Privacy Policy

1. Overview

JobApply ("we", "us") is committed to protecting your privacy in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). This policy explains how we collect, use, store, and protect your personal information.

2. Information We Collect

Information you provide:

• Account data: name, email address, password
• Profile data: phone number, address, employment history, education, skills, certifications
• Documents: resumes, CVs, cover letters you upload or generate
• Career facts and anecdotes: personal stories and verified career details
• Site credentials: login details for job application sites (encrypted at rest)
• Application data: jobs you track, application statuses, notes

Information collected automatically:

• Usage data: features used, timestamps, IP addresses
• Device data: browser type, timezone
• Screenshots: captured during auto-apply for your review (not shared)

3. How We Use Your Information

• To provide the Service: filling job applications, generating documents, tracking applications
• To improve the Service: analyzing usage patterns (aggregated, not individual)
• To communicate with you: account notifications, service updates
• To process payments: via Stripe (we do not store credit card details)

4. AI Processing

We use third-party AI services to power document generation, form analysis, and auto-apply features. Your profile data, resume content, and job information are sent to our AI provider's API for processing. Their data retention and usage policies apply to data processed through their API. We do not use your data to train AI models.

5. Third-Party Services

• AI Provider: AI processing for document generation and form filling
• Stripe: Payment processing — Privacy Policy
• Job application sites: When you use auto-apply, your information is submitted to third-party job sites per your instructions

6. Data Storage and Security

• Data is stored on servers in Canada/US
• Site credentials are encrypted at rest using Fernet symmetric encryption
• We use HTTPS for all data transmission
• Access to production data is restricted to authorized personnel

7. Data Retention

• Account data: retained while your account is active, deleted within 30 days of account deletion
• Application screenshots: retained for 90 days, then automatically deleted
• Usage records: retained for 12 months for billing and analytics

8. Your Rights (PIPEDA)

Under PIPEDA, you have the right to:

• Access: Request a copy of all personal data we hold about you — Export My Data
• Correction: Request correction of inaccurate data via your profile settings
• Deletion: Request deletion of your account and all associated data — Delete My Data
• Withdrawal of consent: Withdraw consent for marketing communications at any time

9. Marketing Communications (CASL)

In compliance with Canada's Anti-Spam Legislation (CASL), we will only send marketing emails if you have explicitly opted in. Transactional emails (account confirmations, password resets, billing notifications) are exempt from CASL. You can opt out of marketing emails at any time.

10. Cookies

We use essential cookies for authentication and session management. We use a timezone detection cookie for localization. We do not use third-party tracking cookies or advertising cookies.

11. Changes to This Policy

We will notify you of material changes via email. The "Last updated" date at the top indicates the most recent revision.

12. Contact the Privacy Officer

For privacy inquiries or to exercise your PIPEDA rights:
Email: [email protected]
Mail: [Your Business Address], Canada