Privacy Policy

Last updated: February 28, 2026

1. Introduction

JobWeave ("we," "us," or "our") operates the jobweave.ai website and the JobWeave application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided via OAuth)
  • Profile picture (if provided via OAuth)
  • Authentication provider identifiers (Google, LinkedIn)

2.2 Gmail Data

If you connect your Gmail account, we request read-only access (gmail.readonly scope) to scan for job-related emails. We collect:

  • Email metadata (sender, subject, date) from job-related messages
  • Extracted information such as company names, job titles, recruiter contacts, and application statuses

We do not read, store, or process the full content of your emails. We only extract structured data from emails identified as job-related. We never send emails on your behalf, delete your emails, or modify your inbox in any way.

2.3 Job Search Data

Information you provide or that is generated through your use of the Service:

  • Resumes and resume versions
  • Job descriptions and postings
  • Application tracking data (status, notes, dates)
  • Contact information for recruiters and hiring managers

2.4 Usage Data

We automatically collect standard usage information including browser type, device information, IP address, pages visited, and interaction patterns to improve the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Scan your email for job-related messages and extract structured data
  • Generate AI-tailored resumes based on your profile and target job descriptions
  • Track and organize your job applications
  • Send you service-related communications (account verification, security alerts, feature updates)
  • Analyze usage patterns to improve the product experience
  • Detect and prevent fraud or abuse

We do not sell your personal data to third parties. We do not use your Gmail data for advertising purposes.

4. Third-Party Services

We use the following third-party services to operate JobWeave:

4.1 Supabase

We use Supabase for authentication and database hosting. Your account data and application data are stored in Supabase-managed PostgreSQL databases. Supabase is SOC 2 Type II compliant. Supabase Privacy Policy.

4.2 Google (Gmail API & OAuth)

We use Google OAuth for sign-in and the Gmail API for email scanning. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.3 LinkedIn (OAuth / OIDC)

We use LinkedIn OIDC for sign-in authentication. We receive your name, email address, and profile picture from LinkedIn during the sign-in process. LinkedIn Privacy Policy.

4.4 Vercel

Our application is hosted on Vercel. Vercel may process request metadata (IP addresses, headers) as part of serving the application. Vercel Privacy Policy.

4.5 AI Providers

We use third-party AI models (Anthropic Claude, OpenAI) to power resume tailoring and data extraction features. Resume content and job descriptions may be sent to these providers for processing. These providers process data according to their respective API data usage policies and do not use API inputs for model training.

5. Data Storage and Security

Your data is stored in Supabase-managed infrastructure. We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Row-level security policies ensuring users can only access their own data
  • Secure OAuth token handling with no long-term storage of third-party access tokens on our servers
  • Regular security reviews and dependency updates

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Cookies and Tracking

We use essential cookies required for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled.

We may use analytics cookies to understand how the Service is used. You can opt out of non-essential cookies through your browser settings.

We do not use advertising cookies or tracking pixels.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

Extracted Gmail data is stored only as structured job application records. Raw email content is not retained after processing.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate or incomplete data
  • Deletion: Request that we delete your personal data
  • Export: Request a machine-readable copy of your data (XLSX/CSV export is available in the application)
  • Revoke Gmail Access: You can disconnect your Gmail account at any time from your account settings or directly from your Google account permissions
  • Opt-out: You can opt out of non-essential communications at any time

To exercise any of these rights, contact us at privacy@jobweave.ai.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our infrastructure providers (Supabase, Vercel) primarily operate in the United States. By using the Service, you consent to the transfer of your data to these jurisdictions.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: