90% of Job Platforms Are Selling Your Data. Here's Who's Doing It Most.

A new study finds the platforms workers trust with their most sensitive career information are monetizing it at scale. The business model is the problem.

Written by Elena Brooks · Bureau Business · Jun 10, 2026

The Trust Gap Is a Business Model

When a job seeker uploads a resume, they're handing over a dense package of personal and professional data: employment history, education, salary history or expectations, references, sometimes a home address. The implicit assumption is that this information goes to potential employers. A new study says that assumption is wrong — or at least incomplete.

According to research reported by Inc., 90% of major job platforms sell or share user data with third parties. That figure isn't a rounding error. It's a structural feature of how these platforms operate.

Why Platforms Sell Data

The economics are straightforward. Most job platforms are free to job seekers. That means the product isn't the job listing — it's the user. Advertisers, data brokers, background check firms, and HR technology vendors all have commercial interest in the behavioral and biographical data that job seekers generate.

Platforms don't need to be malicious to end up here. They need to be profitable. When the primary revenue model is employer-side subscriptions and advertising, user data becomes a secondary revenue stream that's hard to leave on the table. The incentive structure does the rest.

What Data Is Being Shared

The study doesn't limit its findings to innocuous metadata. The data categories at issue include resume content, job search behavior, salary expectations, and contact information — exactly the information that makes a job seeker identifiable and targetable. In the wrong hands, or simply in more hands than users intended, that data can affect everything from targeted advertising to insurance pricing to future hiring decisions.

The Disclosure Problem

Platforms are not, in most cases, hiding this. The data-sharing terms are typically disclosed — in privacy policies that run thousands of words, use legal language, and are presented at the moment of account creation when users are least likely to read them. Technically compliant. Practically opaque.

This is a known pattern in consumer technology, but it carries particular weight in the job market context. A person searching for work is often in a vulnerable position. They're not browsing for shoes. They're sharing information about their professional life, their financial needs, and sometimes their reasons for leaving a previous employer.

The Biggest Offenders

The Inc. report identifies specific platforms at the top of the list, with widely used services appearing among the worst offenders. The platforms most job seekers default to — because of network effects, employer presence, and brand recognition — are not necessarily the ones with the strongest data protections.

What Job Seekers Can Actually Do

The practical options are limited but not zero. Job seekers can:

- **Read the privacy policy before creating an account** — specifically the data-sharing and third-party sections. - **Use a dedicated email address** for job searching to contain downstream targeting. - **Minimize the data they enter** — many fields are optional even when they don't appear to be. - **Request data deletion** after a job search concludes, where platform terms and applicable law allow it. - **Prefer platforms with explicit opt-out mechanisms** for third-party data sharing.

None of these steps eliminate the risk. But they reduce the surface area.

The Accountability Question

The harder question is why platforms with dominant market positions have not faced more pressure to change this. Employer clients have leverage — they pay. Job seekers, who are free users, have less. Until regulatory pressure or reputational cost changes the calculus, the data monetization model will persist. The study is a useful reminder that free, in this context, has a specific meaning.

Key takeaways

Nine in ten job platforms studied sell or share user data with third parties, according to new research cited by Inc.
The data being monetized includes sensitive career information: resumes, salary expectations, employment history, and contact details.
Disclosure practices are weak — most platforms bury data-sharing terms in privacy policies that users rarely read.
The business model incentivizes data monetization: free-to-use platforms need revenue, and user data is the asset.
Job seekers have limited practical recourse, but platform choice and data minimization are the most actionable defenses available.

FAQ

What kind of data do job platforms typically sell?

Based on the study's findings, the data shared or sold includes resume content, employment history, salary expectations, job search behavior, and contact information — the core personal and professional data users submit when creating accounts and applying for jobs.

Is this practice legal?

In most jurisdictions, yes — provided platforms disclose the practice in their terms of service or privacy policy. The legal standard for disclosure is generally met through privacy policies, even when those policies are long, technical, and presented in ways that discourage careful reading.

Which job platforms are the biggest offenders?

The Inc. report identifies specific platforms, with several of the most widely used services appearing among the worst offenders. Users should consult the full study for platform-specific rankings and review the privacy policies of any platform they use.

Can job seekers opt out of data sharing?

Some platforms offer opt-out mechanisms for certain types of third-party data sharing, but availability varies significantly. Users should look for opt-out options in account settings and privacy dashboards, and consider requesting data deletion after completing a job search.

Why hasn't regulation addressed this more aggressively?

Data privacy regulation in the U.S. remains fragmented, with no comprehensive federal consumer data law. Some states — notably California under CCPA — provide stronger protections. In the EU, GDPR imposes stricter consent requirements. For most users globally, regulatory protection is limited.