Privacy Policy

Effective date: June 8, 2026

Operator: TabsOnJobs ("we", "us", or "our")

Contact: [email protected]

1. Overview

TabsOnJobs is a personal job-search assistant. It connects to your Gmail inbox to surface job-related email, helps you tailor resumes, draft replies to recruiters, prepare for interviews, and track applications. This policy explains what we collect, why, who we share it with, and how you can delete it.

By creating an account or connecting Gmail, you agree to this policy.

2. Information we collect

Account information. Your email address and a password (stored only as a salted one-way hash — we never store your plaintext password).

Google account data (via OAuth). With your explicit consent on Google's permission screen, TabsOnJobs accesses your Gmail using Google OAuth. Depending on the scopes you grant, this can include:

• reading email messages and metadata to identify and summarize job-related mail (a Gmail restricted scope);
• sending email on your behalf when you explicitly click Send on a draft;
• creating Google Calendar events when you schedule an interview.

We store the OAuth tokens Google issues so the app can act on your behalf. We do not receive or store your Google password.

Resume and profile content. Resume files you select or upload, the parsed text extracted from them, and any notes or instructions you add.

Job and application data. Jobs detected from your inbox or added manually, fit scores, tailored resumes, interview-prep packets, recruiter reply drafts, follow-up reminders, saved searches, and the status you assign to each job.

AI-generated content. Text produced when you tailor a resume, generate a draft, or prepare for an interview.

Technical/usage data. Standard server logs (timestamps, request paths, error details) and an internal AI activity log (provider, model, latency, and error codes for each AI call). We design logs to avoid storing full email bodies or secret values.

3. Google API Limited Use disclosure

TabsOnJobs' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide and improve the user-facing features described in this policy.
• We do not sell Google user data.
• We do not use Google user data for advertising.
• We do not allow humans to read your Google user data, except: (a) with your explicit consent for specific messages; (b) where necessary for security purposes (e.g. investigating abuse); (c) to comply with applicable law; or (d) where the data has been aggregated and anonymized.
• We do not transfer Google user data to third parties except as necessary to provide or improve the features, to comply with law, or as part of a merger/acquisition with appropriate safeguards.

4. AI processing and subprocessors

To generate summaries, fit scores, tailored resumes, drafts, and prep content, TabsOnJobs sends relevant text — which can include resume content, job descriptions, and excerpts of recruiter messages — to third-party AI providers configured for the service:

• Google (Gemini API) — primary provider.
• OpenAI and Anthropic — optional fallback providers, used only if configured.

These providers process the text to return a result. We rely on their respective enterprise/API terms, which state that API inputs are not used to train their models by default. We never send your Google OAuth tokens or password to AI providers.

Other subprocessors:

• Render — hosts the application and stores its persistent disk (your account data, tokens, job data, and AI-generated artifacts).
• Cloudflare R2 — object storage for resume files you upload (the original document bytes).

5. How we use your information

We use the data above to: authenticate you; fetch and organize job-related email; compute fit scores; generate and store tailored resumes, prep packets, and drafts; send email or create calendar events when you explicitly request it; maintain your job pipeline; operate, secure, debug, and improve the service; and comply with legal obligations.

6. How we share information

We do not sell your data. We share it only with: the AI providers and hosting provider listed above (as needed to run the features); Google (to read/send mail and create events you request); and authorities where required by law. If the service is ever transferred to another operator, we will require equivalent privacy protections and notify you.

7. Data retention

We retain your account data, tokens, resumes, and job data for as long as your account is active. OAuth tokens are kept until they expire or you disconnect Gmail. You can delete individual items (resumes, tailored versions, saved searches) in the app at any time. When you delete your account, we delete your associated data within 30 days, except where we must retain limited records to comply with law.

8. Your choices and rights

• Disconnect Gmail at any time from the app; this revokes our stored token. You can also revoke access at Google Account permissions.
• Delete data — remove resumes, drafts, and searches in-app.
• Delete your account — in the app, go to the Studio page → Danger Zone → Delete my account and confirm with your password. This permanently revokes your Gmail tokens, deletes your uploaded resume files, and removes your account and associated data. You can also request deletion by emailing us at the contact address below.
• Depending on where you live (e.g. EEA/UK/California), you may have rights to access, correct, port, or erase your data, and to object to certain processing. Contact us at [email protected] to exercise them.

9. Security

We protect data with HTTPS in transit (with HSTS) and security headers (Content-Security-Policy, X-Frame-Options, and others). Passwords are stored only as salted PBKDF2-SHA256 hashes. Sessions use signed cookies with a bounded lifetime and server-side revocation. Each user's data is stored in a separate per-user namespace with access controls, and state-changing requests are protected against cross-site request forgery. We rely on our hosting and storage providers (Render and Cloudflare R2) for encryption of data at rest on their infrastructure. No method of storage or transmission is 100% secure, and we cannot guarantee absolute security.

10. International data transfers

Your data may be processed in countries other than your own, including by the subprocessors above. Where required, we rely on appropriate safeguards for such transfers.

11. Children

TabsOnJobs is not directed to children under 16, and we do not knowingly collect their data. If you believe a child has provided us data, contact us.

12. Changes to this policy

We may update this policy. We will post the new effective date here and, for material changes, take reasonable steps to notify you.

13. Contact

Questions or requests: [email protected].

← Back to TabsOnJobs