (1) 919 8899
2. What data we collect
Data you provide to us
- Account information: name, email address, password (hashed)
- Profile information: resume content, work history, education, skills, preferences
- Application data: cover letters, application history, employer interactions
- Communications: chat messages with Scout, voice commands, customer support inquiries
- Payment information: handled by Stripe; we do not store full payment card details
Data generated through your use of Scout
- Usage data: roles viewed, applications saved, documents generated, features used
- Behavioral signals: dwell time, scroll depth, regeneration patterns, edit diffs (used to personalize Scout for you)
- Device and connection data: IP address, browser type, device type, language settings
Data we receive from third parties
- Job listings: from TheirStack (publicly available job posting data)
- Authentication: from Google, LinkedIn, or GitHub if you sign in via those providers (limited to email and name)
Special category personal data (GDPR Article 9)
You may voluntarily disclose special category data through your resume, cover letters, or conversations with Scout. This includes information that may reveal:
- Health conditions, disabilities, or medical context (e.g., “I need flexible hours due to a chronic condition”)
- Religious beliefs (e.g., volunteer work at a religious organization)
- Racial or ethnic origin (e.g., language certifications, cultural organization membership)
- Sexual orientation
- Political opinions
- Trade union membership
We do not actively solicit special category data, but we recognize that resumes, cover letters, and chat with Scout often contain such information.
We process this data on the basis of your explicit consent(GDPR Article 9(2)(a)), captured during onboarding. We do not use special category data for profiling against protected attributes. You can revoke this consent at any time in Settings → Privacy.
3. How we use your data
To provide the Service
- Score job roles against your profile
- Generate personalized resumes and cover letters
- Fill out job application forms on your behalf
- Provide chat assistance and interview preparation
- Maintain your account and process payments
To personalize Scout for you
- Learn your preferences from your behavior
- Improve role recommendations through Discovery feature
- Adapt document tone and style to your voice
- Surface roles that users with similar profiles have engaged with (cohort learning, see Section 4)
To operate and improve the Service
- Detect and prevent abuse, fraud, or technical issues
- Analyze aggregate usage patterns to improve features
- Communicate service updates and security notices
To comply with legal obligations
- Respond to lawful requests from authorities
- Comply with EU VAT, US tax, and other applicable obligations
Lawful bases for processing (GDPR)
| Processing purpose | Lawful basis |
|---|---|
| Providing the Service you signed up for | Article 6(1)(b): performance of a contract |
| Personalization based on behavior | Article 6(1)(f): legitimate interests, balanced against your rights |
| Cohort learning (aggregate signals) | Article 6(1)(f): legitimate interests, with a right to object |
| Special category data processing | Article 9(2)(a): explicit consent |
| Marketing emails | Article 6(1)(a): consent |
| Compliance with EU VAT and other legal obligations | Article 6(1)(c): legal obligation |
4. Cohort learning and aggregate signals
Scout improves over time by learning from how users like you use the Service. We do this in two ways:
Per-user personalization
Your individual behavior shapes what Scout shows you. Over time, Scout adapts to your preferences, communication style, and what matters most in your search.
Cohort learning (cross-user aggregate)
Users with similar profiles cluster into anonymized cohorts. When users in your cohort engage with certain roles, those roles may be surfaced to you. Your individual data is never shared with other users. Only aggregate patterns are computed.
You can opt out of contributing your behavior to cohort signals at any time in Settings → Privacy → Personalization. Opting out does not affect your ability to receive recommendations based on your own behavior.
We do not use aggregate signals to infer or store information about protected attributes (race, religion, health, sexual orientation, political beliefs). Our personalization engine includes guardrails to prevent this.
5. Who we share your data with
We share your data only with the following categories of recipients, and only as necessary to operate the Service:
Service providers (subprocessors)
| Subprocessor | Purpose | Region |
|---|---|---|
| Anthropic, PBC | LLM inference (Claude models) | United States, under EU Data Processing Agreement |
| OpenAI, LLC | LLM inference (GPT models), embeddings | United States, under EU Data Processing Agreement |
| Amazon Web Services | Hosting, database, storage | EU region (Ireland or Frankfurt) |
| Stripe, Inc. | Payment processing, tax calculation | United States, under EU DPA |
| TheirStack | Job listing ingestion (no user data sent) | United States |
| Resend | Transactional email delivery (invites, digests, account notices) | United States, under EU Data Processing Agreement |
| Sentry (Functional Software, Inc.) | Error tracking (Art. 6(1)(f) legitimate interests). User id + error context; session replay disabled | United States, under EU Data Processing Agreement |
| DataRep (Data Protection Representative Limited) | EU representative services | Ireland |
Other recipients
- Authorities when legally required (subpoena, court order, regulatory request)
- Acquirers in the event of a merger, acquisition, or sale of Scout (you would be notified)
- You and people you authorize when you choose to share generated documents
We do not sell your personal data. We do not share your personal data with advertisers.
International data transfers
Some of our subprocessors are located in the United States. When we transfer your personal data outside the EU/EEA or UK, we rely on:
- The data privacy framework between the EU and US where applicable
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
6. How long we keep your data
| Data category | Retention period |
|---|---|
| Account information | Until you delete your account, plus 30 days |
| Profile and resume content | Until you delete your account, plus 30 days |
| Generated documents (resumes, cover letters) | Until you delete them, or until account deletion |
| Behavioral signals | 90 days, then aggregated and anonymized |
| Chat conversations | Until you delete them, or 12 months from creation |
| Payment records | 7 years (legal requirement) |
| OSS VAT records | 10 years (legal requirement) |
| Anonymized analytics | Indefinitely |
After account deletion, your data is queued for deletion and removed within 30 days, except where retention is legally required (payment records, VAT records).
7. Your rights
If you are in the EU, EEA, or UK, you have the following rights under GDPR / UK GDPR:
- Right of access (Article 15): get a copy of the personal data we hold about you
- Right to rectification (Article 16): correct inaccurate data
- Right to erasure (Article 17): request deletion of your data
- Right to restriction (Article 18): limit how we process your data
- Right to data portability (Article 20): receive your data in a machine-readable format
- Right to object (Article 21): object to processing based on legitimate interests, including cohort learning
- Right to withdraw consent (Article 7): for processing based on consent, including special category data
You can exercise most of these rights directly in Settings → Privacy:
- Download your data (“Download my data”)
- Delete your behavioral profile (“Forget what you know about me”)
- Delete your account (“Delete my account”)
- Withdraw special category data consent
- Opt out of cohort learning
For any other request, contact us at hey@scout-the-corgi.com or contact our EU Representative DataRep at the address in Section 1.
You also have the right to lodge a complaint with your local data protection supervisory authority. In Ireland, this is the Data Protection Commission (https://www.dataprotection.ie). In Spain, this is the Agencia Española de Protección de Datos (https://www.aepd.es). Other EU member states have equivalent authorities.
8. Security
We implement industry standard security measures including:
- Encryption in transit (TLS 1.3)
- Encryption at rest using AES with 256 bit keys
- Access controls and authentication for staff
- Regular security audits
- Incident response procedures
No system is completely secure. If we become aware of a personal data breach affecting you, we will notify you and the relevant supervisory authority within 72 hours where required by law.
9. Children
Scout is not intended for users under 16 years of age (or the relevant age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at hey@scout-the-corgi.com and we will delete it.
10. Cookies and tracking
We use cookies and similar technologies as described in our Cookie Policy. A cookie preferences banner is launching shortly; until then, only strictly necessary cookies (login, security, CSRF) are set by Scout. Once the banner is live you will be able to manage your preferences from the footer or in Settings → Privacy → Cookies.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice at least 30 days before they take effect. The “Last updated” date at the top reflects the most recent version.
12. Contact
For questions about this policy or your personal data:
Scout (Data Controller)
hey@scout-the-corgi.com
EU/UK Representative (DataRep)
For requests under GDPR or UK GDPR
https://www.datarep.com/data-request
EU Digital Services Act Representative (DataRep)
digitalrequest@datarep.com
This Privacy Policy is provided in English. If translations are made available, the English version is the authoritative version.