Privacy Policy

Last Updated: November 1, 2025

This Privacy Policy explains how JOBolar.Ai ("Jobolar", "we", "us") collects, uses, discloses, and protects your information when you use our services.

This document is for informational purposes and does not constitute legal advice. Rights and obligations may differ by jurisdiction (e.g., GDPR, CCPA).

1) Information We Collect

A. Account & Identity

Primary Google Account email address and public profile info (name, profile photo, preferred language) via Google OAuth.
Country/region, time zone, and interface language (derived from device/browser settings).

B. Job Search Profile

Targets (roles, locations—local and abroad, preferred platforms/boards).
Daily send limits, pause/resume state, notification preferences.

C. Content You Provide

Uploaded files (resumes/CVs, certificates - optional).
Application materials generated with JOBolar AI ("Chatty Buddy").

D. Application & Usage Data

Application metadata (timestamp, recipient, subject, job title/company, delivery status).
Device/technical logs (IP, user agent, browser/OS, crash logs) for security and diagnostics.

E. Gmail Integration (Sensitive Scope Use)

The only Gmail credential stored by JOBolar is a securely encrypted refresh token. This token allows sending emails initiated by the user; we do not store your Gmail password and we never read your inbox or access other Gmail data. The token is encrypted at rest and used exclusively for sending user-triggered job-application emails.

F. Non-Collection Notice

We do not collect, read, or access your Gmail inbox, email bodies, subjects, attachments, or any other Gmail message data. We do not ask for or store Gmail passwords.

2) How We Use Your Information

Send job applications via your Gmail with attachments you upload or generate (resume, cover letter, certificates).
Provide job-matching, dashboards, notifications (daily summaries), and status tracking.
Generate or refine resumes and cover letters using Chatty Buddy at your request.
Maintain safety and integrity (fraud prevention, abuse/threat detection, rate limiting).
Improve the Services (quality, reliability, deliverability) using aggregated, de-identified metrics.
Comply with legal obligations and enforce our Terms, including investigating misuse.

Lawful bases (where applicable): performance of a contract, legitimate interests (product security, quality), consent (OAuth, marketing), and applicable legal bases.

3) Google Permissions & OAuth Scopes

We use Google OAuth to connect your Gmail. Requested scopes are limited to what is necessary to perform email-based applications:

openid – verify your identity with Google
email – see your primary Google Account email address, used to identify your account and route notifications
profile – basic public profile (name, photo, preferred language) for personalization
https://www.googleapis.com/auth/gmail.send – send email on your behalf for job applications sent from your Gmail address

We request the minimal scope required and do not request full read access to your inbox contents. The gmail.send scope does not permit reading inbox messages.
You can revoke access anytime in Google Account → Security → Third‑party access at https://myaccount.google.com/permissions.
All actions occur under your explicit consent and are logged for audit.

Gmail Token Handling

We store an encrypted Gmail refresh token on our servers to enable sending emails on your behalf.
The token is encrypted at rest using industry-standard encryption.
Token usage is limited exclusively to sending user-triggered job-application emails.
We do not store your Gmail password at any time.
The token is deleted immediately and permanently when you disconnect Gmail or revoke access via the JOBolar dashboard or Google Account settings.
Retention: tokens are retained only while your Gmail connection is active. Upon revocation or disconnection, the token is deleted instantly.

Limited Use & Google API Compliance

JOBolar's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We do not use Gmail data for advertising purposes.
We do not use Gmail data to train generalized AI models or for any purpose unrelated to providing the job-application service.
We do not permit human access to your Gmail data without your affirmative consent.
Gmail data is used solely to send job-application emails you initiate and approve.

4) Data Storage, Retention & Deletion

We use Firebase (Google Cloud) for hosting and storage. Data is encrypted in transit and at rest. Access is role-restricted.

Retention

Account data: retained while your account is active.
Application metadata & generated docs: retained for your dashboard history unless you delete them.
Backups: limited retention for disaster recovery, then securely purged.

Deletion

Self‑service deletion from dashboard for documents and profile items.
Account closure removes stored data (subject to legal holds). Residual backups are purged on a rolling schedule.
You may also revoke OAuth access at any time from your Google Account.

5) AI Processing (Chatty Buddy)

Creates/updates resumes and generates job‑specific cover letters using your inputs.
Stores outputs under your account to attach to applications and reuse later.
We do not allow external model training on your personal data for unrelated purposes.
AI outputs may require your review for accuracy and compliance with job requirements.

7) Security Measures

Encryption in transit (TLS) and at rest; least‑privilege access controls; audit logging for sensitive actions.
Secrets management and tokenization for OAuth credentials; no storage of Gmail passwords.
Abuse prevention: rate limiting, anomaly detection, and anti‑spam practices to protect deliverability.
Vendor risk management and periodic security reviews of cloud infrastructure.

8) Your Rights

Access, correction, deletion, and portability of your personal data.
Withdraw consent (e.g., revoke Google OAuth) without affecting prior lawful processing.
Object to or restrict processing (subject to applicable law).
Lodge a complaint with a supervisory authority in your jurisdiction.

Contact support@JOBolar.Ai to exercise rights you cannot self‑serve in the dashboard or for assistance.

9) Data Processing Agreements (DPAs) & International Transfers

DPAs are maintained with providers (e.g., Firebase, hosting/CDN, analytics) to ensure GDPR/CCPA accountability.
International transfers use appropriate safeguards (e.g., SCCs/IDTA, encryption) where required by law.

11) Limitation of Liability

We are not liable for losses due to user negligence (e.g., insecure devices, shared credentials).
No liability for service interruptions or third‑party outages beyond our reasonable control.
No warranty on AI output accuracy, completeness, or suitability; users should review before sending.
To the extent permitted by law, our aggregate liability is limited to fees paid (if any) for the Services.

12) Governing Law, Regional Rights & Dispute Resolution

We honor regional privacy rights. Depending on your residence, you may have additional rights under GDPR (EU/UK), CCPA/CPRA (California), LGPD (Brazil), or other local laws.

Governing law: determined by the operating jurisdiction of JOBolar.Ai unless local law requires otherwise.
Disputes: where permissible, resolved via mediation or binding arbitration before court proceedings.
Venue & jurisdiction: exclusive venue consistent with applicable law; users consent to such jurisdiction.

Contact support@JOBolar.Ai with rights requests or dispute inquiries.

16) Contact

Questions about this Privacy Policy or your data? Contact us at:

Email: support@JOBolar.Ai
Physical Address:
330 2nd Ave S 200 1319
Minneapolis, MN 55401
USA