Skip to main content

Privacy Policy

Last updated: February 12, 2026

JobJolt ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website and services (the "Service").

Because our Service handles resumes, career profiles, and other personally identifiable information (PII), we take data protection especially seriously.

1. Information We Collect

1.1 Information You Provide

  • Account data: name, email address, and password when you register.
  • Profile & career data: professional title, work experience, education, skills, certifications, projects, publications, references, phone number, location, and URLs (LinkedIn, GitHub, portfolio).
  • Uploaded documents: resumes, cover letters, and other career documents you upload for processing.
  • Job data: job descriptions and URLs you provide for matching and analysis.
  • Payment data: processed securely by our third-party payment processor (Stripe). We do not store your full credit card number.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, timestamps, and interaction patterns.
  • Device data: browser type, operating system, screen resolution, and language preferences.
  • Cookies: essential cookies for authentication, and optional analytics cookies (see Section 7).

1.3 Information From Third Parties

  • OAuth providers: if you sign in via Google or LinkedIn, we receive your name, email, and profile photo as permitted by the provider.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service.
  • Generate tailored resumes, cover letters, and job fit analyses using AI models.
  • Authenticate your identity and secure your account.
  • Send transactional emails (verification, password resets, follow-up emails you request).
  • Process payments and manage subscriptions.
  • Monitor and prevent abuse, fraud, and security threats.
  • Comply with legal obligations.

We do not sell your personal data. We do not use your resumes or career data to train AI models.

3. AI Processing

Our Service uses OpenAI to generate career content. When processing your data through this service:

  • Only the minimum data necessary is sent to the AI provider for the specific task you requested.
  • Data sent to AI providers is processed according to their respective privacy policies and data processing agreements.
  • AI providers are contractually prohibited from using your data to train their models (via API terms).

4. Data Storage & Security

  • Your data is stored on secure cloud infrastructure with encryption at rest and in transit.
  • Passwords are hashed using bcrypt and never stored in plaintext.
  • Access to production systems is restricted to authorized personnel.
  • We conduct regular security reviews and keep dependencies updated.
  • Uploaded files are stored in encrypted cloud storage (AWS S3) with access controls.

5. Data Sharing

We share your data only with:

  • Service providers: cloud hosting (Railway, Vercel, AWS), email delivery (Resend), payment processing (Stripe), and AI providers (currently OpenAI) — each bound by data processing agreements.
  • Legal requirements: if required by law, court order, or governmental request.

We do not share your data with advertisers or data brokers.

6. Your Rights (GDPR & Global Privacy)

You have the right to:

  • Access: request a copy of all personal data we hold about you.
  • Rectification: correct inaccurate data via your profile settings.
  • Erasure: request deletion of your account and all associated data.
  • Data portability: export your data in a machine-readable format (JSON).
  • Restriction: request that we limit processing of your data.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: withdraw consent for optional processing at any time.

To exercise these rights, go to Settings > Privacy in your account, or email us at privacy@jobjolt.xyz. We will respond within 30 days.

7. Cookies

We use the following types of cookies:

  • Essential cookies: required for authentication and core functionality. These cannot be disabled.
  • Analytics cookies: help us understand usage patterns and improve the Service. You can opt out via the cookie consent banner.

We do not use advertising or tracking cookies. See our cookie consent banner for controls.

8. Data Retention

  • Active accounts: data is retained for as long as your account is active.
  • Deleted accounts: upon account deletion, all personal data is permanently erased within 30 days. Backups containing your data are purged within 90 days.
  • Inactive accounts: accounts inactive for 24 months may be scheduled for deletion after notification.
  • Legal holds: data required for legal compliance may be retained longer as required by law.

9. International Data Transfers

Your data may be processed in countries outside your own (including the United States). We ensure appropriate safeguards are in place, including standard contractual clauses where required.

10. Children's Privacy

The Service is not intended for users under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the Service. Continued use after the effective date constitutes acceptance.

12. Contact Us

For privacy-related questions or to exercise your data rights, contact us at: