🦞 Job Lobster

Privacy Policy

Last updated: 2026-04-20

Draft — not yet lawyer-reviewed. This policy accurately describes the current technical behavior of Job Lobster, but the legal language (jurisdiction, lawful basis, data-controller relationships, retention commitments, user rights) should be reviewed with counsel before public launch. The technical facts below are what the code actually does.

1. What we collect

Data you provide

Email address — used only for the magic-link sign-in and (if you opt in) the daily digest. Never sold, never shared with employers.
Resume file (PDF, DOCX, or TXT) — parsed into structured fields used to ground job scoring and tailoring.
Intake answers — target titles, comp range, location preferences, track (Finance / SWE / PM), and any clarifying answers you provide when preparing a tailored package.
Application history — which jobs you prepared packages for, stage transitions (applied / interviewing / rejected), follow-up notes, outreach threads.

Data we generate about you

Match scores + gap analyses — written to the database so the shortlist is consistent across sessions.
Tailored resumes, cover letters, LinkedIn messages — stored as both text fields and downloadable DOCX / PDF files under your per-user directory.
LLM usage history — timestamped log of each Anthropic call made on your behalf, with model, token counts, and cost. Used for your Billing tab and for per-user budget enforcement.

Data we do NOT collect

We do not track you across other sites. There is no third-party analytics or advertising pixel.
We do not fingerprint your device.
We do not read email from your inbox or submit applications on your behalf.

2. Where your data goes

Storage

All of your data is stored in a single SQLite database plus a filesystem directory on a Fly.io virtual machine operated by the Job Lobster operator. Rows are scoped to your user ID so other users cannot see them. Downloaded DOCX/PDF files live under data/users/<your-id>/applications/.

Third-party processors

Anthropic (Claude API): when you score a job, prepare a package, or run any LLM-driven workflow, the relevant prompt (which includes your profile summary + the job description + any answers you provided) is sent to Anthropic's API. See Anthropic's privacy policy.
Resend: when the operator enables email delivery, sign-in links and daily digests are sent via Resend. Your email address plus the digest / link content passes through Resend. See Resend's privacy policy.
Fly.io: our host. They operate the VM, volume, and edge network. See Fly.io's privacy policy.
Public ATS endpoints (Greenhouse, Ashby, Lever, Workday, SmartRecruiters, Workable, Recruitee, Pinpoint, Teamtailor, SuccessFactors, UltiPro, Gem): we read publicly-posted job listings from these APIs. We do not send them your information. Your data never leaves Job Lobster's infrastructure when we scan jobs.

3. Your rights

Every Job Lobster user can, at any time, without needing to contact us:

Export everything — Setup → 🗂 Your data → "⬇ Export my data (JSON)". You get a single JSON file with every row we have about you: applications, outreach, coaching rows, LLM usage history, your profile, and a manifest of your artifact files.
Delete everything — same drawer → "Delete my data…". Removes every per-user row plus your profile file, resume file, and application DOCX directory. Irreversible.
Delete your account — "Delete account + data…". In addition to the above, removes the user record and any live sessions. You are logged out immediately.
Sign out — from the sidebar.

The delete operations are real deletes, not soft-deletes. Your data does not sit in a "trash" waiting for a retention window — it is removed from the database and file system when you click.

Jurisdiction-specific rights to enumerate: GDPR (if EU users), CCPA (if California users), PIPEDA (if Canadian users). Each has specific language about access, portability, rectification, deletion, automated-decision-making, and data-portability that should be called out explicitly once the user base and operator jurisdiction are defined.

4. Data retention

Data you provide is retained as long as your account is active. When you delete your account, we remove it from our primary store within seconds. Backups and Fly.io's infrastructure redundancy may retain fragments for up to 30 days before full erasure.

LLM provider retention (Anthropic, Resend) is governed by each provider's policy. We do not have control over their internal retention windows.

5. Security

Sessions use a 32-byte random token; only the SHA-256 hash of the token lives in our database.
Cookies are set HttpOnly; Secure; SameSite=Lax.
All traffic to Job Lobster is TLS (HTTPS) via Fly.io's edge. We do not accept plain HTTP.
Per-user database rows are scoped by user_id — there is no "view as another user" mode.
Per-user file downloads are ownership-checked server-side; guessing another user's application ID returns 404, not the file.

Add if/when applicable: incident response policy, breach notification commitment, SOC 2 status, encryption at rest (Fly volumes are encrypted by default, but worth stating), and any subprocessor list maintenance policy.

6. Children

Job Lobster is a professional tool and not intended for anyone under 16. We do not knowingly collect data from children under that age.

7. Changes

We may update this policy. Material changes will be surfaced in the app. Continued use after a change constitutes acceptance.

8. Contact

Fill in: data-controller name + address, data-protection officer (if required by jurisdiction), and a privacy-specific inbox if you'd like to separate it from general support.

For privacy questions or data requests that the self-serve flows do not cover, contact: adam.o.jurgens@gmail.com.

← Back to Job Lobster · Terms of Service