Your data, your control.
We take the security of your job search seriously. Here's exactly what we do with your data—and what we never do.
What we collect
Your job search targets
Company names you add to your radar. We use this to find matching job listings daily.
Your resume
Used only to analyze job fit (scoring, tailoring suggestions, and gap analysis). We never send it to job boards or sell it. We store it encrypted and can be deleted at any time.
Gmail & Calendar access (optional)
Read-only access to match interview invites to your calendar and extract job details from recruiter emails. We never send emails on your behalf and never store credentials.
Application activity
Dates you applied, stage changes, and interview notes—all stored in your SearchSteward account for pipeline tracking.
Access control
Gmail & Calendar
- ✓ Read your emails and calendar
- ✗ Never sends email on your behalf
- ✗ Never stores your Gmail credentials
- ✗ One-click disconnect in Settings → Integrations
Resume storage
- ✓ Stored encrypted at rest
- ✓ Used only for scoring and tailoring
- ✗ Never shared with job boards
- ✗ Never sold or used for marketing
- ✓ Deletable on demand in Settings
Job board integration
- ✓ We scrape public job boards
- ✗ We never auto-apply to jobs
- ✗ We never submit your resume without consent
- ✗ We never share your data with boards
What we never do
- ✗ Sell your data to recruiters or third parties
- ✗ Use your resume in marketing or training
- ✗ Share your search targets publicly
- ✗ Use dark patterns to trap subscriptions
- ✗ Spam your email (only digest + account emails)
Encryption & security
In transit
All communication uses HTTPS (TLS 1.3). Your data is encrypted end-to-end between your browser and our servers.
At rest
Sensitive data (resume content, encrypted credentials, personal identifiers) is encrypted at rest using AES-256. Database access is restricted and audited.
Password security
Passwords are hashed using bcrypt with a strong salt. We never store or transmit passwords in plain text.
Compliance
We comply with GDPR, CCPA, and other privacy regulations. Your data lives in secure servers with automatic backups and disaster recovery.
Your rights
Access: You can download all your data at any time from Settings.
Delete: You can delete your account and all associated data immediately. We don't retain backups of deleted personal data.
Disconnect: You can disconnect Gmail, Calendar, or other integrations with one click in Settings → Integrations. We immediately revoke access and delete cached data.
Opt-out: You can disable all emails except critical account notifications in Settings → Notifications.
Portability: You can export your applications, saved jobs, and analytics as CSV in Settings → Export.
Our commitment
Transparency
This page is the truth. We document every permission and data practice. If we change something, you'll hear it first.
Minimalism
We ask for the minimum data needed. No "optional" fields that exist just to harvest data.
No selling
Your data is never for sale. We're funded by subscriptions, not by monetizing you.
Easy exit
Delete or disconnect anytime. No retention schemes. No lock-in. Data portability by default.
Questions about security?
We're transparent about how we handle data. Reach out to [email protected] with any concerns.