Privacy

Privacy policy

Updated May 29, 2026 · new version effective June 28, 2026.

Get JobeezySee it work

Last updated: May 29, 2026. This version takes effect: June 28, 2026 (the prior version dated May 13, 2026 remains in effect until then).

Notice of changes (posted May 29, 2026). We updated this Statement to more accurately describe our service providers and AI subprocessors — our primary AI is Google Cloud Vertex AI (Gemini), with Anthropic as a fallback, and we have added the job-data and analytics providers we actually use (Apify, Browserbase, and Microsoft Clarity) and removed providers we do not use — and to align our data-retention and account-deletion timelines with how the Services operate (account data is deleted within 30 days of your request). Consistent with our commitment to give advance notice of material changes, these updates take effect on June 28, 2026. The prior version remains in effect until then. A summary of changes is available on request at privacy@jobeezy.com.

This Privacy Statement (the “Statement”) explains what personal data Jobeezy, Inc. (“Jobeezy,” “we,” “us,” or “our”) collects, how we use it, who we share it with, how long we keep it, the choices you have, and how to contact us. It applies to the Jobeezy mobile applications for Android and iOS, the websites at jobeezy.com and app.jobeezy.com, and any related services that link to this Statement (collectively, the “Services”).

We have written this Statement plainly so that you can understand exactly what we do with your data. If you live in California, the European Economic Area (EEA), the United Kingdom, Brazil, or another region with specific privacy rights, the “Regional disclosures” section at the end describes additional rights you have.

1. At-a-glance summary

  • What we collect: account info you give us (email, password hash, optional name); resume content and work history; the jobs you save, dismiss, or apply to; messages you send our support team; device, log, and crash diagnostics; and basic product analytics.
  • What we don’t collect: your contacts, your precise location, your microphone or camera content, your financial accounts, or your biometric data.
  • How we use it: to run the Services, match you to relevant jobs, tailor and submit applications you authorize, secure your account, prevent fraud, and improve the product.
  • Who we share it with: infrastructure providers (e.g., Google Cloud, Firebase), AI providers under zero-retention contracts (Google [Vertex AI / Gemini] and Anthropic), payment / subscription processors (RevenueCat, Apple, Google Play), employer hiring systems you authorize us to apply through, and authorities when legally required.
  • We do not sell your personal data as the term “sell” is defined under the California Consumer Privacy Act (CCPA / CPRA), and we do not use your resume or applications to train third-party AI models.
  • You can see, export, correct, and permanently delete your data from inside the app (Settings → Privacy) or by emailing privacy@jobeezy.com.

2. Who is responsible for your data

Jobeezy, Inc. is the data controller for personal data processed under this Statement. We are a Delaware corporation with operations in Austin, Texas. Where the term “controller” does not apply (for example, in some U.S. states), we are the “business” with respect to your personal information.

3. Personal data we collect

We collect only the data we need to run the Services. The categories we collect are:

  • Account and identity data. Email address, password (stored as a salted hash, never in plaintext), optional display name and profile photo, the Apple ID or Google ID you choose to sign in with, and a per-installation device identifier.
  • Career and resume data. Resume content (PDF and text extracted from it), work history, education, skills, certifications, work-authorization status, accommodation preferences, fair-chance status (only if you choose to share it), salary expectations, location radius, and the job titles you target.
  • Application activity. The jobs you view, save, dismiss, mark as “not interested,” or authorize us to apply to; the tailored resume and cover letter we generated for each application; the status of each submission; messages you exchange with our outreach features; and the screening or EEO questions you choose to pre-answer.
  • Communications. Emails, in-app chats, support tickets, and survey or feedback responses you send us.
  • Payments and subscription state. We do not see, store, or transmit your full payment card number. Apple, Google Play, and our subscription processor (RevenueCat) handle billing. We do receive the subscription state (active, trial, paused, cancelled), the product purchased, renewal/expiration timestamps, and an opaque store-side transaction identifier.
  • Device and log data. IP address, mobile OS and version, app version, device model, language and locale, time-zone, push notification token (only if you opt in to push), crash and error stack traces, and basic event logs (e.g., “app_open,” “job_viewed”).
  • Product analytics. Aggregated and pseudonymized usage metrics (screen views, feature engagement, conversion funnels). We use these to fix bugs and prioritize work; we do not link them to your identity outside of Jobeezy.
  • Marketing data (only if you opt in). Newsletter subscribers’ email addresses; UTM parameters of the link you clicked to arrive on our marketing site.

We do not intentionally collect: precise geolocation, contact list, photos or videos other than the resume PDF you upload, audio recordings, biometric identifiers, government-issued ID numbers (SSN, driver’s license, passport), full credit card numbers, or any data we don’t need to operate the Services.

4. Sources of personal data

We collect personal data from these sources:

  • You. Most personal data comes directly from you (account, resume, preferences, content you generate using the app).
  • Your device. Diagnostic, device, and log data is collected automatically when you use the Services.
  • Apple and Google. If you sign in with Apple or Google, those services share the basic profile attributes you authorized (email, name, an opaque user identifier).
  • Subscription processor. RevenueCat, Apple, and Google Play send us your subscription state and store-side identifiers so we can grant access to paid features.
  • Job-board partners and public job postings. Job content (titles, descriptions, employer information, application URLs) is sourced from public job boards, employer career pages, and licensed job-board APIs. This is information about the employer, not about you.

5. How we use personal data

We use personal data for these purposes:

  • Provide the Services. Authenticate you, store your resume securely, surface relevant jobs, generate tailored resumes and cover letters that you can review before submission, submit applications on your behalf when you authorize us to, and notify you about new matches and application status.
  • Personalize matches. Compute a fit score for each job based on your resume and preferences and rank your feed accordingly.
  • Subscription management. Determine whether you are on the free or Plus tier, enforce monthly or daily quotas, and grant trial / paid access.
  • Customer support. Investigate and resolve issues you report.
  • Security, abuse prevention, and fraud detection. Detect credential stuffing, scraping, abuse of free quotas, fraudulent payments, and impersonation. Maintain access logs and audit trails.
  • Compliance. Comply with applicable law, respond to lawful legal process, and enforce our Terms of Service.
  • Service improvement. Diagnose bugs and crashes; A/B test changes to onboarding, matching, and other surfaces; aggregate data to understand outcomes (e.g., “applications that mentioned X had Y% higher reply rate”).
  • Communications. Send transactional emails and in-app notifications (account, security, application status), and — only if you opt in — product updates and tips.

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and the UK GDPR require us to identify a legal basis for each processing activity. The bases we rely on are:

  • Performance of a contract — for account creation, delivering the Services, processing subscriptions, and submitting applications you instruct us to send.
  • Legitimate interests — for product analytics that improve the Services (in a way you would reasonably expect), security and fraud prevention, debugging, and aggregate research. We weigh our interests against your rights and choose the least intrusive option that achieves the purpose.
  • Consent — for non-essential cookies, marketing emails, and any optional sensitive disclosures you choose to make (e.g., fair-chance status, disability accommodations). You may withdraw consent at any time.
  • Legal obligation — for compliance with tax, accounting, and lawful requests from competent authorities.

7. When we share personal data

We share personal data only as described below.

  • With our service providers (sub-processors) who run the Services on our behalf, under written contracts that require them to protect your data and to use it only for the purposes we direct. A current list is in Section 8.
  • With employers and Applicant Tracking Systems (ATS), when you authorize Jobeezy to submit an application on your behalf. The data sent to the ATS includes the resume and cover letter we prepared with you, the screening answers you pre-approved, and any required EEO questions you elected to answer.
  • With payment and subscription processors. Apple, Google Play, and RevenueCat receive the data necessary to process and reconcile your purchase.
  • For legal reasons. If we receive a valid subpoena, court order, or other lawful request, we may disclose data to the requesting authority. We resist over-broad or non-specific requests and notify you when we are legally allowed to do so.
  • To protect rights and safety. If we have a good-faith belief that disclosure is necessary to prevent fraud, security incidents, or imminent harm.
  • In a corporate transaction. If Jobeezy is involved in a merger, acquisition, or sale of substantially all of its assets, personal data may be transferred subject to standard confidentiality and continued protection.

We do not sell personal data, we do not “share” personal data for cross-context behavioral advertising (as defined under California law), and we do not use your resume content to train any third party’s AI model.

8. Sub-processors and AI providers

The current list of sub-processors we use is below. We may add or change sub-processors from time to time; material changes will be reflected in our changelog.

Sub-processorPurposeLocation
Google Cloud PlatformCompute (Cloud Run), storage (Cloud Storage), messaging (Pub/Sub), scheduling, logging, and WAF/DDoS protection (Cloud Armor)United States (us-central1)
Google FirebaseAuthentication, Firestore database, push notifications (FCM)United States
Google Cloud Vertex AI (Gemini)Primary AI / LLM for resume tailoring, application drafting, fit scoring, and interview prep (processed under Google Cloud enterprise terms; not used to train Google’s foundation models)United States
AnthropicFallback AI / LLM for the same features when the primary model is unavailable (zero-retention contract)United States
ApifyIngestion of publicly available job postings (no user personal data)European Union / United States
BrowserbaseManaged, isolated cloud browser sessions used to submit applications you authorizeUnited States
RevenueCatSubscription receipt validation and entitlement stateUnited States
Apple, Google PlayPayment processing for in-app subscriptionsUnited States / global
ResendTransactional email delivery (account, security, application status, data exports)United States
SentryError and crash diagnostics (PII-scrubbed)United States
PostHogProduct analytics (pseudonymized)United States
Google Analytics 4Marketing-site analytics with IP anonymizationUnited States
Microsoft ClarityMarketing-site usage analytics with automatic masking of personal dataUnited States

Our AI providers (Google and Anthropic) are bound by zero-retention agreements: prompts and completions are not retained beyond the time needed to serve your request, and your data is never used to train their models. Sensitive equal-employment and demographic responses you may provide are stored separately and are not included in prompts sent to any AI model.

9. AI features and automated decision-making

Several Jobeezy features use AI to draft text on your behalf:

  • Resume tailoring. We rewrite passages of your resume to better match a target job description. You review each change before it is sent.
  • Cover-letter generation. We draft a cover letter you can edit and approve.
  • Interview prep. We generate likely interview questions and example answers for the role you selected.
  • Fit scoring. A numerical score (0–100) summarizes how well your profile matches a job.

You always review and approve the application content before it is submitted to an employer. No employment decision is made solely by automated means without human review, and the fit score does not, by itself, exclude any job from your feed below the configured threshold without your consent. If you would like to opt out of AI-generated drafts entirely, you can disable AI features in Settings → Personalization → AI drafts and continue to apply manually.

10. How long we keep personal data

We retain personal data only as long as we need it for the purposes described in this Statement.

  • Account data: while your account is open, plus up to 30 days after you request deletion (to allow recovery and complete a verified, multi-step erasure), then permanently deleted from production systems. Encrypted backups age out on their normal rotation thereafter.
  • Resume and application data: while your account is open. Deleted on request (Settings → Privacy → Delete account) or at account closure.
  • Subscription transaction records: 7 years (required for tax / accounting).
  • Logs and security events: 30 days for operational logs; 13 months for security audit trails.
  • Support tickets: 24 months after resolution.
  • Aggregated, de-identified analytics: kept indefinitely; cannot be re-identified.

11. Security

We follow industry-standard practices to protect personal data: encryption in transit (TLS 1.2+), encryption at rest (AES-256 on Google Cloud Storage and Firestore), Google-managed key rotation, the principle of least privilege for engineer access, mandatory two-factor authentication for staff accounts, signed audit logs, periodic vulnerability scanning, dependency security review, and a documented incident-response process. We will notify affected users without undue delay if a security incident materially affects their data, consistent with applicable law (typically within 72 hours for EEA / UK users).

No service can be 100% secure. If you believe your account has been compromised, contact us immediately at security@jobeezy.com.

12. International data transfers

Jobeezy processes personal data in the United States. If you are outside the United States, your data will be transferred to and processed in the United States. For EEA, UK, and Swiss users, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum where required. Where additional safeguards are needed, we implement them (for example, supplementary technical and organizational measures recommended by the European Data Protection Board).

13. Children

The Services are intended for users 16 years of age and older (18+ in some jurisdictions). We do not knowingly collect personal data from children under 13 in the United States or under 16 in the EEA/UK. If you believe a child has provided us with personal data, contact privacy@jobeezy.com and we will delete it.

14. Cookies and similar technologies

The marketing site (jobeezy.com) uses a small number of cookies and similar technologies for security, performance, and analytics. The mobile applications do not use browser cookies. Details are in the Cookie Policy. Where required by law (EEA / UK / Brazil), we ask for consent for non-essential cookies before they are set.

15. Advertising and analytics

We do not run advertising-tracking pixels on the Services. We do not allow third parties to drop advertising cookies. We do use first-party analytics (PostHog) and Google Analytics 4 with IP anonymization on the marketing site to understand which pages and CTAs work. We honor the Global Privacy Control (GPC) signal and treat it as an opt-out of any sharing for cross-context behavioral advertising.

16. Your privacy rights

Depending on your location, you have some or all of the following rights regarding your personal data:

  • Right to access — obtain a copy of the data we hold about you.
  • Right to correct — ask us to fix inaccurate or incomplete data.
  • Right to delete — ask us to delete your data, subject to legal-retention exceptions.
  • Right to portability — receive your data in a structured, machine-readable format (we provide JSON).
  • Right to object or restrict — object to or limit processing in some cases.
  • Right to withdraw consent — for processing that relies on consent, without affecting the lawfulness of prior processing.
  • Right not to be subject to solely automated decisions with legal or similarly significant effects.
  • Right to lodge a complaint with a supervisory authority (e.g., your local Data Protection Authority in the EEA / UK; the California Privacy Protection Agency).
  • Right to opt out of “sale” and “sharing” as defined under California law — we do not engage in either, but we still honor this opt-out.

17. How to exercise your rights

The fastest way to access, export, correct, or delete your data is inside the app: Settings → Privacy. You can also email us at privacy@jobeezy.com with the subject line “Data Subject Request.” We respond within 30 days (45 days for complex requests) and will not charge a fee unless your request is manifestly unfounded or excessive. We will verify your identity before fulfilling the request (typically by confirming control of the email on file).

If you use an authorized agent, we will ask for proof of the agent’s authority before responding.

18. Regional disclosures

18.1 California (CCPA / CPRA)

The CCPA/CPRA categories of personal information we collect map to those listed in Section 3. The business and commercial purposes for each are listed in Section 5. We disclose personal information to the sub-processors listed in Section 8. We do not sell or “share” personal information for cross-context behavioral advertising, and we do not knowingly sell or share the personal information of consumers under 16. California residents may exercise their rights at any time by following Section 17; you have a right to non-discrimination for exercising your rights. The CCPA notice at collection is incorporated by reference into Sections 35.

18.2 Other U.S. state privacy laws

If you reside in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Florida, Delaware, Iowa, Tennessee, Indiana, or another U.S. state with a comprehensive consumer privacy law, you have rights substantially similar to those described in Section 16. We honor those rights through the same channels (Section 17). If we ever decline a request, you have a right to appeal by replying to our response email.

18.3 European Economic Area, United Kingdom, and Switzerland

The data controller is Jobeezy, Inc., 800 Brazos St., Austin, TX 78701, USA, contactable at privacy@jobeezy.com. We do not currently have an EU/UK representative under Article 27 GDPR because we are below the relevant thresholds; if that changes we will publish the representative’s contact details here. The lead supervisory authority for any complaint can be found in your country’s data-protection portal.

18.4 Brazil (LGPD)

Jobeezy acts as the controller (“controlador”) under Brazil’s Lei Geral de Proteção de Dados. The legal bases we rely on are the bases listed in Section 6, which map to the LGPD’s “hipóteses legais.” The Data Protection Officer for LGPD purposes can be reached at privacy@jobeezy.com.

19. Changes to this Statement

If we make material changes, we will notify you at least 30 days before they take effect through an in-app banner, an email, and an entry in our changelog. Non-material changes (such as clarifications) may be made at any time and are reflected in the “Last updated” date at the top of this page.

20. How to contact us

Privacy questions, data-subject requests, and complaints: privacy@jobeezy.com
Security disclosures: security@jobeezy.com
Legal: legal@jobeezy.com
Postal: Jobeezy, Inc., 800 Brazos St., Suite 400, Austin, TX 78701, USA.