Who we are
jobfinder-ai ("we", "us") operates the website at jobfinder-ai.com and the application at app.jobfinder-ai.com. For any privacy question or request, email hello@jobfinder-ai.com.
What we collect
- Account data. Your email address and name, verified through Google sign-in or through your email provider when you connect via SMTP.
- Career corpus. The resume text you paste, your answers to our AI interview questions, and the job-search targets you set (roles, compensation floor, locations, and similar preferences). This is the substance of the product: it is used to match you to jobs and to draft your outreach.
- Sending credentials. If you connect Gmail, the OAuth tokens Google issues us. If you connect via SMTP, your SMTP host, port, username, and app password. Both are encrypted at rest with AES-256-GCM and are used for nothing except sending the emails you approve and detecting replies to them.
- Outreach activity. The emails drafted and sent on your behalf, their delivery status, and whether they received a reply, so your dashboard can show you what is working.
- Payment records. Payments are processed by Dodo Payments. We store the transaction reference, amount, and the credits it granted. We never see or store your card details.
- Session cookie. A single signed, httpOnly cookie that keeps you logged in. We do not use advertising trackers or sell data to ad networks.
How we use your Google data
When you connect Gmail, we request permission to send email and to read mail metadata. Here is the complete list of what we do with those permissions:
- Send: we send the outreach emails and follow-ups that you have approved, from your address, at the schedule shown in your dashboard. Your first batch always requires manual approval.
- Read: we check threads that we started, to detect whether a contact replied or an email bounced. We do not read, index, or store the rest of your mailbox.
jobfinder-ai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In plain terms: Google user data is used only to provide the features described above, is never used for advertising, is never sold, and is never read by humans except with your explicit permission, for security purposes, or where required by law. You can revoke our access at any time from your Google account permissions page.
AI processing
Matching and drafting are done by large language models. Your resume text, interview answers, and the public job description are sent to our LLM provider (currently DeepSeek) to score fit and draft your emails. We send only what the feature needs, and we do not permit our providers to use your data for training their models under our agreements with them.
Where your data lives and who touches it
We use a small set of infrastructure providers (sub-processors):
- Neon — Postgres database (Singapore region)
- OVH — application hosting
- Google — sign-in and Gmail APIs
- DeepSeek — language-model processing for matching and drafting
- Apify — finding public, professional contact information at companies you target
- Dodo Payments — payment processing
- Resend — transactional email from us to you (receipts, notices)
- Vercel — hosting for this marketing site
We do not sell your personal data. We do not share your career corpus with employers, recruiters, or anyone else; it is used solely to act on your behalf.
Retention and deletion
Your data is kept while your account is active. If you start onboarding and never create an account, the unclaimed draft is deleted. To delete your account and everything in it — corpus, credentials, outreach history — email hello@jobfinder-ai.com from your account address and we will complete the deletion within 30 days, except for payment records we are legally required to keep. Revoking Gmail access at Google immediately disables our ability to send or read anything.
Your rights
Wherever you live, we honor requests to access, correct, export, or delete your personal data — email us and we will handle it. If you are in a jurisdiction with a supervisory authority (for example the EU/EEA or UK), you also have the right to lodge a complaint with it.
Security
Credentials and tokens are encrypted at rest (AES-256-GCM), traffic is encrypted in transit (TLS), sessions are signed httpOnly cookies, and sending is rate-limited per account to protect your inbox reputation. No system is perfectly secure; if a breach affects your data we will notify you without undue delay.
Children
jobfinder-ai is a job-search tool for working professionals and is not directed at children under 16. We do not knowingly collect their data.
Changes
If we change this policy in a way that matters, we will update this page and the date above, and for significant changes we will email you. Continued use after a change means you accept it.