JobsFlow AI

Privacy Policy

Last Updated: November 27, 2025

Important Notice

This Privacy Policy explains how JobsFlow AI collects, uses, and protects your personal data. By using our service, you agree to the collection and use of information in accordance with this policy.

Table of Contents

1. Information We Collect2. How We Use Your Data3. Your Portal Credentials4. Data Sharing5. Data Storage and Security6. Cookies and Similar Technologies7. Your Rights Under DPDP Act, 20238. Your Rights Regarding Job Portal Credentials9. Children's Privacy10. Third-Party Services and Links11. Data Breach Notification12. International Data Transfers13. Changes to This Privacy Policy14. Contact Us for Privacy Concerns15. Compliance with Laws16. Responsible AI and Ethics17. Summary Table: Your Data Rights18. Glossary

1. Information We Collect

Account Registration Information

  • Full name, email address, phone number (optional)
  • Profile information (education, experience, skills)
  • Resume/CV text and attachments
  • LinkedIn profile URL (optional)

Job Portal Credentials

  • Naukri.com email and encrypted password
  • LinkedIn email and encrypted session tokens
  • Other job portal login credentials (encrypted)

Important: Your job portal passwords are encrypted with AES-256 encryption before storage and are never stored in plain text. We use industry-standard encryption algorithms similar to banking-grade security.

Profile and Preferences

  • Job search preferences
  • Application history
  • Application status tracking
  • Customized job filters
  • Resume preferences per portal

Communication Data

  • Email communications with our support team
  • Feedback and feature requests
  • Support tickets and interactions

Billing Information (if applicable)

  • Payment method details (processed through secure payment gateways)
  • Billing name and address
  • Transaction history
  • Subscription plan details

Usage Data

  • Number of applications submitted
  • Timestamps of application attempts
  • Portal interaction logs
  • Application success/failure rates
  • Time spent in the application
  • Features used and frequency

Technical Data

  • IP address and geolocation (country/city level only)
  • Device type and operating system
  • Browser type and version
  • Cookies and session identifiers
  • Referral source (where you came from)
  • Pages visited and time spent

Security Data

  • Login attempts and failures
  • Account access logs
  • Password change history (timestamps only, not content)
  • API key usage logs

2. How We Use Your Data

Service Delivery

  • Automate job applications on supported portals (Naukri, LinkedIn, etc.)
  • Store and manage your job search profile and preferences
  • Track application status and provide real-time updates
  • Provide personalized dashboard showing your application history
  • Optimize job matching based on your preferences

Account Management

  • Verify your identity and prevent fraud
  • Manage your subscription and billing
  • Send account-related notifications (password resets, security alerts)
  • Respond to your support requests
  • Enforce plan limits (Free: 10-30 apps/day, Pro: 50-100 apps/day)

Service Improvement

  • Analyze usage patterns to improve platform performance
  • Identify and fix technical issues
  • Develop new features and enhancements
  • Conduct A/B testing and analytics
  • Generate anonymized usage reports

Security and Compliance

  • Detect, prevent, and address fraud and abuse
  • Enforce our Terms of Service and other agreements
  • Protect against malicious, deceptive, or illegal activity
  • Comply with legal obligations and law enforcement requests
  • Maintain audit trails for security purposes

Legal and Legitimate Interests

  • Pursue our legitimate business interests
  • Prevent violations of our Terms of Service
  • Establish, exercise, or defend legal claims
  • Comply with DPDP Act, 2023 and IT Act, 2021

3. Your Portal Credentials: How We Handle Them

Encryption and Storage

What we do:

  • Encrypt all job portal credentials using AES-256 encryption
  • Store encrypted credentials in PostgreSQL database with Row-Level Security
  • Keep encryption keys in a separate secure vault (not accessible by your credentials)
  • Never log or display your passwords in plaintext
  • Use HTTPS/TLS for all data in transit

What we DON'T do:

  • Never share your credentials with third parties
  • Never sell your credentials
  • Never use your credentials for any purpose other than automating your job applications
  • Never store passwords in plaintext format
  • Never expose credentials in error logs or debug information

Access Controls

  • Only authenticated and authorized service accounts can access encrypted credentials
  • Access is logged and monitored for security
  • Database-level encryption ensures encrypted data remains encrypted
  • Regular security audits verify proper access controls

Your Control

You have complete control over your credentials:

  • Delete anytime: Remove your credentials instantly via account settings
  • Update anytime: Change or disconnect job portal accounts
  • Revoke access: Stop JobsFlow AI from accessing a portal account
  • Export history: Request a copy of your application history anytime

4. Data Sharing

When We Share Data

We do NOT share your personal data with third parties except in these circumstances:

Service Providers (with Data Processing Agreements)

  • Supabase: Database hosting and infrastructure (PostgreSQL, authentication)
  • Razorpay: Payment processing (billing only, no credentials shared)
  • SendGrid: Email delivery (for notifications only)
  • Hostinger: Application hosting

Legal Requirements

  • When required by law, court order, or government authority
  • To protect our rights, privacy, or safety
  • To prevent fraud or illegal activity
  • In case of emergency (e.g., data breach notification)

Anonymized Data

  • We may share anonymized, aggregated statistics with partners for research purposes
  • No personally identifiable information is included
  • Example: "1000 users in India applied to 50,000 jobs this month"

Data Processing Agreements

All third-party service providers have signed Data Processing Agreements (DPA) ensuring they:

  • Only process data as instructed
  • Implement appropriate security measures
  • Do not transfer data outside the EEA/India unless required
  • Delete or return data upon request

5. Data Storage and Security

Where Your Data is Stored

  • Primary: Supabase (PostgreSQL databases in India region when available)
  • Backups: Encrypted backups retained for 30 days
  • Cookies: Stored locally on your browser
  • Cache: Temporary cache on CDN servers (non-sensitive data only)

Security Measures

Encryption at Rest:

AES-256 encryption for sensitive data

Encryption in Transit:

HTTPS/TLS 1.3 for all communications

Database Security:

PostgreSQL with Row-Level Security (RLS)

Authentication:

Bcrypt password hashing (not reversible)

API Security:

JWT tokens with expiration, rate limiting

Access Control:

Role-based access control (RBAC)

Audit Logging:

All access to sensitive data is logged

Monitoring:

Real-time security monitoring and alerting

Data Retention

Data TypeRetention PeriodReason
Account credentialsUntil you deleteService operation
Application history2 years or user deletionAnalytics and history
Email communications1 yearSupport and compliance
Audit logs1 yearSecurity and DPDP Act compliance
Payment records7 yearsTax and financial compliance

6. Cookies and Similar Technologies

What are Cookies?

Cookies are small text files placed on your device to store information about your session, preferences, and interactions.

Types of Cookies We Use

Essential Cookies (automatically enabled)

  • session_id: Maintains your login session
  • auth_token: Stores your authentication token
  • csrf_token: Prevents cross-site request forgery attacks
  • preferences: Stores your UI preferences (theme, language)

Analytics Cookies (optional)

  • Google Analytics: Track page views and user behavior
  • You can disable these in your privacy settings
  • Not used to identify you personally

Third-Party Cookies

  • YouTube embeds: If you watch embedded videos
  • Payment processors: If you upgrade to paid plans

Your Cookie Choices

  • You can disable cookies in your browser settings
  • You can opt out of analytics tracking in your account settings
  • Disabling essential cookies may affect functionality
  • You can clear cookies anytime via browser settings

7. Your Rights Under DPDP Act, 2023

Right to Access

  • Request a copy of all personal data we hold about you
  • Get this data in a portable format (JSON or CSV)
  • How to exercise: Email privacy@jobsflow.ai with subject 'Data Access Request'
  • Timeline: We will respond within 30 days

Right to Correction

  • Request correction of inaccurate or incomplete data
  • Update your profile information directly in your account
  • How to exercise: Edit your profile or email privacy@jobsflow.ai
  • Timeline: We will respond within 15 days

Right to Deletion (Right to be Forgotten)

  • Request deletion of your personal data
  • Permanently delete your account and all associated data
  • Note: Some data may be retained for legal compliance (e.g., billing records for 7 years)
  • How to exercise: Settings → Account → Delete Account (irreversible!)
  • Timeline: Data deleted within 24 hours of request

Right to Withdraw Consent

  • Withdraw your consent for data processing at any time
  • Stop receiving marketing emails
  • Disable optional features
  • How to exercise: Account settings or email privacy@jobsflow.ai

Right to Data Portability

  • Request your data in portable format for migration to another service
  • We will provide JSON or CSV export
  • How to exercise: Settings → Account → Export Data
  • Timeline: Available immediately

8. Your Rights Regarding Job Portal Credentials

Credential Access

  • You cannot view your stored encrypted passwords (for security)
  • You can disconnect credentials, which deletes them
  • You can change portal passwords anytime (we'll use new credentials for next application)

Credential Deletion

  • Delete any portal credential instantly
  • We immediately stop using that credential
  • Deleted credentials cannot be recovered
  • How to exercise: Settings → Connected Accounts → Disconnect

Credential Breach Response

  • In case of a data breach affecting your credentials
  • We will notify you within 72 hours (DPDP Act requirement)
  • We will provide recommended actions (e.g., change passwords)
  • We will provide detailed breach information via email

9. Children's Privacy

JobsFlow AI is NOT intended for users under 18 years old.We do not knowingly collect personal data from children under 18. If we discover we've collected data from a minor, we will delete it immediately. Parents/guardians who believe their child provided data should contact: privacy@jobsflow.ai

10. Third-Party Services and Links

External Links

Our platform may contain links to external websites (Naukri, LinkedIn, etc.). We are not responsible for their privacy practices. Please review their privacy policies before using.

Third-Party Integrations

When you connect external accounts (job portals):

  • They have their own privacy policies and terms
  • We have no control over how they handle data
  • We recommend reviewing their privacy policies
  • Example: Naukri's privacy policy: naukri.com/privacy

Browser Extensions

If using our browser extension:

  • Permissions requested: Site access, local storage
  • Data collected: Application attempts, portal interactions
  • Extension data is encrypted and synced to our servers
  • You can revoke extension permissions anytime

11. Data Breach Notification

If a Breach Occurs

We will:

  1. Notify affected users within 72 hours (DPDP Act requirement)
  2. Notify relevant authorities if required by law
  3. Provide detailed information: what data was breached, when it happened, what we're doing about it, recommended actions for you

Your Right to Information

You have the right to know:

  • Whether your data was affected
  • What specific data was breached
  • Actions we've taken to remediate
  • Our investigation findings
  • Preventive measures implemented

Support During Breach

We will provide:

  • Credit monitoring services (if financial data affected)
  • Password reset assistance
  • Account security review
  • Direct support line for questions

12. International Data Transfers

JobsFlow AI operates primarily in India.If you are accessing from outside India: your data may be transferred to India, India has adequate data protection laws (DPDP Act 2023), by using our service, you consent to data transfer, all data remains encrypted during transfer.Note for EU Residents: If you're in the EU, GDPR applies to your data, we comply with GDPR requirements, you have additional GDPR rights (beyond DPDP Act), contact: privacy@jobsflow.ai for GDPR-specific requests.

13. Changes to This Privacy Policy

Updates to Policy

We may update this Privacy Policy:

  • When laws change (DPDP Act, IT Act)
  • When we add new services
  • When we improve security
  • For clarifications

Your Notification

  • Material changes: We'll notify you via email at least 30 days before
  • Minor changes: Updated on this page without notice
  • Continued use after notification: Acceptance of new policy

Version History

  • v1.0: November 27, 2025 (Initial release)
  • Changes logged in Git version control (available to users upon request)

14. Contact Us for Privacy Concerns

Privacy Officer Contact

  • Email: privacy@jobsflow.ai
  • Response Time: Within 15 business days
  • Mailing Address: [Your Company Address], India

Types of Requests

  • Data Access: privacy@jobsflow.ai (Subject: 'Data Access Request')
  • Deletion Request: privacy@jobsflow.ai (Subject: 'Data Deletion Request')
  • Correction Request: privacy@jobsflow.ai (Subject: 'Data Correction Request')
  • Breach Notification: privacy@jobsflow.ai (Subject: 'Security Incident Report')
  • General Privacy Questions: privacy@jobsflow.ai

Escalation

If you're unsatisfied with our response:

  1. Request escalation to our Data Protection Officer
  2. File a complaint with relevant authorities
  3. Seek legal counsel in your jurisdiction

15. Compliance with Laws

DPDP Act, 2023 (India)

This Privacy Policy complies with:

  • Section 4: Principles of consent, collection, and purpose limitation
  • Section 6: Consent requirements (explicit, informed, free, specific)
  • Section 8: Security obligations (encryption, access controls, audit logs)
  • Section 10: User rights (access, correction, deletion, portability)

IT Act, 2021

Compliance with:

  • Rule 4: Reasonable security practices
  • Rule 5: Privacy policy requirements
  • Rule 6: Grievance redressal mechanism

Other Applicable Laws

  • Consumer Protection Act, 2019
  • E-commerce Rules, 2020
  • Regional data protection laws (if applicable)

16. Responsible AI and Ethics

AI Usage in JobsFlow AI

We may use AI/ML for:

  • Predicting job match accuracy
  • Optimizing application timing
  • Detecting fraudulent accounts
  • Improving security

Data Used for AI

  • Only aggregated, anonymized data used for model training
  • Your personal data is never used to train public models
  • You can opt out of analytics data usage

17. Summary Table: Your Data Rights

RightHow to ExerciseTimeline
Access Your DataSettings → Export DataImmediate
Download Your DataSettings → Account → ExportWithin 24 hours
Correct Your DataSettings → Profile → EditImmediate
Delete Your DataSettings → Account → DeleteWithin 24 hours
Disconnect CredentialsSettings → Connected AccountsImmediate
Opt Out AnalyticsSettings → Privacy → Disable AnalyticsImmediate
Withdraw ConsentEmail privacy@jobsflow.aiWithin 15 days
Request InformationEmail privacy@jobsflow.aiWithin 30 days

18. Glossary

Encryption
Converting data into a code to prevent unauthorized access
DPDP Act
Digital Personal Data Protection Act, 2023 (India)
Data Processing
Any action performed on data (collection, storage, use, deletion)
Consent
Your explicit, informed agreement to data collection
Purpose Limitation
Using data only for stated purposes
Data Portability
Your right to receive your data in portable format
Right to be Forgotten
Right to request deletion of your data

Please scroll to bottom of privacy policy to continue