English
中文(繁體)
中文(简体)
Tiếng Việt
Bahasa Indonesia
日本語Powered by AI
Jobs
Job Search
Explore available job openings across industries and locations.
Search by Profession
Bio, MedicalConstructionCustomer ServiceDesignEducationEngineeringFinanceCatering / Food & BeverageGame ProductionHRITLaw
 
Logistics / TradeManagement / BusinessManufacturingMarketing / AdvertisingMarketing / CommunicationsMedia / CommunicationPublic Social WorkSalesOther
Companies
Company Search
Find your dream jobs categorized by company names.
Popular Companies
 
 
Tools
Getting Started
AI Resume BuilderNEW
Create your job-winning resume using our AI resume builder.
AI Resume CheckerNEW
Optimize your resume to match job descriptions and pass ATS screening.
Portfolio Maker
Create a professional portfolio to highlight your skills and projects.
Discover
Cake Meet
Meet professionals from various fields and expand your career network!
What Cake R U? Pro
Unlock your workplace personality in 3 minutes and discover your unique strengths!
Resources
Articles
Read insightful articles on career development, job search strategies, and more.
Hire
Cake for Employers
Consolidating Talent Search, Job Posting, and ATS for a seamless, unified hiring experience.
Recruitment Platform
Talent SearchJob PostingATS
Recruitment Solutions
Recruitment ConsultingEmployer BrandingEmployer of Record (EOR)Staffing ServicesVietnam Payroll Services
Pricing & Testimonials
Pricing Plans

Cake.me Privacy Policy

Last Updated: Jun 8, 2026

1. Scope & Roles

This Policy applies to individuals and organizations that use the Cake.me website, App, API, and related Services. The data controller is Trantor Tech, Inc. (Cake). Our data protection contact: [email protected].

By registering an account on the Platform or using the Services we provide, you acknowledge that you have read and understood the practices and rules described in this Privacy Policy and agree to them, and you consent to our collection, use, and processing of your personal data in accordance with this Policy. If you do not agree to the processing of your personal data in accordance with this Policy, please stop using the Services and the Platform.

2. Definitions

“Sensitive Personal Data” includes medical records, genetic data, sexual life, health check data, criminal records, race, religion, political opinions, trade union membership, precise location, communications content, account credentials, biometric features, neural data, and children’s data.

“De-identified Data” means data that cannot reasonably be re-identified to a specific individual.

3. Data Categories We Collect

To provide the Services, we collect:

(1) Information you actively provide and technical data required for operation

All relevant information you actively provide when creating an account (including but not limited to name, gender, date of birth, and expected salary) and contact information (including but not limited to phone number and email address), résumés and portfolios, job and company information, interaction records, device and technical information, cookies and similar technologies, and third-party data provided by partners (including but not limited to third parties such as Google and Meta).

If you choose to sign in to the Services using a third-party account (such as Google, Apple, Facebook, or X), we will obtain necessary account information from that third party within the scope you authorize, such as your name, email address, third-party account identifier, profile picture, or other data you agree to provide upon registration or while using the Services.

(2) Information we do not collect

We do not proactively request that you provide sensitive personal data such as medical records, medical information, genetic data, sexual life, or criminal records. If you disclose such data on your own in your account, résumé, or portfolio, please evaluate carefully; we will not process such sensitive personal data.

4. Purposes & Legal Bases

We process data for the following purposes:

  1. Performance of a contract and provision of the Services (account registration, identity verification, data computation, using data for AI analysis to match and recommend jobs, notifications, customer support, payment processing, and security protection).
  2. System operation and improvement (operations and maintenance, analytics, improving features, and optimizing recommendation and matching services).
  3. Legitimate interests (fraud prevention, auditing, statistics, and research), provided they do not override your fundamental rights and freedoms.
  4. Specific consent items (marketing messages, specific visibility settings, and research collaboration), for which you may withdraw your consent at any time.
  5. Legal obligations or the establishment of legal claims (requests from competent authorities or courts, taxation, and legal defense).
  6. Vital interests (protecting life, physical safety, and property).
  7. Personalization and recommendations (using data for AI analysis to provide job or talent recommendations, and AI-generated résumé or portfolio suggestions).

5. Disclosures

(1) We may disclose data to:

  1. Processors (cloud, communication, payments, security, analytics, etc.), among which the vendors providing AI analysis include OpenAI and Google. All Processors are bound by applicable data protection agreements, or otherwise provide a level of data protection no lower than that set out in this Policy; Processors will not use the data for any purpose other than providing the Services.
  2. Employers, recruiting partners, and other users of the Platform (disclosed in accordance with the Platform’s rules and your relevant settings).
  3. Transactional or legal-request circumstances (mergers, reorganizations, courts, or government authorities).
  4. De-identified or aggregated statistical data, which may be made public on the website and elsewhere in a de-identified form.

If you choose to share uploaded content publicly, you understand and agree that third-party services (such as search engines, caching services, and social platforms) may automatically capture or retain copies; even if you later delete the content, the Services cannot guarantee that all external caches, backups, or third-party copies will be removed simultaneously. The Services will provide deletion or takedown functions in accordance with your settings but cannot control or compel third parties to delete copies they have retained. Please evaluate carefully before making content public.

(2) Circumstances in which we do not share (Limited Use):

  1. We do not sell or rent your personal data to third parties.
  2. We do not share data for cross-context behavioral advertising (as defined under the CPRA).
  3. We do not use your data for any purpose other than those disclosed in this Policy.
  4. If our data practices change in the future in a way that involves a “sale” or “sharing” as defined under the CPRA, we will provide a “Do Not Sell or Share My Personal Information” link and support Opt-out Preference Signals (such as GPC).

The Platform (including the website and App) will strictly comply, in its use and transfer of the foregoing data, with the requirements of the respective application stores on which it is published, including the data protection policies of the Google Chrome Web Store and the Apple App Store.

6. International Transfers

Data may be processed outside your jurisdiction. We will use Standard Contractual Clauses (SCCs), adequacy assessments, or other safeguards to ensure that your rights under applicable jurisdictions are not affected. Where competent authorities impose restrictions, we will comply with the relevant requirements.

7. Retention

We retain data for as long as necessary to achieve the purposes for which it was collected, taking into account legal obligations, dispute resolution, and security needs. Once the retention period expires or the purpose no longer exists, we will delete or de-identify the data. Where a specific period cannot be clearly stated, we will determine the retention period based on reasonable criteria (such as the duration of the account, statutory retention periods, and limitation periods for complaints or litigation).

8. Your Choices & Rights

You have the right at any time to: access, rectify, obtain a copy, delete, restrict or stop processing, data portability, object (including to direct marketing), and withdraw consent. We will respond to your request within the time limits prescribed by applicable local laws and may verify your identity where necessary.

9. Children

The Services are not provided to children under the age of 13. If you are under 13, please do not register for or use the Services. We do not proactively collect personal data from children under 13. Minors may use the Services only with the consent and guidance of a legal guardian. In the EEA/UK, we will obtain the necessary consent in accordance with the applicable statutory age.

10. Security & Breach Notice

We implement measures such as tiered access controls, encryption, auditing, and backup/redundancy. In the event of a personal data incident, we will notify the competent authorities and affected individuals in accordance with applicable laws. We have also established procedures for handling data following business termination.

11. Automated Decisions & Profiling

As a general rule, we do not make decisions affecting your rights and interests solely by automated means. Where necessary, we will provide mechanisms for human intervention and appeal.

12. Third-Party Links

Third-party services have their own independent privacy policies; please review them carefully. We do not guarantee the security of personal data and/or other information you provide on third-party websites.

13. Google API Services User Data Policy

This section explains how we access, use, store, and share Google user data through Google APIs.

Scopes and Data We Access

When you sign in to Cake with your Google account, or when you consent to linking your Google Calendar while using the Services, we request access to the following Google user data:

  • openid — for secure sign-in via the Google OpenID Connect protocol.
  • https://www.googleapis.com/auth/userinfo.email — to obtain your Google account email address, used to identify and verify your Cake account.
  • https://www.googleapis.com/auth/userinfo.profile — to obtain your basic Google profile information (including your name and profile picture) for display within Cake.
  • https://www.googleapis.com/auth/calendar.readonly — to read your Google Calendar list and busy/free information, so that Cake can identify your primary calendar, let you choose which calendar to write events to, and check your available time slots to help you avoid scheduling conflicts when arranging interviews or meetings.
  • https://www.googleapis.com/auth/calendar.events — to create, update, or delete Google Calendar events on your behalf when you take specific actions in Cake (such as scheduling an interview or accepting a meeting invitation).

How We Use Google User Data

We use Google user data solely to provide the Services, specifically including:

  • When you sign in with Google, Google data is used to verify your identity and manage account access.
  • Identifying the Google calendars available to you (including your primary calendar), letting you choose which calendar to write events to, and checking your busy/free information to help you identify conflict-free times for scheduling interviews and recruitment-related meetings. Cake does not display the content or details of your existing Google Calendar events in its interface.
  • Creating, updating, or removing calendar events on your behalf when you explicitly initiate an action in Cake (such as confirming an interview time, rescheduling, or canceling a meeting).

We do not use Google user data for any purpose beyond the features you have consented to use within the Platform and the Services.

How We Store Google User Data

Google user data is stored on the secure servers of our engaged cloud service providers and is protected with industry-standard encryption in transit (TLS) and at rest. Access to the data is limited to authorized personnel for the purpose of providing the Services, and such personnel are subject to strict access controls. For Google data, we retain Google user data only during the period you use the Services and the Platform, taking into account legal obligations, dispute resolution, security needs, or retention periods required by local laws. You may at any time request revocation of our access to your Google user data through the Google Account Permissions page; after confirming that none of the above exceptions apply, the relevant Google user data will be removed from our systems within a reasonable period.

How We Share Google User Data

We do not sell, rent, or trade Google user data, nor do we share it with third parties outside the Platform, except in the following circumstances:

  • Sharing with Processors necessary for operating the Services (such as cloud, communication, payments, security, and analytics), where such parties agree to be bound by data protection agreements that meet the requirements of the Google API Services User Data Policy.
  • As required by law, court order, or transactional needs (such as mergers, reorganizations, courts, or government authorities), or to protect rights, safety, or property.
  • Where we have your explicit consent (for example, when you choose to share an interview invitation with others).
  • De-identified or aggregated statistical data.

Limited Use Statement

Our use and transfer of data obtained through Google APIs will comply with the Google API Services User Data Policy, including its Limited Use requirements. We commit that we will not:

  • Use Google user data to serve advertising (including remarketing, personalized, or interest-based advertising).
  • Sell Google user data to third parties, such as advertising platforms, data brokers, or data resellers.
  • Use Google user data for any purpose other than the calendar-related features and authentication features that users explicitly request from us or on the Platform.
  • Allow humans to read Google user data, unless one of the exceptions listed in the “How We Share Google User Data” section applies — such as necessary service-related Processors, applicable law, your explicit consent, or de-identified data.

14. Local Supplements

We are committed to complying with applicable privacy and data protection laws in each jurisdiction. Globally, we protect users’ privacy rights in accordance with the laws of different regions. The rights you may enjoy in your location include: access, rectification, deletion, restriction of processing, data portability, objection, and withdrawal of consent. We will handle your requests within the time limits and procedures prescribed by local laws.

The following are specific supplements:

  1. United States – California (CCPA/CPRA)

    In the past 12 months, we have collected identifiers (such as name, email, and phone number), employment and education information (such as résumé content), internet activity records (such as event logs, IP, and device information), and necessary sensitive information (such as account credentials and communications content). The primary purposes are account services, talent and job matching, customer support, and security maintenance. We do not sell or share your personal information; if this changes in the future, we will provide a “Do Not Sell or Share” link and support GPC.

    The rights you may exercise include:

    1. Right to know, access, portability, deletion, and correction
    2. Right to limit the use of sensitive data
    3. Right to opt out of sale or sharing
    4. Right to non-discrimination

    We will respond to requests within 45 days and may extend once by an additional 45 days where necessary. Requests may be submitted via [email protected] or the website form.

  2. Taiwan (PDPA)

    When collecting data, we will inform you of the name of the institution, the purpose of collection, the categories of data (including name, contact information, education/career background, financial conditions, etc.), the period, region, and method of use (for example, via the Platform, email, or system notifications), the recipients, your rights and how to exercise them, and the consequences of not providing the data.

    Data subjects may exercise rights under the PDPA, such as review, correction, deletion, and cessation of use; in principle, we will respond within 15 days and may extend by a further 15 days where necessary. In the event of a personal data incident, we will report to the competent authority and notify the data subjects as required.

  3. Other Regions

    For other regions not specifically listed, we will operate in accordance with the applicable personal data protection laws and regulations in that location and safeguard the rights to which users are legally entitled, including but not limited to access, rectification, deletion, restriction of processing, portability, and objection. We will ensure that cross-border transfers comply with relevant legal requirements and adopt appropriate safeguards where necessary.

If you have any questions or wish to make a rights request, please contact our privacy contact: [email protected].

15. Changes

If we update this Policy due to legal or service changes, we will notify you from time to time via website announcements or the contact information you have provided; material changes will be explained in advance and take effect from the date of announcement. If you do not agree, please stop using the Services and delete your account or adjust your settings in accordance with the applicable procedures. Your continued use of the Services after the Policy is updated will be deemed your acknowledgment and acceptance of the updated Privacy Policy.