Terms of Service & Privacy Policy

To use Rook, you must create an account by providing a valid email address or signing in through Google OAuth. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must be at least 18 years of age to use the Service.

You agree to provide accurate, current, and complete information during registration and to update such information to keep it accurate.

You agree to use the Service only for lawful purposes and in compliance with all applicable laws and regulations, including but not limited to:

• Anti-spam laws (CAN-SPAM Act, GDPR, CASL) when sending outreach emails or SMS messages through the platform
• Employment and labor laws in your jurisdiction
• Data protection and privacy regulations applicable to candidate and client data you process
• The terms of service of third-party providers integrated with Rook (Gmail, Apollo, People Data Labs, Linq)

You may not use the Service to send unsolicited bulk messages, harvest personal data for unauthorized purposes, or engage in any activity that could damage, disable, or impair the Service.

You own your data. All data you input into Rook — including candidate profiles, client information, job listings, notes, outreach content, pipeline data, placement records, and any other information you create or upload — remains your property. Rook claims no ownership over your data.

Rook has no visibility into your data. Your recruiting data is private to your account. Rook does not access, review, monitor, sell, share, or use your data for any purpose other than providing the Service to you. We do not use your data to train AI models, build recruiting databases, or derive commercial value from your information.

Data isolation. Your data is stored in a secure, isolated environment with Row Level Security (RLS) enforced at the database level. No other user can access your data, and Rook employees do not have routine access to user data.

Data portability. You may export your data at any time. Upon account deletion, all of your data will be permanently removed from our systems within 30 days.

Rook offers a free tier and a paid Pro tier. The features available under each tier are described on the Rook website and may change from time to time. If you subscribe to the Pro plan:

• You agree to pay the applicable subscription fees as listed at the time of purchase
• Subscriptions renew automatically at the end of each billing cycle unless cancelled
• You may cancel your subscription at any time; cancellation takes effect at the end of the current billing period
• Refunds are handled on a case-by-case basis at our discretion

We reserve the right to modify pricing with 30 days' prior notice to active subscribers.

Rook integrates with third-party services including but not limited to Google Gmail, Apollo.io, People Data Labs, Linq, and Anthropic (Claude AI). Your use of these integrations is subject to the terms and policies of each respective provider. Rook is not responsible for the availability, accuracy, or actions of third-party services.

When you connect third-party accounts (e.g., Gmail OAuth), Rook accesses only the data necessary to provide the requested functionality (e.g., sending and reading emails). Rook does not store the content of your emails beyond what is necessary for outreach tracking.

Rook uses AI (powered by Anthropic's Claude API) for features such as candidate fit scoring and call note enhancement. AI-generated outputs are provided as suggestions and should not be relied upon as the sole basis for hiring decisions. You are responsible for reviewing and validating all AI-generated content before acting on it.

Rook does not use your data to train or fine-tune AI models. Your data is sent to the AI provider only for real-time processing of the specific feature you invoke, and is not retained by the AI provider beyond the immediate request.

Rook provides email outreach tools including sequence automation and open tracking. You are responsible for ensuring your email outreach complies with CAN-SPAM, GDPR, and other applicable regulations. This includes providing a way for recipients to opt out and honoring opt-out requests promptly.

Open tracking uses a standard tracking pixel. Recipients are not individually notified of tracking; you are responsible for including any required disclosures in your communications.

To the maximum extent permitted by law, Rook HQ shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or business opportunities, arising from your use of or inability to use the Service.

Our total liability for any claim arising from or related to these Terms shall not exceed the amount you paid to us in the twelve (12) months preceding the claim.

The Service is provided “as is” and “as available” without warranties of any kind, either express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the Service will be uninterrupted, error-free, or secure.

Rook does not access, view, sell, share, or monetize your data. Your recruiting data — candidates, clients, jobs, pipelines, notes, emails, placements — is yours and yours alone. We have designed our infrastructure so that Rook has no visibility into user data during normal operations.

We do not:

• View, read, or monitor your candidate or client data
• Sell or share your data with third parties for their own purposes
• Use your data to train AI models or build aggregate databases
• Access your data for marketing, analytics, or business intelligence purposes
• Provide your data to advertisers or data brokers

Account information: When you create an account, we collect your email address, name (if provided), and profile picture (if using Google OAuth). This information is used solely for authentication and account management.

Subscription and billing information: If you subscribe to a paid plan, payment processing is handled by our payment processor (Stripe). We do not store credit card numbers. We receive only the information necessary to manage your subscription (plan type, billing status, transaction IDs).

Usage metadata: We collect basic technical data such as login timestamps, feature usage counts (not content), browser type, and IP addresses. This data is used for security, performance monitoring, and improving the Service. It does not include any of your recruiting data.

Third-party authentication: If you connect Gmail, we store OAuth tokens necessary to send and read emails on your behalf. We do not store the content of your emails. If you connect SMS via Linq, we store the API credentials necessary to send messages.

All recruiting data you enter into Rook — including candidate information, client details, job listings, notes, outreach content, scores, call notes, and placement records — is stored in a secure database with Row Level Security (RLS). This means:

• Your data is cryptographically isolated from other users at the database level
• No other Rook user can access your data, regardless of their role or plan
• Rook employees do not have routine access to your data
• Database access for troubleshooting requires explicit authorization and is logged

Your recruiting data is processed only to provide the features you use. For example, when you invoke AI scoring, the relevant candidate and job data is sent to the AI provider (Anthropic) for real-time processing and is not retained by the provider.

We use the information we collect only to:

• Provide and operate the Service
• Authenticate your identity and manage your account
• Process subscription payments
• Send transactional emails (account verification, password resets, billing receipts)
• Monitor and improve the performance and security of the Service
• Respond to your support requests

We do not use your information for targeted advertising, user profiling, or any purpose unrelated to providing the Service.

Rook integrates with the following third-party services. Your data is shared with these services only when you actively use the corresponding feature:

• Google Gmail API: Sending and reading emails when you connect your Gmail account
• Apollo.io: Searching for candidate and company data when you use the sourcing feature
• People Data Labs: Candidate data enrichment when you use the sourcing feature
• Anthropic (Claude AI): Processing candidate scoring and call note enhancement
• Linq: Sending SMS/iMessage when you use the text messaging feature
• Stripe: Processing subscription payments
• Supabase: Database hosting and authentication
• Vercel: Application hosting

Each of these providers has their own privacy policy. We recommend reviewing them. We only share the minimum data necessary for each integration to function.

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS/HTTPS) for all data transmitted between your browser and our servers
• Row Level Security (RLS) at the database level to enforce data isolation between users
• Secure storage of authentication tokens and API credentials
• Regular security updates to our application dependencies
• Hosting on Vercel and Supabase, which maintain SOC 2 compliance

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

We retain your data for as long as your account is active. When you delete your account:

• All recruiting data (candidates, clients, jobs, pipelines, notes, placements) is permanently deleted within 30 days
• Account information (email, name) is removed from our authentication system
• Third-party OAuth tokens (Gmail, Linq) are revoked and deleted
• Backup copies, if any, are purged within 90 days

You may request data deletion at any time by contacting support@rookhq.com.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Portability: Request your data in a machine-readable format
• Opt-out: Opt out of non-essential communications

To exercise any of these rights, contact us at support@rookhq.com. We will respond within 30 days.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@rookhq.com

Rook HQ