ZipRecruiter warns users not to include sensitive personal information such as health data or ethnic origin in their resumes, but does not technically prevent it from being submitted and shared with employers.
This analysis describes what ZipRecruiter's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
If you include sensitive information in your resume, it may be shared with employers and stored in ZipRecruiter's systems even though the company advises against it, as ZipRecruiter does not filter or block such data from submissions.
Interpretive note: The policy does not specify what legal basis applies to sensitive data inadvertently included in resumes, nor what technical measures exist to prevent or flag such submissions, creating ambiguity about the actual processing workflow.
Job seekers who include sensitive data such as health conditions, religious beliefs, or ethnic origin in their resumes risk having that data shared with prospective employers through ZipRecruiter's platform, since the advisory is a recommendation rather than a technical restriction.
Cross-platform context
See how other platforms handle Sensitive Personal Data Advisory and Resume Submissions and similar clauses.
Compare across platforms →Monitoring
ZipRecruiter has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"ZipRecruiter does not require any Sensitive Personal Data about you in order for you to utilize the ZipRecruiter Website. If you are submitting your resume to our database or sharing your resume with a prospective employer directly using a job application feature on the ZipRecruiter Website, please carefully consider the information that is contained within your resume and ensure that you are not providing any sensitive or other information that is not necessary for your job application or job search.— Excerpt from ZipRecruiter's ZipRecruiter Privacy Policy
REGULATORY LANDSCAPE: Under GDPR Article 9 and UK GDPR Article 9, processing of special category data (which corresponds to ZipRecruiter's Sensitive Personal Data definition) requires explicit consent or another specific legal basis. The policy's approach of advising users not to submit sensitive data rather than preventing its collection or establishing a clear legal basis for processing it if submitted may create GDPR Article 9 exposure. Under CCPA/CPRA, sensitive personal information including health data, racial/ethnic origin, and religious beliefs triggers additional consumer rights and use limitations. GOVERNANCE EXPOSURE: High for EEA and UK users. The policy does not establish a GDPR Article 9 legal basis for processing sensitive data that users inadvertently include in resumes, nor does it describe what ZipRecruiter does if such data is detected. This is an operational and legal gap that could attract DPA attention. JURISDICTION FLAGS: EEA and UK users face the highest exposure given strict GDPR Article 9 requirements. California users have CPRA-specific rights regarding sensitive personal information. Australian Privacy Act sensitive information provisions may also apply. The exposure is heightened because the data is submitted to and potentially distributed to multiple employers. CONTRACT AND VENDOR IMPLICATIONS: Employers receiving resumes through ZipRecruiter that contain sensitive personal data become data controllers for that information and bear their own compliance obligations. ZipRecruiter's role as a data processor or controller in that flow depends on the specific arrangement and should be clarified in employer-facing agreements. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether technical or procedural controls can be implemented to flag or filter sensitive data from resume submissions. A clear Article 9 legal basis, or a documented process for handling inadvertently submitted sensitive data, should be established for EEA operations. CPRA-specific sensitive data policies and use limitation disclosures should be reviewed for California compliance.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
If you include sensitive information in your resume, it may be shared with employers and stored in ZipRecruiter's systems even though the company advises against it, as ZipRecruiter does not filter or block such data from submissions.
Job seekers who include sensitive data such as health conditions, religious beliefs, or ethnic origin in their resumes risk having that data shared with prospective employers through ZipRecruiter's platform, since the advisory is a recommendation rather than a technical restriction.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ZipRecruiter.