Jobeezy
Privacy Policy

Privacy Policy

The live website rendering of the privacy policy the app links to.

Privacy Policy

Effective Date: April 10, 2026

Overview

Jobeezy helps users manage job search activity, upload resumes, tailor application materials, and submit job applications on supported platforms. This policy describes the categories of information the product handles, how that information is used, when that information is shared, and what controls users have.

Information We Collect

Account, security, and profile information

We collect account information such as email address, password hash, profile fields, plan and onboarding state, and account-security information needed to authenticate users and keep accounts secure. If a user enables multi-factor authentication, the repository indicates the service stores a TOTP secret and hashed recovery codes.

Resume, application, and career information

We collect resumes and resume-derived information, including uploaded files, raw resume text, parsed fields, experience details, contact information present in the resume, tailored resume output, generated cover-letter content, and application records tied to those materials.

Job activity and preference information

We collect information about saved jobs, onboarding answers, searches, job interactions, application status history, feed and notification preferences, quota usage records, and other activity used to personalize the product and track progress.

Third-party credential information

If a user chooses to connect supported job-site credentials, the service stores those credentials in encrypted form. The repository indicates these credentials are encrypted with AWS KMS envelope encryption and AES-256-GCM before storage.

Device, session, and network information

We collect information such as device identifiers, push tokens, device and app metadata, IP address, user agent, and session metadata to secure accounts, support notifications, and detect misuse.

Billing, subscription, and quota information

We collect subscription-plan status, store platform, entitlement status, billing-period data, quota usage records, and RevenueCat-related purchase events needed to manage subscriptions and restore purchases. Payment card handling is performed by the relevant app store and billing provider rather than directly by this backend.

Notification, analytics, and operational information

The repository indicates use of push-notification tooling, mobile analytics and messaging SDKs, operational logs, and audit events. These systems may process push-delivery data, notification preferences, and product-usage information needed to operate, secure, and improve the service.

How We Use Information

We use information to:

  • create and secure accounts
  • support password reset, session management, and multi-factor authentication
  • parse and store resumes
  • tailor resumes and related materials for specific jobs
  • answer application screening questions and cache repeated AI work where supported
  • personalize job recommendations and product flows
  • send transactional and account-related notifications
  • respect notification preferences and quiet-hours settings
  • manage billing, quotas, and restore-purchase flows
  • store encrypted user-provided credentials when users choose to connect supported providers
  • submit job applications on supported sites only after required user actions and consent
  • detect abuse, investigate incidents, and maintain service reliability

AI And Automation Disclosures

The service uses AI-assisted resume parsing, tailoring, cover-letter generation, and screening-question support. Generated output can require human review and may not be perfect.

When these features run, the service sends resume text, job-posting text, and related application context — which may include personally identifiable information present in your resume such as your name, contact details, work history, and education — to external large-language-model providers. The current provider set is:

  • OpenAI (GPT-4o-mini, GPT-4o)
  • Anthropic (Claude 3 Haiku)
  • Google (Gemini 1.5 Flash)

Requests are routed through these providers in a cost-optimized fallback order. The exact model used for a given request depends on availability and cost at the time. Data sent to these providers is subject to each provider's own data-handling and retention policies. We do not redact personal details from the text before sending it.

The service also keeps short-lived Redis caches for parsed resume results, tailoring results, and repeated screening-question answers for up to 7 days to reduce duplicate processing.

Algorithmic Job Ranking

Jobeezy uses algorithmic scoring to rank job listings in your personal feed based on signals including your resume content, stated preferences, and in-app behavior. This ranking is a personalization feature designed to help you prioritize your job search. It is not a prediction of employer behavior and does not constitute an employment decision. You can see the signals driving any job's ranking by tapping 'Why this match?' on any job detail screen.

The repository also indicates a separate consent flow for automated job submission. The code records a timestamp for automation consent, treats automation as optional, and enforces that consent before queueing automated applications. The current in-app consent copy for supported automated submit flows says Jobeezy fills supported application forms with tailored resume and profile details and does not sign in to employer accounts in this release. Users can later revoke that consent from the profile automation settings. When consent is revoked, the service clears the consent record, blocks new automated queueing, and cancels queued applications that have not started yet. Automated submission is limited to supported platforms and can fall back to manual completion when unsupported or blocked.

How We Share Information

We may share information with:

  • infrastructure, database, cache, storage, email, and observability providers used to operate the service
  • mobile messaging, analytics, and subscription providers used by the product, including Firebase and RevenueCat according to the current codebase
  • notification-delivery providers used by the service, including server-side notification infrastructure
  • AI providers used for resume or application-material processing, subject to product configuration
  • third-party job sites or applicant-tracking systems when a user asks the service to submit an application on their behalf
  • law enforcement, regulators, or other parties when required by law or needed to protect rights, safety, or the service

Named AI and Observability Data Processors

The following third-party services receive personal data as part of AI-powered features:

  • OpenAI (openai.com) — Resume content and job descriptions are transmitted to OpenAI's API for AI-powered resume tailoring and text generation. OpenAI's API terms prohibit the use of API-submitted data for model training.
  • Anthropic (anthropic.com) — Resume content and job descriptions are transmitted to Anthropic's API as a fallback AI provider for the same purposes. Anthropic's API terms similarly prohibit training use.
  • Helicone (helicone.ai) — All requests to AI providers are routed through Helicone, an AI observability service, for logging, monitoring, and reliability purposes. Resume content transits Helicone's infrastructure as part of this process.

The exact provider set should be reviewed against current production configuration before publication.

Job Aggregation And Web Scraping

To populate the job feed, the service aggregates publicly posted job listings from third-party career sites and job boards using automated web-scraping infrastructure (Crawlee and Playwright running in an ephemeral container). Scraped data includes publicly available job titles, descriptions, locations, salary ranges, and employer names. No user data is transmitted to these sites during scraping. The scraping infrastructure operates independently from the main application backend.

Retention

Repository evidence indicates the following retention behaviors:

  • user-initiated account deletion removes the account and linked records immediately after password confirmation, revokes active sessions, deletes stored resume objects, and deletes RevenueCat event history for that user
  • soft-deleted users are purged after 30 days by the retention worker
  • soft-deleted resumes are purged after 30 days by the retention worker
  • read notifications are purged after 90 days
  • application events are purged after 1 year
  • old revoked-session PII is scrubbed after the deleted-user retention window
  • parsed resume caches, tailoring semantic caches, and repeated screening-question caches are stored for up to 7 days

Other records may be retained as needed for security, billing, audit, or legal compliance. Any final published statement should be reviewed against production policy and legal requirements.

Security

The repository indicates use of password hashing, access controls, structured audit events, session controls, multi-factor authentication, and credential encryption. For supported third-party credentials, the code documents AWS KMS envelope encryption with AES-256-GCM and explicit rules against logging plaintext credentials.

No security measure is perfect, and publication-ready legal language should be reviewed by counsel.

User Controls

Repository evidence indicates users can:

  • update profile information
  • manage active sessions, change password, and use password-reset flows
  • enable or disable multi-factor authentication
  • manage notification preferences
  • connect or disconnect supported third-party credentials
  • grant or revoke automation consent when a supported automated flow asks for it or from the profile automation settings
  • delete stored third-party credentials
  • download a portability export that includes account, application, notification, session, credential-metadata, subscription, usage, and billing-history records stored for the account
  • request account deletion from inside the product
  • restore purchases through store-linked billing flows

Any rights language for specific jurisdictions should be added during legal review.

External Links And Policy Hosting

The mobile app currently points users to external legal URLs defined in code:

  • Terms of Service: https://jobeezy.com/terms
  • Privacy Policy: https://jobeezy.com/privacy

Publishing or updating those hosted pages is an out-of-repo deployment step unless this repository later contains the website source.