WarmPath

Privacy Policy

Last updated: May 2026

What WarmPath does

WarmPath helps you find job opportunities at companies where your contacts work, so you can ask a warm referral instead of applying cold. You provide your contacts; we cross-reference them against live job postings.

Data we access

When you sign in with Google, WarmPath requests read-only access to:

  • Your saved Google Contacts (names, email addresses, phone numbers, organizations)
  • People you have emailed but not saved as contacts ("Other contacts")

This access is strictly read-only. WarmPath cannot modify, delete, or share your contacts.

If you upload a CSV or vCard file instead, only the data in that file is used.

How your data is stored

Your contacts are never stored on our servers.All contact data is held exclusively in your browser's sessionStorage and is automatically erased when you close your browser tab. We have no database of user contacts.

Job search results are also stored only in your browser session for the same duration.

Third-party services

To find open job listings, WarmPath sends employer names (not contact names or emails) to third-party job search APIs. These may include:

  • Brave Search — to locate company career pages
  • Jooble — to find open job listings by employer
  • Apollo.io — to enrich employer information from email addresses

Only company/employer names are shared with these services — never your contacts' personal information.

Draft messages (optional)

If you use the "Draft" feature, the contact's name and the job title are sent to Anthropic's Claude API to generate a personalized outreach message. This data is processed by Anthropic in accordance with their privacy policy. No contact emails or phone numbers are transmitted.

Cookies and analytics

WarmPath does not use cookies for tracking. We do not run any advertising or cross-site analytics. The only local storage we use is sessionStorage (contacts and results, cleared on tab close) and localStorage (a cache of company career page URLs, to speed up repeated searches — contains no personal data).

Revoking access

You can revoke WarmPath's access to your Google account at any time by visiting myaccount.google.com/permissions, finding WarmPath, and clicking Remove access. This immediately revokes all OAuth tokens — no data is retained on our end.

Contact

Questions or concerns? Email us at privacy@pivotalhires.com.