Privacy Policy

Effective Date: July 2, 2026

Double ("we," "us," or "our") operates the website trydouble.ai and the Double application (collectively, the "Service"). This Privacy Policy describes how we collect, use, store, and share your information when you use our Service.

By using Double, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create a Double account, we collect your name, email address, and authentication credentials. If you sign in using Google or Microsoft, we receive your name, email address, and profile identifier from the identity provider. We also collect profile information you provide such as your work experience, education, skills, and language preferences.

1.2 Resume and Career Data

You may upload resumes, cover letters, and other career-related documents. We store and process this information to power our AI-assisted job application features, including resume optimization, cover letter generation, and automated job applications.

1.3 Job Application Data

When you use Double to apply for jobs, we collect and store information related to your applications, including job listings, application status, interview stages, and responses to application questions.

1.4 Usage and Analytics Data

We automatically collect information about how you interact with our Service, including pages visited, features used, timestamps, device type, browser type, and IP address.

1.5 Payment Information

If you subscribe to a paid plan or purchase credits, payment processing is handled by Stripe. We do not store your full credit card number. We receive and store your Stripe customer ID, subscription status, and transaction history for billing purposes.

1.6 Email Data (via Google Gmail API and Microsoft Outlook API)

Google User Data Disclosure

Double requests access to your Gmail account using the gmail.modify scope, used only on your own mailbox after you connect it and grant consent. Below is a complete description of how Double accesses, uses, stores, and shares your Google user data.

Why this scope: Double both reads your inbox (to track your job applications) and sends email on your behalf (for networking outreach). Read-only access cannot send, and send-only access cannot read, so gmail.modify is the minimal scope that supports both. We do not request full mail.google.com access because we never delete your email.

What we access: After you connect your Gmail account, Double uses this access for two purposes. (a) Application tracking (read): we monitor your inbox for job-application confirmation emails from a known set of Applicant Tracking System ("ATS") sender domains (such as Greenhouse, Lever, Workday, Ashby, iCIMS, Oracle, and Taleo) to automatically track each application's stage, and — where an application requires email confirmation — to locate the verification link or code needed to complete it. (b) Networking (read + send): when you use Double's networking features, Double sends outreach emails from your Gmail on your behalf — drafted by Double's AI or written by you — and reads the replies, so you can manage the conversation inside Double. We do not scan, index, or process the rest of your inbox.

What we extract: For application tracking, we extract only the verification link, confirmation code, or password-reset link needed to complete or track your application. For networking, we process the content of the specific conversations you are managing in Double. We do not read, scan, index, or bulk-process any other emails in your inbox.

How we use this data: Application-tracking data keeps your application statuses current and, when needed, completes an in-progress application on your behalf. Networking data is used to send the outreach you approve and to display and help you manage your replies. We do not use your Google data for any purpose other than the job-search and networking features described above.

How we store this data: We store your Gmail OAuth access and refresh tokens, encrypted, so we can perform these actions when you use the relevant features. For application tracking, verification links and codes are processed in memory and not retained after the application step completes. For networking, we store the messages in the conversations you manage in Double — the outreach you send or draft and the replies you receive — so they remain available in your Double inbox. We store only the conversations you manage through Double, not your general inbox.

How we share this data: We never sell your Gmail data, use it for advertising, or use it to train generalized AI/ML models. We do not share it with third parties except the service providers that operate the feature you are using — for example, when you use AI to draft networking messages, the relevant content is sent to our AI providers solely to generate suggestions for you (see Section 3), consistent with Google's Limited Use requirements. Emails you send through Double are, of course, delivered to the recipients you choose.

Revoking access: You can disconnect your Gmail account from Double at any time through your account settings. You can also revoke access directly from your Google Account permissions page. Upon disconnection, we delete your stored OAuth tokens.

Google API Services Limited Use Disclosure: Double's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide the job-application and networking features described above. We never sell it, share it with third parties for their own purposes, use it for advertising, or use it to train generalized AI/ML models.

If you connect a Microsoft Outlook account instead, Double uses the Mail.Read scope to read ATS verification emails for application tracking, under the same conditions described above. Outlook access is read-only; the networking send-and-reply features are available only for Gmail.

1.7 Connected Accounts and Login Credentials

Some features require Double to log in to a third-party platform on your behalf using a username and password. For those accounts — currently LinkedIn (if you connect it for networking) and the job-application platforms and applicant tracking systems Double applies to on your behalf — Double stores the login credentials you provide. These credentials are stored encrypted at rest, are not displayed back to you after you enter them, and are used solely to authenticate to the relevant platform on your behalf. Accounts you connect through Google or Microsoft use secure access tokens (OAuth) instead of a stored password, as described in Section 1.6. You can disconnect a connected account or remove a stored password at any time in your settings, which deletes the stored credential. Because these credentials can grant access to your third-party accounts, we treat them as sensitive information (see Section 6, Data Security).

1.8 Information We Collect from Public Sources

To build our job and company database and power networking features, Double collects publicly available professional and business-contact information from public sources and third-party data providers. This may include information about individuals who are not Double users (for example, professionals and hiring contacts at companies). If you believe we hold information about you from a public source and want it removed, email privacy@trydouble.ai.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve the Service, including to process and submit job applications on your behalf, generate and optimize resumes and cover letters using AI, provide career research and intelligence features, process payments and manage your subscription, communicate with you about your account and the Service, detect and prevent fraud, abuse, or security incidents, and comply with legal obligations.

3. AI and Data Processing

Double uses artificial intelligence to power core features such as resume optimization, cover letter generation, job matching, and career guidance. Your career data (resume content, job preferences, application history) may be processed by third-party AI providers to generate responses and recommendations. We access these models both directly (Anthropic, OpenAI, and Google) and through OpenRouter, an AI routing provider that gives us access to a broader set of models, including open-weight models such as Qwen. We send only the minimum data necessary for each AI task. We do not use your data to train AI models, and we configure our AI providers — including OpenRouter's setting that disables training on prompts — so that they do not train on your data either.

When you use automated applications, the data processed may include your application answers and any demographic or voluntary self-identification (EEO) information you provide, used solely to complete the applications you direct us to submit.

Your ATS verification emails are processed only on our own servers to extract verification links and codes, and are never sent to AI model providers. When you use AI to help draft or manage your networking emails, the relevant conversation content is sent to our AI providers (directly or through OpenRouter) solely to generate suggestions for you. We never use your Gmail data to train AI or machine-learning models, and we configure our AI providers so that they do not train on it either. We never sell your Gmail data, share it with third parties for their own purposes, or use it for advertising.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

5. Data Retention

We keep personal information only as long as needed for the purposes described in this policy:

We may retain some information longer where required for legal, compliance, or fraud-prevention purposes.

6. Data Security

We implement industry-standard security measures to protect your data, including encrypted data transmission (TLS/HTTPS), encrypted storage of OAuth tokens and sensitive credentials, secure HTTP-only cookies for authentication, rate limiting and abuse prevention, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

If a security incident affects your personal information, we will notify you and any regulators as required by applicable law.

7. Your Rights and Choices

Depending on where you live, you have rights over your personal information. To exercise any of them, email privacy@trydouble.ai; we will verify your request and respond within 45 days (extendable by another 45 days with notice).

California Privacy Rights (CCPA/CPRA). California residents have the right to: know the categories and specific pieces of personal information we collect; delete it; correct it; opt out of the sale or sharing of personal information; limit the use of sensitive personal information; and not be discriminated against for exercising these rights. You may appeal a denied request by replying to our response. We do not sell or share your personal information (as "sell" and "share" are defined under the CCPA/CPRA, including sharing for cross-context behavioral advertising), and we treat Global Privacy Control (GPC) browser signals as a valid opt-out.

Sensitive personal information. We store certain sensitive personal information — your connected-account login credentials, the content of networking email conversations you manage in Double, and any demographic or EEO information you provide — and use it only to operate the features you request. To ask us to limit its use (including in product analytics), email privacy@trydouble.ai.

Other U.S. states. Residents of states with comprehensive privacy laws (including Colorado, Connecticut, Virginia, Utah, and Texas) have similar rights to access, delete, correct, opt out, and appeal. Contact us at the email above.

8. Cookies and Tracking

Double uses cookies and similar technologies for two purposes. Essential cookies (including HTTP-only secure cookies) are required for sign-in and core functionality. Product analytics are provided by PostHog: it uses cookies, automatically captures product interactions, and records session replays — recordings of your on-screen activity, including text you type into the product such as resume and cover-letter content, chat messages, and application answers. Password fields are masked from these recordings; other content may be visible to our team to help us improve the product. Your analytics identity is shared across trydouble.ai and app.trydouble.ai so a session is recognized on both. We do not use advertising cookies and do not sell your data to advertisers. To ask us to limit the use of your sensitive information in analytics, email privacy@trydouble.ai (see Section 7).

9. Children's Privacy

Double is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place for international transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Double
Email: legal@trydouble.ai
Website: https://trydouble.ai