SEO: Global reach optimization - domain consistency, hreflang, expanded sitemap & schema

- Fix domain consistency: all URLs now point to simpaticohrconsultancy.com
- Rewrite sitemap.xml: 8 to 18 URLs with correct domain and fresh lastmod
- Fix robots.txt: sitemap URL corrected, added /widget/ disallow
- Add hreflang tags (en + x-default) for international SEO
- Add geo-targeting meta tags (coordinates, region, placename)
- Add 9 OG locale alternates (US, UK, UAE, Saudi, Qatar, Arabic, German)
- Expand areaServed from 9 to 19 countries in structured data
- Add SoftwareApplication schema for SaaS classification
- Add GA4 placeholder (cookie-consent-aware, needs measurement ID)
- Fix invalid JSON-LD email field syntax
- Update chatbot KB URLs to canonical domain
- Expand AI system prompt regions to global coverage
- Fix canonical URLs on jobs.html and services.html
- Fix LinkedIn share URL on jobs.html
- De-link Career Lab, Evalis Platform, Evalis Interview from navigation

Author: simpaticohr

career-lab.html

@@ -3,6 +3,7 @@
 <head>
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1">
+<meta name="robots" content="noindex, nofollow">
 <title>Career Lab | Simpatico HR</title>
 
 <!-- 🔒 ACCESS GUARD — Requires Supabase Authentication -->

contact.html

@@ -270,7 +270,7 @@
       <a href="sectors.html">Sectors</a>
       <a href="employers.html">Employers</a>
       <a href="jobs.html">Job Board</a>
-      <a href="career-lab.html" class="lab-link"><i class="fas fa-sparkles"></i> Career Lab</a>
+
       <a href="contact.html" style="color:var(--tech)">Contact</a>
       <a href="admin.html" class="admin-link"><i class="fas fa-shield-halved"></i> Admin</a>
     </div>
@@ -593,8 +593,7 @@ <h2 class="fade-in">Ready to Transform Your Hiring?</h2>
     <div class="footer-col">
       <h4>Platform</h4>
       <a href="jobs.html">Job Board</a>
-      <a href="career-lab.html">Career Lab</a>
-      <a href="evalis-interview.html">AI Interview</a>
+      <a href="mock-admin.html">Mock Admin</a>
       <a href="employers.html">For Employers</a>
     </div>
     <div class="footer-col">
@@ -606,9 +605,9 @@ <h4>Company</h4>
     </div>
     <div class="footer-col">
       <h4>Resources</h4>
-      <a href="career-lab.html">ATS Resume Score</a>
-      <a href="career-lab.html">Interview Prep</a>
-      <a href="career-lab.html">Career Roadmap</a>
+      <a href="pricing.html">Pricing</a>
+      <a href="terms.html">Terms</a>
+      <a href="privacy.html">Privacy</a>
     </div>
     <div class="footer-col">
       <h4>Connect</h4>

employers.html

@@ -503,7 +503,7 @@
       <a href="contact.html">Contact</a>
       <div class="nav-divider"></div>
       <a href="mock-admin.html" class="nav-pill ats-link"><i class="fas fa-wand-magic-sparkles"></i> Mock Admin</a>
-      <a href="career-lab.html" class="nav-pill lab-link"><i class="fas fa-flask"></i> Career Lab</a>
+
       <div class="nav-divider"></div>
       <a href="admin.html" class="admin-link"><i class="fas fa-shield-halved"></i> Admin</a>
     </div>
@@ -812,7 +812,7 @@ <h2>Ready to Hire Smarter?</h2>
       <h4>Platform</h4>
       <a href="employers.html">For Employers</a>
       <a href="jobs.html">Job Board</a>
-      <a href="career-lab.html">Career Lab</a>
+
       <a href="mock-admin.html">Mock Admin</a>
       <a href="platform/pricing.html">Pricing</a>
     </div>
@@ -843,7 +843,7 @@ <h4>Connect</h4>
     <div class="footer-logo-icon">S</div>
   </div>
   <p>&copy; 2026 Simpatico HR Consultancy | Perinthalmanna, Kerala, India</p>
-  <p style="font-size:0.75rem;opacity:0.4;margin-top:8px;">AI-Powered Recruitment • ATS Screening • Proctored Interviews • Career Lab</p>
+  <p style="font-size:0.75rem;opacity:0.4;margin-top:8px;">AI-Powered Recruitment • ATS Screening • Proctored Interviews</p>
 </footer>
 
 <!-- ═══ SCRIPTS ═══ -->

evalis-interview.html

@@ -3,6 +3,7 @@
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width,initial-scale=1.0">
+<meta name="robots" content="noindex, nofollow">
 <title>AI Interview � SimpaticoHR</title>
 <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800;900&display=swap" rel="stylesheet">
 <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css">

evalis-platform.html

@@ -1,8 +1,9 @@
-<!DOCTYPE html>
+<!DOCTYPE html>
 <html lang="en">
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta name="robots" content="noindex, nofollow">
   <title>Evalis AI Interview Platform | Simpatico HR</title>
   <script src="https://cdnjs.cloudflare.com/ajax/libs/pdf.js/3.11.174/pdf.min.js"></script>
   <script>if(window.pdfjsLib)pdfjsLib.GlobalWorkerOptions.workerSrc='https://cdnjs.cloudflare.com/ajax/libs/pdf.js/3.11.174/pdf.worker.min.js';</script>

index.html

@@ -17,7 +17,7 @@
   <meta property="og:description" content="Find your next opportunity. Apply now and experience our instant AI screening.">
 
   <!-- Search Engine Verification (Optional hooks) -->
-  <link rel="canonical" href="https://simpaticohr.github.io/jobs.html">
+  <link rel="canonical" href="https://simpaticohrconsultancy.com/jobs.html">
 
   <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css" rel="stylesheet">
   <link href="https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:wght@400;500;600;700;800&display=swap" rel="stylesheet">
@@ -420,7 +420,7 @@ <h2>${job.title || 'Untitled'}</h2>
         <div class="job-footer">
           <span class="job-level ${levelClass}">${level}</span>
           <div style="display: flex; gap: 8px;">
-            <a class="apply-btn" style="background: #0077b5; padding: 12px 18px;" href="https://www.linkedin.com/sharing/share-offsite/?url=${encodeURIComponent('https://simpaticohr.github.io/' + applyUrl)}" target="_blank" title="Share on LinkedIn"><i class="fab fa-linkedin-in"></i></a>
+            <a class="apply-btn" style="background: #0077b5; padding: 12px 18px;" href="https://www.linkedin.com/sharing/share-offsite/?url=${encodeURIComponent('https://simpaticohrconsultancy.com/' + applyUrl)}" target="_blank" title="Share on LinkedIn"><i class="fab fa-linkedin-in"></i></a>
             <a class="apply-btn" href="${applyUrl}">Apply Now <i class="fa fa-arrow-right"></i></a>
           </div>
         </div>

jobs.html

@@ -0,0 +1,144 @@
+-- ═══════════════════════════════════════════════════════════════════════════════
+-- Migration 022: Explicit GRANT statements for Supabase Data API access
+-- ═══════════════════════════════════════════════════════════════════════════════
+--
+-- WHY: Starting May 30 2026 (new projects) and October 30 2026 (existing projects),
+-- Supabase no longer auto-grants Data API access to tables in the "public" schema.
+-- Without explicit GRANTs, PostgREST / supabase-js / GraphQL will return "42501"
+-- permission errors on any table created after the cutoff date.
+--
+-- This migration retroactively adds explicit GRANTs to ALL existing public tables
+-- so the transition is seamless. It is idempotent (safe to re-run).
+-- Each GRANT is wrapped in a safety check so missing tables are silently skipped.
+-- ═══════════════════════════════════════════════════════════════════════════════
+
+DO $$
+DECLARE
+  tbl TEXT;
+  all_tables TEXT[] := ARRAY[
+    -- Core HR
+    'employees',
+    'departments',
+    'leave_requests',
+    'leave_balances',
+    'attendance_records',
+    'audit_logs',
+    -- Payroll
+    'employee_salaries',
+    'payslips',
+    'payroll_runs',
+    'payroll_deductions',
+    'employee_expenses',
+    -- ATS / Recruitment
+    'jobs',
+    'job_listings',
+    'job_applications',
+    'applications',
+    'interviews',
+    'interview_sessions',
+    'candidate_assessments',
+    'assessments',
+    -- Performance & Training
+    'performance_reviews',
+    'review_cycles',
+    'performance_goals',
+    'goals',
+    'training_courses',
+    'training_enrollments',
+    -- Onboarding / Offboarding
+    'onboarding_records',
+    'onboarding_tasks',
+    'offboarding_records',
+    'offboarding_tasks',
+    -- HR Ops
+    'hr_tickets',
+    'hr_policies',
+    'employee_documents',
+    'expenses',
+    -- Pulse Surveys
+    'pulse_surveys',
+    'pulse_survey_responses',
+    -- Automation
+    'automation_rules',
+    'automation_logs',
+    -- Multi-tenant / Org
+    'companies',
+    'users',
+    'org_profiles',
+    -- Billing
+    'subscriptions',
+    'payment_transactions'
+  ];
+BEGIN
+  FOREACH tbl IN ARRAY all_tables
+  LOOP
+    -- Only grant if the table actually exists in public schema
+    IF EXISTS (
+      SELECT 1 FROM information_schema.tables
+      WHERE table_schema = 'public' AND table_name = tbl
+    ) THEN
+      EXECUTE format('GRANT SELECT ON public.%I TO anon', tbl);
+      EXECUTE format('GRANT SELECT, INSERT, UPDATE, DELETE ON public.%I TO authenticated', tbl);
+      EXECUTE format('GRANT ALL ON public.%I TO service_role', tbl);
+      RAISE NOTICE 'Granted access on: %', tbl;
+    ELSE
+      RAISE NOTICE 'Skipped (does not exist): %', tbl;
+    END IF;
+  END LOOP;
+END
+$$;
+
+
+-- ─────────────────────────────────────────────────────────────────────────────
+-- SEQUENCES — Grant usage on all sequences in public schema
+-- (Required for gen_random_uuid() / auto-increment inserts via Data API)
+-- ─────────────────────────────────────────────────────────────────────────────
+
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO anon;
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO authenticated;
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO service_role;
+
+
+-- ─────────────────────────────────────────────────────────────────────────────
+-- DEFAULT PRIVILEGES — Auto-grant on FUTURE tables and sequences
+-- (This is the key safeguard: any new CREATE TABLE will automatically
+--  get these grants, preventing 42501 errors after the cutoff date)
+-- ─────────────────────────────────────────────────────────────────────────────
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+  GRANT SELECT ON TABLES TO anon;
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+  GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO authenticated;
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+  GRANT ALL ON TABLES TO service_role;
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+  GRANT USAGE, SELECT ON SEQUENCES TO anon, authenticated, service_role;
+
+
+-- ─────────────────────────────────────────────────────────────────────────────
+-- SCHEMA USAGE — Ensure roles can access the public schema itself
+-- ─────────────────────────────────────────────────────────────────────────────
+
+GRANT USAGE ON SCHEMA public TO anon;
+GRANT USAGE ON SCHEMA public TO authenticated;
+GRANT USAGE ON SCHEMA public TO service_role;
+
+
+-- ═══════════════════════════════════════════════════════════════════════════════
+-- REFRESH POSTGREST SCHEMA CACHE
+-- ═══════════════════════════════════════════════════════════════════════════════
+NOTIFY pgrst, 'reload schema';
+
+
+-- ═══════════════════════════════════════════════════════════════════════════════
+-- DONE. After running this migration:
+--
+-- 1. All existing tables have explicit GRANTs for anon, authenticated, service_role
+-- 2. Tables that don't exist are silently skipped (check NOTICE logs)
+-- 3. RLS policies (already in place) still control row-level access
+-- 4. DEFAULT PRIVILEGES ensure future tables automatically get the same grants
+-- 5. No 42501 errors will occur after the Supabase May 30 / October 30 cutoff
+-- ═══════════════════════════════════════════════════════════════════════════════

migrations/022_explicit_grants_supabase.sql

@@ -0,0 +1,85 @@
+-- ═══════════════════════════════════════════════════════════════════════════════
+-- SIMPATICO HR — NEW TABLE MIGRATION TEMPLATE
+-- ═══════════════════════════════════════════════════════════════════════════════
+-- Copy this template for every new table you create.
+-- Since Supabase no longer auto-grants Data API access (May 30 2026+),
+-- you MUST include explicit GRANTs or the table will return 42501 errors
+-- from PostgREST / supabase-js / GraphQL.
+-- ═══════════════════════════════════════════════════════════════════════════════
+
+
+-- ─── 1. CREATE TABLE ─────────────────────────────────────────────────────────
+
+CREATE TABLE IF NOT EXISTS public.your_table_name (
+  id              UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  -- your columns here
+  tenant_id       TEXT NOT NULL DEFAULT 'SIMP_PRO_MAIN',
+  company_id      UUID,
+  created_at      TIMESTAMPTZ DEFAULT NOW(),
+  updated_at      TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- ─── 2. INDEXES ──────────────────────────────────────────────────────────────
+
+CREATE INDEX IF NOT EXISTS idx_your_table_tenant ON your_table_name(tenant_id);
+
+
+-- ─── 3. EXPLICIT GRANTS (REQUIRED since May 30 2026) ────────────────────────
+-- Without these, the Data API will NOT be able to access this table.
+-- GRANTs control TABLE-level access. RLS controls ROW-level access.
+
+-- anon: read-only for public-facing queries (e.g. job listings)
+GRANT SELECT ON public.your_table_name TO anon;
+
+-- authenticated: full CRUD for logged-in users (filtered by RLS policies)
+GRANT SELECT, INSERT, UPDATE, DELETE ON public.your_table_name TO authenticated;
+
+-- service_role: full access for backend Workers (bypasses RLS)
+GRANT ALL ON public.your_table_name TO service_role;
+
+
+-- ─── 4. ROW LEVEL SECURITY ──────────────────────────────────────────────────
+
+ALTER TABLE public.your_table_name ENABLE ROW LEVEL SECURITY;
+
+-- Service role bypass (your Cloudflare Worker uses service_role key)
+CREATE POLICY "service_full_access" ON your_table_name
+  FOR ALL TO service_role USING (true) WITH CHECK (true);
+
+-- Authenticated users: read rows from own tenant only
+CREATE POLICY "tenant_read_your_table" ON your_table_name
+  FOR SELECT TO authenticated
+  USING (
+    tenant_id = COALESCE(
+      (auth.jwt()->'app_metadata'->>'tenant_id'),
+      (auth.jwt()->'user_metadata'->>'tenant_id'),
+      'SIMP_PRO_MAIN'
+    )
+  );
+
+-- Authenticated users: insert rows for own tenant
+CREATE POLICY "tenant_insert_your_table" ON your_table_name
+  FOR INSERT TO authenticated
+  WITH CHECK (
+    tenant_id = COALESCE(
+      (auth.jwt()->'app_metadata'->>'tenant_id'),
+      (auth.jwt()->'user_metadata'->>'tenant_id'),
+      'SIMP_PRO_MAIN'
+    )
+  );
+
+-- Authenticated users: update rows in own tenant
+CREATE POLICY "tenant_update_your_table" ON your_table_name
+  FOR UPDATE TO authenticated
+  USING (
+    tenant_id = COALESCE(
+      (auth.jwt()->'app_metadata'->>'tenant_id'),
+      (auth.jwt()->'user_metadata'->>'tenant_id'),
+      'SIMP_PRO_MAIN'
+    )
+  );
+
+
+-- ─── 5. REFRESH POSTGREST CACHE ─────────────────────────────────────────────
+
+NOTIFY pgrst, 'reload schema';

migrations/_TEMPLATE_new_table.sql

@@ -10,6 +10,7 @@ Disallow: /interview/
 Disallow: /mock-admin.html
 Disallow: /backend/
 Disallow: /migrations/
+Disallow: /widget/
 
-# Sitemap location (matches CNAME: simpaticohr.in)
-Sitemap: https://simpaticohr.in/sitemap.xml
+# Sitemap location (canonical domain)
+Sitemap: https://simpaticohrconsultancy.com/sitemap.xml