Are job-search platforms exploiting job seekers for their personal data?

Researchers at Incogni surveyed 1,000 Americans and studied the most popular job-search platforms to find out.

A job search is one of those periods in life where the stakes are high and the pressure is on. Exactly the kinds of circumstances that can lead people to devalue concerns like those surrounding data privacy—someone who would never create a Facebook or TikTok account, for example, may well not think twice about creating a LinkedIn profile.

It’s obviously difficult to fault job seekers for their priorities here. But that doesn’t have to mean simply letting things stay as they are. Knowing what personal data each platform shares with third parties, for example, can help job seekers make informed decisions about which ones to trust. If nothing else, a study like this might motivate job seekers to delete old profiles and accounts on these platforms once they’re no longer needed, greatly reducing the risk of those users’ data ending up in a job-search platform (or associated third-party) breach.

Incogni’s researchers took a two-pronged approach to this study: surveying a thousand Americans who’ve used job-search and networking platforms in the past 5 years while also examining each platform’s potential effects on user privacy through a set of 17 relevant criteria. 

Key insights:

• Almost 40% of recent job-seekers said they never delete the profiles they create on job-search platforms. With over 34% of respondents saying they uploaded their details to more than two platforms, that’s a lot of data in the hands of these platforms.
• 37% of respondents believe job-search platforms only share user data with potential employers. In fact, 8 out of the 9 investigated job-search and networking platforms sell user data (according to the CCPA definition of a data sale).
• 1 in 3 respondents used so-called AI features provided by professional and networking sites to optimize their profiles. These tools and features come with their own sets of privacy considerations, often overlooked by regular users.
• Over 60% of recent job-seekers feel as if they write their resumes for algorithms rather than people.
• Almost 50% of respondents indicated that they either don’t read or merely skim through the privacy policies of the platforms to which they upload their resumes. 
• 1 in 4 respondents believe that their job details are not sensitive information, even when a resume can include veteran status, contact details, and similar information.

Survey results: how Americans interact with job-search platforms

Overview

The survey showed that only 7% of respondents indicated that they were uncomfortable having to share their information (from resumes to contact details) with these platforms. Incogni’s research investigating these platforms suggests that there are real privacy risks associated with the use of these sites and apps. 

Indeed was clearly the most popular among survey respondents, having been used by the vast majority (83%) of recent job seekers. LinkedIn, a networking site that’s commonly used for finding work, was also quite prominent, with 57% of respondents having used it in the past 5 years. After LinkedIn, in third place, was ZipRecruiter, used by 40% of respondents.

Outside of those platforms, the reported usage rates of platforms like Glassdoor, Monster, and others drop off quickly, with under a quarter of respondents indicating that they’ve used these in the past 5 years. Handshake, an “AI-centric” recruitment platform, was the least used. 

As described in more detail below, the top three most-used platforms carry distinct privacy risks. For example, Indeed comes in with a middle-of-the-road privacy score, suffering in categories related to AI and candidate data and performing well in the data collection category. 

Only 11% of surveyed Americans indicated that they were uncomfortable with having to share their details with platforms for the sake of finding a job. In fact, 46% of respondents said they were comfortable sharing this data.

Incogni’s researchers noted that three groups of respondents were significantly more likely to be comfortable with sharing their data: individuals with higher incomes, people in managerial or professional roles, and respondents aged 25 – 34 years. 

Of note is the fact that over 34% of respondents indicated that they had created accounts on more than two platforms or boards, increasing the potential risks as each platform is a vector for data breaches. As Incogni’s researchers found when investigating the platforms, oftentimes user data is not only kept by the job-search platforms themselves, but spread to other entities. This includes the commonly referenced “affiliates and business partners,” meaning that tracking down who has a given user’s data can quickly become very difficult. 

Not only is the dissemination of resumes and other job-seeker data often extensive, 1 in 4 respondents said they don’t remember all the platforms that have their data. So taking back control over data becomes much more difficult. 

Privacy perceptions and assumptions

Of particular interest to Incogni’s researchers were the assumptions respondents made regarding job-search platform privacy policies. The survey showed that there is a notable knowledge gap here that may be detrimental to job-seeking Americans’ privacy. 

When it comes to reading privacy policies, Incogni’s researchers noted that:

•  All the investigated platforms, with the exception of LinkedIn, had policies written in complex English (rated at a college-graduate reading level based on the Dale-Chall readability formula). 
• The average investigated privacy policy required 35 minutes to read fully.

These findings suggest that the high number of respondents claiming they read the privacy policies does not necessarily mean that those respondents could fully grasp the privacy implications of those policies. 

“AI” and off-platform tools

The use of third-party tools to create or optimize job-seeker resumes was also a commonly reported phenomenon, with almost 1 in 3 respondents indicating that they had used such tools. 

So-called AI tools, from LLMs to image-generation platforms, can be used instead of or in conjunction with resume builders. Around a third of respondents used either or both of these types of tools. 

Incogni’s researchers also looked at how job-search platforms facilitate interaction between user data and “AI” tools and services. Amongst the investigated platforms, it was found that LinkedIn, Indeed, and SimplyHired either offered or were planning to offer so-called AI tools for employers to process applications. 

Similarly, platforms that facilitate AI interaction with user data, for example, in the creation of resumes or when filling out applications, include LinkedIn, Indeed, SimplyHired, and Glassdoor.

A surprising result was the number of respondents who were comfortable with their data being processed and used for the training of “AI” models, with over 50% stating they were at least somewhat comfortable with this. Only a quarter of respondents were at least somewhat uncomfortable with such scenarios.

The researchers found that LinkedIn, Indeed, and SimplyHired were either developing or rolling out tools that enable employers to rate, evaluate, or summarize potential employees’ candidatures using so-called AI-powered systems. The researchers noted that just because the other investigated platforms don’t offer AI tools, it doesn’t mean that employers don’t take applicant data off-platform to process it with “AI” off-site. 

Platform investigation: what each platform does with user data

Nine job-search, recruitment, and networking platforms were investigated through their privacy policies and other help, legal, and privacy resources. 17 criteria were derived by Incogni’s researchers and privacy experts. These criteria were then weighted according to their privacy impact and sorted into 7 categories:

• Data collection – whose data is collected, what data is collected, and where it’s sourced. 
• Data sharing – what data is shared and with whom or what.
• “AI” – how so-called AI interacts with candidate data.
• Tracking – how data is processed and accumulated on- and off-platform. 
• Transparency and accessibility – how difficult it is to understand how interacting with a given platform affects a user’s privacy.
• Transgressions – lawsuits and fines from regulatory agencies and data breaches.
• Extra penalties and advantages – if something important to privacy is done exceptionally well or poorly and is not captured in other criteria, it’s captured here.

A more detailed description of the process can be found in the methodology section and public data sheet below. 

Snagajob, Flexjobs, and Glassdoor all scored relatively well in Incogni’s ranking. Snagajob specifically was rated the best in regards to the data it collects and performed well in the tracking category. Incogni’s researchers also didn’t find any “transgressions” (i.e. lawsuits, data breaches or other notable concerns not captured in the ranking) associated with Snagajob. 

Flexjobs scored particularly well in the additional considerations category. 

Glassdoor specifically was noted for having a relatively accessible privacy policy and privacy resources, which meant it won some points in the extra penalties and advantages category. 

ZipRecruiter, Monster and LinkedIn come in at the top of the ranking (meaning they’re the most privacy-invasive of the set). A lot of their penalties came from the Transgressions category—for things like LinkedIn having experienced regulatory fines and lawsuits and some companies related to Monster having experienced data breaches. 

Platform takeaways

ZipRecruiter

ZipRecruiter has web content describing how it handles data- and privacy-related issues. However, its privacy policy indicates that it does not claim responsibility for outdated posts covering privacy issues. This means that a user searching for information about a specific concern may find one of these pages, believe they have their answer, and yet leave misinformed. 

Candidates have access to on-platform “AI” tools to help them with their applications, but it seems that employers aren’t offered analogous tools to assist with application screening or evaluation. Incogni’s researchers considered this to be the better setup as it leaves it up to candidates whether their data is fed into so-called AI systems, at least on-platform.

In 2018, ZipRecruiter suffered a data breach that exposed its users’ names and email addresses. The breach affected users who had submitted their resumes to ZipRecruiter’s database.

LinkedIn

LinkedIn had a relatively user-friendly privacy policy: the language used was relatively simple and the policy well laid-out for clarity and navigability. Its privacy policy also included links to helpful FAQs and articles, helping users understand what’s happening with their data.

LinkedIn tracks non-member visits for the purpose of targeted advertising.

It’s also rolling out “AI-powered” interviews, through which employers can prepare sets of questions that are then rendered as pseudospeech by an “AI” system and played for the candidate during a scheduled call. The “AI” chatbot then rates the candidate’s answers against a set of desired answers provided by the employer and sends a summary to hiring staff. LinkedIn refers to these automated interviews, currently in early testing for LinkedIn Hiring Pro users, as “screening calls.”

In late 2024, Microsoft (which owns LinkedIn) was fined 310M euros ($335M) by the lead European Union privacy regulator for its targeted advertising practices. In April of 2026, two separate class action complaints were filed against Microsoft for allegedly illegally scanning users’ browsers to determine which extensions they were using.

These claims seem to originate from a report published by German commercial LinkedIn user advocacy group Fairlinked. The group described Microsoft’s alleged actions as “one of the largest corporate espionage and data breach scandals in digital history.”

Monster

Monster received the third highest score in Incogni’s evaluation of job-search platforms, meaning it’s the most privacy-invasive platform of those studied, according to the adopted criteria. It received some of the highest negative points in the data collection and sharing categories as well as penalties due to its legal and security issues. Monster performed poorly in the data collection category, making inferences about users and collecting data which is “publicly available.” 

It discloses selling data (according to the CCPA definition) and shares data with poorly defined affiliates and business partners. 

However, Monster did make up some points in having an extensive legal help center, with articles covering relevant concerns in easy-to-understand language. 

Separately, recent antitrust allegations have raised questions about whether Monster and several other job seeking & resume-building brands are presented as competitors despite allegedly operating under the same broader ownership structure — a concern that is especially relevant for job seekers trying to make informed choices about which platforms to trust with their personal information.

Indeed and SimplyHired

Given that SimplyHired links to Indeed’s privacy policy, this section combines the two platforms.

The most popular platform among the survey respondents, Indeed, has its own set of concerns. Of note was the close relationship between Indeed and other job-search platforms, such as Glassdoor, SimplyHired, and others. If this means that Indeed shares data with these other services, then the risk of an Indeed user’s data being exposed in a breach increases significantly.

According to its privacy policy, Indeed sells user data (as per the CCPA definition) and shares it with employers, affiliates, and marketers. When it comes to “AI” use, “Indeed Recruiting Services processes personal data including application data to generate … summaries.” Indeed provides a transparency report regarding law enforcement requests for user information. 

The privacy policy for Indeed (and, by extension, SimplyHired) is quite long. The fact that SimplyHired did not have its own privacy policy also led to it incurring a slight disadvantage in the ranking when compared to Indeed. This lack of separation was deemed a concern regarding users’ understanding of which entity is processing their data. 

Nexxt

According to its privacy resources, Nexxt sells user data (as per the CCPA definition). It also shares the data it collects, but the way it shares this data as well as the reasons it gives for doing so seem reasonable: it shares data with its business partners when users opt in to their offers and with companies and individuals that it engages to perform services on its behalf.

Nexxt collects personal information from “public sources” and data brokers.

Glassdoor

Glassdoor sells user data and shares it with advertising partners and ad exchanges. It sources personal data from “third party data providers”—a descriptor sufficiently vague to attract penalties in this study.

While Glassdoor allows all its users—regardless of geographical location—to opt out of the sale of their data, it did stir up some controversy when it added users’ real names and job titles to their previously anonymous profiles.

It also has a privacy policy that’s detailed and relatively easy to follow.

FlexJobs

FlexJobs sells user data and shares it with ad networks and third parties for marketing, advertising, research, and similar purposes. It collects publicly available data, including from social media platforms. There have been reports of people warning of scams on this platform, on Reddit, for example.

FlexJobs gives candidates access to on-platform “AI” tools to help them with their applications, but it seems that employers aren’t offered analogous tools to assist with application screening or evaluation. Incogni’s researchers considered this to be the better setup as it leaves it up to candidates to what extent their data is exposed to so-called AI systems, at least on-platform.

Snagajob

Snagajob was the best-scoring platform out of the 9 studied. Even though it’s the least privacy-invasive platform in the study, Snagajob was still found to sell user data according to the CCPA definition, suggesting that the bar is generally low with these platforms. 

Snagajob shares user data with some relatively reasonable entities: service providers, entities for legal and security purposes, entities for sales or the transfer of business assets, and others with the user’s consent. This makes it one of the best platforms in Incogni’s data set as far as data sharing goes—although it does sell user data.

This platform has a short but limited privacy policy: it shouldn’t take most users long to read, but may leave some questions unanswered. For example, Incogni’s researchers weren’t able to determine if non-user data is treated differently from user data, based on the privacy policy alone.

Methodology

The survey was conducted between the 5th and 8th of May, 2026, surveying 1,000 Americans who had looked for a job using a job-search platform in the past 5 years. It was conducted via Cint and captured a representative sample of Americans (by age and geographic distribution).

The survey mentioned 10 platforms, including USAJOBS.GOV. As this is a government-run platform, Incogni’s researchers weren’t able to evaluate it against the criteria they’d adopted. This is why there are only 9 platforms included in the platform analysis.

The other approach used in this study was based on the privacy score. The privacy score was derived by constructing a set of 17 criteria to capture how these platforms could impact user privacy. For this ranking, Incogni only evaluated details that were publicly available, as nonpublic data was not consistently available for each of the studied platforms. The criteria are explained in more depth in the public data set.

These criteria were weighted according to how important Incogni’s researchers deemed them to be. This weighting was affected through coefficients that act on negative scores. For example, a job-search platform that sells user data attracts a score (penalty) of 3, while one that has a particularly difficult-to-read privacy policy would attract a score (penalty) of only 1, reflecting the relative importance of these criteria.

Public data for platform investigation and scoring can be accessed here.

Use of visuals

Notwithstanding the terms of the CC BY-NC-SA 3.0 licenses of the visuals above, Incogni grants news organizations and other media entities permission to use the specified asset(s) in their news coverage or commentary, including on pages that display advertising.

The visuals can be downloaded or embedded using the menu at the top right of each visual. Embedded visuals preserve their interactivity.