Privacy Policy

Last Updated: October 2, 2025

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (for login and communication)
• Password (encrypted and securely stored)
• Account creation date and last login time

1.2 Profile Information

To provide job matching services, you provide:

• Skills: Programming languages, tools, frameworks, certifications
• Experience: Years of experience, industries, roles
• Preferences: Work arrangement (remote/hybrid/office), visa requirements, salary expectations, company size, management style
• Resume/CV: Uploaded PDF files for document generation
• Location: City, country, timezone (for geographic matching)

1.3 Usage Data

We automatically collect:

• Job searches performed (LinkedIn URLs you analyze)
• Job analysis results (match scores, reasoning)
• Generated documents (resumes, cover letters)
• Credit usage and purchase history
• Page views, clicks, and feature usage (via Google Analytics and Microsoft Clarity)

1.4 Payment Information

Payment processing is handled by Stripe. We do NOT store your credit card details. Stripe collects payment information in compliance with PCI-DSS standards. We only receive:

• Transaction confirmation (successful/failed)
• Last 4 digits of card (for your reference)
• Payment amount and date

2. How We Use Your Information

2.1 Core Service Delivery

• Job Matching: Analyze job descriptions against your profile to calculate compatibility scores
• Document Generation: Create ATS-optimized resumes and cover letters tailored to specific jobs
• Preference Filtering: Identify jobs matching your work arrangement, visa, culture, and career preferences

2.2 Service Improvement

• Analyze aggregate usage patterns to improve matching algorithms
• Identify bugs and fix technical issues
• Develop new features based on user behavior

2.3 Communication

• Send service-related emails (password resets, credit notifications, payment confirmations)
• Respond to support inquiries
• Send optional product updates (you can opt out anytime)

2.4 Analytics

• Track page views and feature usage to understand what's working
• Monitor conversion rates to optimize user flows
• Measure performance metrics (page load times, error rates)

3. How We Share Your Information

3.1 We DO NOT Sell Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

3.2 Service Providers

We share data with trusted service providers who help us operate JAO:

• Supabase: Database and authentication (stores profile data, job analyses, documents)
• Stripe: Payment processing (handles credit card transactions)
• Anthropic (Claude AI): AI-powered job analysis and document generation (job descriptions and your profile are sent to Claude API)
• Apify: LinkedIn job scraping (LinkedIn URLs are processed to fetch job data)
• Google Analytics & Microsoft Clarity: Usage analytics and session recordings (anonymized)
• Vercel: Hosting and deployment

All service providers are contractually obligated to protect your data and use it only for providing their specific services to JAO.

3.3 Legal Requirements

We may disclose your information if required by law, such as:

• Responding to court orders, subpoenas, or legal processes
• Protecting our rights, property, or safety
• Investigating fraud or security breaches
• Complying with GDPR, CCPA, or other privacy regulations

4. Data Security

4.1 Encryption

• All data transmitted between your browser and JAO is encrypted using TLS/SSL (HTTPS)
• Passwords are hashed using industry-standard algorithms (bcrypt) and never stored in plain text
• Database connections are encrypted

4.2 Access Controls

• Access to your data is restricted to authorized personnel only
• Authentication is required for all admin operations
• We use row-level security (RLS) in Supabase to isolate user data

4.3 Data Backups

• Regular automated backups are encrypted and stored securely
• Backups are retained for 30 days

5. Your Privacy Rights

5.1 Access Your Data

You can view and download all your data from your Profile page at any time.

5.2 Correct Your Data

Update your profile information, skills, preferences, and resume directly in the app.

5.3 Delete Your Data

You can request account deletion by emailing privacy@job-application-optimizer.com. We will permanently delete:

• Your profile and account information
• All job analyses and generated documents
• Payment history (except as required for tax/legal compliance)

Deletion is processed within 30 days and is irreversible.

5.4 Export Your Data

Request a copy of all your data in machine-readable format (JSON) by emailing privacy@job-application-optimizer.com. We'll provide it within 30 days.

5.5 Opt-Out of Marketing Emails

Click "Unsubscribe" in any marketing email, or email us at unsubscribe@job-application-optimizer.com. You'll still receive service-related emails (password resets, payment confirmations).

6. Cookies and Tracking

6.1 Essential Cookies

We use cookies to keep you logged in and remember your preferences:

• Authentication token: Keeps you logged in between sessions
• Session cookies: Maintain your active session

6.2 Analytics Cookies

We use Google Analytics and Microsoft Clarity to understand how you use JAO:

• Page views and navigation paths
• Feature usage and click patterns
• Session duration and bounce rates
• Anonymous demographic data (browser, device, location at city level)

You can opt out by using browser privacy settings or installing the Google Analytics Opt-out Browser Add-on.

7. Data Retention

• Account data: Retained as long as your account is active
• Job analyses: Stored indefinitely (visible in your dashboard history)
• Generated documents: Stored for 90 days, then automatically deleted
• Payment records: Retained for 7 years (tax/legal compliance)
• Analytics data: Retained for 26 months (Google Analytics default)
• Deleted account data: Permanently removed within 30 days

8. International Data Transfers

JAO is hosted on servers in the United States (via Vercel and Supabase). If you're located outside the US, your data will be transferred to and processed in the US.

We comply with GDPR (EU) and CCPA (California) regulations. By using JAO, you consent to this data transfer.

9. Children's Privacy

JAO is not intended for users under 18 years old. We do not knowingly collect data from children. If you believe we've inadvertently collected data from a minor, contact us immediately at privacy@job-application-optimizer.com, and we'll delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be announced via email.

Continued use of JAO after changes means you accept the updated policy.

11. Contact Us

For privacy-related questions, requests, or concerns:

• Email: privacy@job-application-optimizer.com
• Data Protection Officer: dpo@job-application-optimizer.com
• General inquiries: Contact page

12. Jurisdiction-Specific Rights

12.1 GDPR (European Union)

If you're in the EU, you have additional rights:

• Right to access: Request a copy of your data
• Right to rectification: Correct inaccurate data
• Right to erasure: Delete your data ("right to be forgotten")
• Right to restrict processing: Limit how we use your data
• Right to data portability: Export your data in machine-readable format
• Right to object: Object to data processing for certain purposes
• Right to withdraw consent: Opt out of marketing emails anytime

To exercise these rights, email gdpr@job-application-optimizer.com.

12.2 CCPA (California)

If you're a California resident, you have the right to:

• Know what personal information we collect and how it's used
• Request deletion of your personal information
• Opt out of the sale of personal information (note: we don't sell your data)
• Non-discrimination for exercising your privacy rights

To exercise these rights, email ccpa@job-application-optimizer.com.