Privacy Policy
Effective date: March 17, 2026
1. Who We Are
Job Tools operates the website www.jobtools.io and provides AI-assisted career tools including resume building, ATS analysis, cover letter generation, interview preparation, and job search. This Privacy Policy explains what personal data we collect when you use the Service, how we use it, who we share it with, and what rights you have.
For privacy enquiries, contact us at support@jobtools.io.
2. Data We Collect
Account data — collected when you register:
- Email address (required)
- First name and last name (optional)
- Hashed password — we never store your password in plain text
- If you sign in via Google or GitHub OAuth, we receive only the name and email address that your provider shares with us; we do not receive your Google or GitHub password
Professional and resume data — created or uploaded by you:
- Resume files you upload (stored via Cloudinary)
- Resume content you enter or edit: work experience, education history, skills, certifications, projects, awards, volunteer work, contact details (phone, LinkedIn, GitHub, portfolio URLs)
- Cover letters you generate or write
- Job applications you record in the tracker (company name, role, status, notes)
- Job descriptions you paste in for ATS analysis or tailoring
Usage data — collected automatically:
- AI credits used per feature and per session
- Features accessed and frequency of use (anonymised for analytics)
- Server log data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps
Billing data — when you subscribe to Pro:
- Subscription plan and status
- Stripe Customer ID (a reference token, not your card details)
- We do not store your card number, expiry date, or CVV — these are handled entirely by Stripe
3. How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Create and manage your account | Email, name, hashed password | Contract (providing the Service) |
| Generate AI-assisted content | Resume content and job descriptions you submit | Contract |
| Store and retrieve your resumes and letters | All resume and cover letter data | Contract |
| Process payments and manage subscriptions | Email, Stripe Customer ID | Contract; legal obligation |
| Send transactional emails (verification, password reset, billing) | Email address, name | Contract; legal obligation |
| Analytics — understand feature usage and improve the Service | Anonymised usage data, page views | Legitimate interest |
| Error monitoring and debugging | Request metadata, error stack traces (no resume content) | Legitimate interest |
| Security, fraud prevention, and abuse detection | IP address, log data, account activity | Legitimate interest; legal obligation |
We do not sell your personal data. We do not use your resume content or personal data to train AI models. We do not send marketing emails unless you have explicitly opted in.
4. Data Processors (Third Parties We Share Data With)
We share data with the following service providers only to the extent necessary to operate the Service. Each is contractually bound to process data only on our instructions and to maintain appropriate technical and organisational security measures.
| Provider | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| OpenAI (USA) | AI content generation | Resume text and job descriptions you submit for AI processing | openai.com |
| Stripe (USA) | Payment processing | Email address, subscription details | stripe.com |
| Cloudinary (USA) | Resume file storage | Resume files you upload | cloudinary.com |
| SendGrid / Twilio (USA) | Transactional email delivery | Email address, email content (verification, password reset, billing) | twilio.com |
| Google Analytics (USA) | Usage analytics | Anonymised page-view and event data via browser cookies | google.com |
| Sentry (USA) | Error monitoring | Request metadata and error stack traces (no resume content) | sentry.io |
| Google OAuth (USA) | Social sign-in (optional) | Name and email from your Google account, only if you choose Google login | google.com |
| GitHub OAuth (USA) | Social sign-in (optional) | Name and email from your GitHub account, only if you choose GitHub login | github.com |
| Adzuna (UK/USA) | Job listing search | Search query keywords only (no personal identifiers) | adzuna.com |
| Neon / Koyeb / Upstash | Database, hosting, and caching infrastructure | All data stored in the Service, processed on our behalf under data processing agreements | Infrastructure providers |
5. Data Retention
- Active accounts: we retain your account data and resume content for as long as your account exists.
- Deleted accounts: when you delete your account, your personal data and resume files are permanently deleted within 30 days. Anonymised usage data (e.g. aggregate feature counts) may be retained indefinitely.
- Billing records: may be retained for up to 7 years to satisfy financial and tax regulations.
- Server logs: retained for up to 90 days for security and debugging purposes.
6. Cookies and Local Storage
We use a small number of cookies and browser local storage items strictly for authentication and analytics. See our Cookie Policy for full details including specific names, purposes, and durations.
7. Your Rights
Depending on where you are located, you may have some or all of the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Correction: update inaccurate or incomplete data — most account data can be updated directly in Settings.
- Deletion: delete your account and all associated personal data via Settings → Account, or by emailing us.
- Data portability: export your resume content in a standard format.
- Objection: object to processing based on legitimate interest (e.g. analytics).
- Restriction: request that we restrict processing of your data in certain circumstances.
- Withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any right, email support@jobtools.io with “Privacy Request” in the subject line. We will respond within 30 days. We will not discriminate against you for exercising any privacy right.
8. Security
We protect your data using industry-standard measures:
- All data in transit is encrypted using TLS (HTTPS).
- Passwords are hashed using bcrypt with a cost factor of 12 — they are never stored in plain text.
- Authentication tokens are signed JWTs stored in browser local storage, not accessible to other websites.
- Access to production systems is restricted to authorised personnel only.
- We use Sentry for real-time error monitoring to detect and respond to issues promptly.
No method of internet transmission is 100% secure. If you discover a security vulnerability, please report it responsibly to support@jobtools.io.
9. Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.
10. International Data Transfers
Job Tools uses service providers based in the United States (OpenAI, Stripe, Cloudinary, SendGrid, Google, GitHub, Sentry). By using the Service, you acknowledge that your data may be transferred to and processed in the United States and other countries whose data protection laws may differ from those in your country. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for such transfers.
11. Changes to This Policy
We will notify you of material changes to this Privacy Policy by email to your registered address and/or by a notice within the Service at least 14 days before the changes take effect. The effective date at the top of this page reflects the date of the most recent revision.
12. Contact
For any privacy question or to exercise your rights, email support@jobtools.io with “Privacy Request” in the subject line. We aim to respond within 30 days.