Privacy Policy

Effective date: May 28, 2026

Subject to legal review — final version pending.

JobPilot (“we”, “us”) operates the job-search tool at jobpilot.app. This policy explains what we collect, why, and what you can do about it.

What we collect

• Account info: your email and password (the password is hashed by our authentication provider, Supabase, before storage).
• Resume content: when you upload a PDF or paste plain text, we extract the text and store both the file and the extracted text. Text and file are only readable by you and by the JobPilot service backend.
• Application data: the jobs you save, the status of each application, your notes, and AI-generated tailored resumes / cover letters / autofill answers.
• Search behavior: queries you run on the in-app search and the sources we found matches from, so we can show source-level analytics.
• Email digests: if you opt in, we send a weekly summary of top matches. You can unsubscribe at any time via the link in each email.
• Billing: when paid plans launch, Stripe handles your card details — we never see them. We store only billing event metadata (plan, amount, time).

We do notcollect: third-party social profiles, contacts, location beyond what you tell us, or anything from your device’s clipboard.

How we use it

• To run the product — search, tailor resumes, auto-fill applications, send digests.
• To improve the system — anonymous, aggregated analytics on which sources convert best.
• To send transactional email — confirmations, password resets, account-deletion confirmations, weekly digests if you opted in.

We do not sell your data, share it with advertisers, or train third-party machine-learning models on it.

Third parties we send your data to

• Supabase— hosts our database, authentication, and file storage. EU & US regions.
• Anthropic Claude— when you ask us to tailor a resume, auto-fill an application, or classify a job, we send the job description, your relevant profile snippets, and (for tailoring) your resume to Anthropic’s API. Per Anthropic’s API policy, that data is not used to train their models.
• Adzuna, Greenhouse, Lever, Ashby, and other job boards — we send queries you make to those public APIs. They see the query, not your identity.
• Resend — sends our transactional email.
• Stripe — handles billing (once paid plans launch).

Your rights

• Access: download all your data anytime from /profile→ Advanced → Your data → “Export my data”.
• Deletion: request account deletion from /profile→ Advanced → Your data → “Delete account”. We email you a confirmation link valid for 24 hours; clicking it permanently removes everything we have.
• Correction: edit profile fields on /profile at any time.
• Opt-out: turn off the weekly digest on /profile or via the unsubscribe link in any digest email.

If you’re in the EU/UK, you may also contact us to exercise GDPR rights (data portability, right to erasure, right to object). Email privacy@jobpilot.app.

Data retention

• Active accounts: we keep your data as long as the account is active.
• Deleted accounts: removed within 30 days of confirmed deletion (some backups may persist up to 30 additional days before automatic expiration).
• Billing records: retained for 7 years where required by tax law, with personal identifiers minimized.

Security

Resume files are stored in a private bucket; access requires a short-lived signed URL (5 minutes). All data is encrypted in transit. We use industry-standard practices but cannot guarantee absolute security — see our security.txt for vulnerability reporting.

Children

JobPilot is not intended for users under 16. We do not knowingly collect data from children.

Changes

We’ll update this policy as the product evolves. Material changes will be announced by email to active users.

Contact

Questions: privacy@jobpilot.app.