What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR for EEA/UK/Switzerland users, CCPA/CPRA for California residents, the EU-U.S. Data Privacy Framework (and UK Extension and Swiss-U.S. DPF) for transatlantic transfers, and the FTC Act given explicit FTC jurisdiction acknowledgment over DPF compliance. India's Digital Personal Data Protection Act 2023 is not addressed, despite Indian users being covered; this gap may require evaluation as DPDPA implementing rules come into effect. The po…

How does ZipRecruiter's ZipRecruiter Privacy Policy affect users?

Users' personal information—including resumes, application history, browsing activity, and connected account data—is collected and processed for job matching functions and shared with employers and third-party service providers. Users may submit data access, correction, or deletion requests to privacy@ziprecruiter.com, and California residents may exercise additional rights through the designated California Privacy Notice. The policy does not require submission of sensitive personal data catego…

How often is ZipRecruiter's ZipRecruiter Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when ZipRecruiter updates this document?

Yes. Watcher subscribers ($9.99/month) can add ZipRecruiter to their watchlist and receive same-day email alerts whenever this document or any other ZipRecruiter document changes.

CA-D-000292

ZipRecruiter Privacy Policy

ZipRecruiter

Last change detected April 22, 2026 Privacy policy

SHA-256: db452bbcc7a2c0c0dc5… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at ZipRecruiter ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

0 High severity

7 Medium severity

3 Low severity

Summary

This document establishes ZipRecruiter's global privacy policy governing the collection, use, and disclosure of personal information on its job search and recruiting platform. The policy authorizes collection of resumes, job application history, browsing behavior, device identifiers, and data from connected third-party accounts, with authorized uses including AI-driven job matching and sharing with employers, advertising networks, and analytics providers. The document establishes data subject rights including access, correction, and deletion requests, with California residents granted additional rights under the California Consumer Privacy Act.

Technical / Legal Breakdown

This document is ZipRecruiter's Global Privacy Policy (effective August 12, 2025), governing data collection, use, storage, and disclosure across its employment marketplace websites in the U.S., Canada, Australia, New Zealand, India, EEA, UK, and Switzerland, with stated legal bases varying by jurisdiction including consent, contractual necessity, and legitimate interests. The policy states that ZipRecruiter collects Identity Data, Contact Data, Financial Data, Technical Data, Profile Data, Usage Data, and Sensitive Personal Data categories; the terms authorize sharing with third-party employers, analytics providers, advertising networks, affiliated entities within the ZipRecruiter Group, and service providers, and explicitly permit the use of AI and machine learning to match job seekers and employers. The policy operates as a dual-framework document with materially different provisions for EEA/UK/Switzerland users versus U.S./Canada/Australia/New Zealand/India users, reflecting GDPR obligations for the former and a more permissive data use posture for the latter; the terms also authorize collecting data about non-users from third-party sources, which is operationally distinct and may warrant scrutiny under applicable consumer protection frameworks. The policy expressly engages GDPR, the UK GDPR, CCPA/CPRA (with a dedicated California Privacy Notice), the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, with FTC jurisdiction confirmed over DPF compliance; Indian users are covered under the non-EEA section despite the Digital Personal Data Protection Act 2023 coming into force, which may require separate evaluation. Data transfers from EU/UK/Switzerland rely on DPF certification, but given the legal history of EU-U.S. transfer mechanisms, organizations relying on this policy for compliance should monitor DPF stability as a material risk.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

Medium — 7 provisions

AI and Machine Learning Use for Job Matching Compare →

ZipRecruiter uses AI and machine learning algorithms to analyze your profile and job search data to match you with employers and job listings.

Added May 10, 2026 Common Seen across 104 platforms
Non-User Data Collection from Third Parties Compare →

ZipRecruiter may collect your contact and business information from third-party data sources even if you have never signed up for or used ZipRecruiter.

Added May 10, 2026 Standard Seen across 251 platforms
EU-U.S. Data Privacy Framework Certification Compare →

ZipRecruiter has certified under the EU-U.S. Data Privacy Framework, meaning EU, UK, and Swiss users' data can be transferred to the U.S. under this framework, and DPF Principles override the privacy policy if there is a conflict.

Added May 7, 2026 Standard Seen across 262 platforms
Sensitive Personal Data Advisory and Resume Submissions

ZipRecruiter warns users not to include sensitive personal information such as health data or ethnic origin in their resumes, but does not technically prevent it from being submitted and shared with employers.

Added May 10, 2026 Rare
Connected Account Data Access

If you link your ZipRecruiter account to a social media or professional network account such as LinkedIn or Google, ZipRecruiter can access a broad range of information from those accounts including your contacts, timeline, and network data.

Added May 10, 2026 Rare
Third-Party Sharing and Disclosure Compare →

ZipRecruiter receives your browsing and device data from analytics and advertising partners, and may supplement your profile with data bought or obtained from other external sources.

Added May 10, 2026 Standard Seen across 246 platforms
ZipRecruiter as Data Processor for Client Services Compare →

When ZipRecruiter acts as a service provider for an employer client, it processes your data under the employer's instructions, and if you want to access or delete your data, ZipRecruiter will direct you to contact the employer rather than handling your request directly.

Added May 10, 2026 Standard Seen across 189 platforms

Low — 3 provisions

Data Subject Access Rights (Non-EEA Users)

If you refuse to provide required personal data, ZipRecruiter may cancel your access to its services, and by using the services you accept this as a condition.

Added May 10, 2026 Rare
Minors and Children Restriction Compare →

ZipRecruiter maintains a section specifically addressing minors and children, indicating the platform is not intended for use by individuals below a specified age threshold.

Added May 10, 2026 Standard Seen across 262 platforms
De-Identified and Aggregated Data Use Compare →

ZipRecruiter can use data derived from your personal information, once aggregated or de-identified, for any purpose it chooses, since this data is no longer considered personal data under the policy.

Added May 10, 2026 Standard Seen across 189 platforms