Job Panda logoJob Panda
PricingLog inGet started

Privacy Policy

Effective date: May 23, 2026

1. Who we are

Job Panda (“we”, “our”, “us”) is an AI-powered job search tool. Our service is available at www.jobpanda.app. Questions about this policy can be sent to hello@jobpanda.app.

2. What data we collect

  • Account data: Email address and name when you sign up via email or OAuth (Google, GitHub).
  • Resume content: Text extracted from the resume or CV you upload. We use this to match you to jobs and tailor application materials.
  • Job preferences: Target roles, location, work arrangement, salary range, and country you provide in your profile.
  • Usage data: Page views, feature interactions, and error logs collected via Vercel Analytics. No personal identifiers are attached.

3. How we use your data

  • Matching you to relevant job openings using AI scoring
  • Generating tailored resumes and cover letters for specific roles
  • Sending your daily job digest email (you can unsubscribe at any time)
  • Improving the service and diagnosing errors

We do not sell your data to third parties. We do not currently use your data to train AI models. If we do so in the future, we will ask for your explicit consent before doing so.

4. Third-party services

We rely on the following sub-processors:

  • Supabase — database and authentication (data stored in AWS us-east-1)
  • OpenAI — AI answer generation and resume tailoring (data is not used to train OpenAI models per their API terms)
  • Resend — transactional and digest email delivery
  • Google — OAuth login (Google Sign-In)
  • Vercel — hosting and analytics

5. How we protect your data

We apply the following technical and organisational measures to protect your personal data:

  • Encryption in transit: All data transmitted between your browser, our servers, and third-party sub-processors is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Your data (including resume content and authentication tokens) is stored in Supabase (AWS us-east-1), which applies industry-standard encryption at rest via our infrastructure provider.
  • Access controls: Production database access is restricted to server-side application code using Row-Level Security (RLS). Your data is isolated by user ID and cannot be accessed by other users.
  • No AI training on your data: Your resume content and personal information are never used to train AI or ML models — neither by us nor by our sub-processors (OpenAI API terms explicitly prohibit training on API inputs).
  • Breach notification: In the event of a data breach affecting your personal data, we will notify affected users and, where required by applicable law, relevant authorities without undue delay.

6. Data retention and deletion

Your data is retained as long as your account is active. You can delete your account at any time by emailing hello@jobpanda.app. Upon deletion, all personal data (resume, preferences, application history) is permanently removed within 30 days.

7. Your rights

Depending on your jurisdiction (GDPR, PIPEDA, CCPA), you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, contact us at hello@jobpanda.app.

8. Cookies

We use a single session cookie for authentication. No third-party advertising or tracking cookies are used.

9. Chrome Extension

The Job Panda Chrome Extension (“the extension”) supplements the web app with the following behaviour:

  • Authentication token: When you connect the extension to your Job Panda account, a device-specific API token is stored locally in chrome.storage.local. This token is used solely to authenticate requests to the Job Panda API on your behalf. No password or OAuth credential is stored in the extension.
  • Job page content: When you click “Save Job” on a supported job board (e.g. LinkedIn, Indeed, Workday, Greenhouse, Lever), the extension reads the job title, company name, and page URL from the active tab and sends them to your Job Panda account. No other page content is collected.
  • Application autofill: On supported ATS platforms (Workday, Greenhouse, Lever), the extension reads form field labels from the active tab and fills them with answers from your saved profile. Form data is read locally within your browser; answers are fetched from and saved to the Job Panda API only when you initiate autofill.
  • No passive monitoring: The extension does not track your browsing history, record keystrokes, monitor pages in the background, or collect data from any page without an explicit action by you.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The effective date at the top of this page will always reflect the latest version.

11. Contact

For any privacy-related questions or requests, email us at hello@jobpanda.app.