Privacy Policy

1. Information we collect

We do not sell your personal information. Depending on how you use the Service, we may process:

• Account and sign-in data, such as your email address and profile identifiers from your chosen sign-in provider (for example, Google OAuth via our authentication partner).
• Job search and configuration data, including filters, preferences, and settings you save in the dashboard.
• Resume and file uploads, when you upload documents we store or process on your behalf to complete applications.
• Application activity, such as job titles, companies, locations, URLs, outcomes (for example applied, skipped, or failed), timestamps, and related notes needed to run and improve the Service.
• LinkedIn session data, when you choose to sync or persist a session: we may store session cookies or similar tokens needed for the automation helper to act with your existing LinkedIn login. We do not ask for or store your LinkedIn password in plain text. Session data is highly sensitive and should be treated like account access credentials.
• Billing data, processed by our payment provider (for example, subscription status and customer identifiers). We do not receive your full card number from our processor.
• API keys and secrets you provide, such as keys for AI providers, which we store using encryption where supported by the product.
• Technical and operational data, such as IP address, device or app version, diagnostic logs, and error reports, to operate and secure the Service.

2. How we use information

We use the information above to:

• Provide, operate, and maintain the Service (including authentication and subscriptions).
• Run automation features you enable, consistent with your settings and applicable terms.
• Generate or suggest application responses when you use integrated AI features.
• Improve reliability, security, and product quality; detect abuse; and comply with law.
• Communicate with you about the Service, billing, and important notices.

3. Local processing and our servers

Parts of the Service may run on your device (for example, a desktop helper that controls a browser). Some data is processed locally on your machine. Other data is sent to our backend APIs for sync, storage, billing, and features you use in the dashboard. The mix depends on your setup and which features you turn on.

4. AI providers and prompts

When you enable AI-assisted features, we may send relevant content to third-party model providers (for example OpenAI, Google Gemini, DeepSeek, or others you configure) to generate suggestions or answers. That content can include job text, form questions, and material from your profile or resume, depending on the feature. Those providers process data under their own terms and privacy policies. Use AI features only with content you are allowed to share.

5. Legal bases (EEA, UK, and similar regions)

Where laws such as the GDPR apply, we rely on one or more of the following: performance of a contract with you; legitimate interests (for example securing the Service and preventing abuse), balanced against your rights; consent where we expressly ask for it; and legal obligations.

6. Sharing and subprocessors

We share information with service providers who help us run the Service, including:

• Payment processing (for example Stripe).
• Authentication and hosting infrastructure.
• AI and infrastructure vendors you connect or that we integrate by default.

We may also disclose information if required by law, to protect rights and safety, or as part of a business transfer subject to appropriate safeguards. We do not sell personal information as defined under applicable U.S. state privacy laws.

7. Retention

We keep information only as long as needed for the purposes above, unless a longer period is required by law. Retention varies by data type: for example, billing records may be kept longer than transient logs. Application history and uploaded files may be kept until you delete them or close your account, subject to backup and legal holds. Session tokens should be cleared when you sign out or revoke access where the product supports it.

8. Security

We use administrative, technical, and organizational measures designed to protect your information, including encryption for sensitive configuration where the product supports it. No method of storage or transmission is completely secure; we encourage strong passwords, device security, and revoking access if a device is lost.

9. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export certain personal information, and to object to or restrict certain processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise these rights, contact us via Support. We will respond consistent with applicable law.

10. International transfers

We may process and store information in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland.

11. Children

The Service is not directed to children. We do not knowingly collect personal information from anyone under 16 (or the age required in your jurisdiction). If you believe we have collected such information, contact us and we will take appropriate steps to delete it.

12. Changes

We may update this policy from time to time. We will post the updated version on this page and revise the "Last updated" date. If changes are material, we will provide additional notice as required by law.

13. Contact

Questions about this Privacy Policy: please reach out through Support.