Privacy Policy | Jesse Johnson

ShouldApply (“we,” “our,” or “us”) is operated by Jesse Johnson. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at shouldapply.com (the “Service”). Please read this policy carefully. By using the Service, you agree to the practices described herein.

1. Information We Collect

Account Information

When you create an account, we collect:

Email address
Full name (if provided)
Avatar/profile picture (if uploaded or provided via OAuth)
Authentication credentials (managed securely via Supabase Auth)

Profile & Resume Data

To provide job matching, we collect information you voluntarily provide:

Resume text (extracted from uploaded documents)
Skills, job titles, and professional experience
Years of experience
Location and desired work locations
Minimum salary preferences
Search radius preferences
Dealbreaker settings (e.g., work authorization, remote preferences)

Job & Scoring Data

When you use the Service to evaluate jobs, we store:

Job descriptions you submit or search for
AI-generated match scores and analysis results
Your save, archive, and interaction history with jobs
Notes you attach to jobs

Automatically Collected Information

Browser type and version
Pages visited and features used
IP address (for security and analytics)
Cookies and similar technologies (see Section 6)

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and improve the Service
Generate AI-powered job match scores by comparing your profile and resume against job descriptions
Personalize your experience and surface relevant job insights
Communicate with you about your account, updates, and support requests
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations

3. AI & Third-Party Data Processing

We use Google’s Gemini API to generate job match scores and analysis. When processing your data through the Gemini API:

We send only the minimum data necessary (relevant resume excerpts and job description text)
Data sent to the Gemini API is processed according to Google’s API Terms of Service
We do not use your data to train AI models
AI-generated results are stored in our database so we do not need to re-process the same data

4. Data Storage & Security

Your data is stored securely on Supabase, which provides:

SOC 2 Type II compliance
AES-256 encryption at rest
TLS encryption in transit
Row-Level Security (RLS) ensuring users can only access their own data
Regular security audits and monitoring

While we implement industry-standard safeguards, no method of electronic storage is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in these cases:

Service providers: Supabase (hosting/database), Google Gemini API (AI processing), Vercel (hosting), and Stripe (payment processing) — each bound by their own privacy commitments
Legal requirements: When required by law, subpoena, or government request
Safety: To protect the rights, safety, or property of our users or the public
Business transfers: In connection with a merger, acquisition, or sale of assets (you would be notified)

6. Cookies & Analytics

We use:

Essential cookies: For authentication and session management
Analytics: Google Analytics to understand how the Service is used (anonymized/aggregated data)
Preferences: Local storage to save your theme preference (light/dark mode)

You can disable cookies in your browser settings, though some features may not function properly.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Correct inaccurate information in your profile
Delete your account and all associated data
Export your data in a portable format
Opt out of non-essential data processing

To exercise any of these rights, contact us at jesse@shouldapply.com. We will respond within 30 days.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information.

European Residents (GDPR)

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including data portability (Article 20) and the right to lodge a complaint with a supervisory authority. Our legal basis for processing is your consent (provided at account creation) and legitimate interest in providing the Service.

8. Data Retention

We retain your data for as long as your account is active. Specifically:

Account & profile data: Retained until you delete your account
Job scoring data: Retained until you delete your account or remove individual jobs
Archived jobs: Automatically removed after the period you set in your preferences (default: 14 days)
Server logs: Retained for up to 90 days for security and debugging

When you delete your account, all personal data is permanently removed from our systems within 30 days, except where retention is required by law.

9. Children’s Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: jesse@shouldapply.com
Website: shouldapply.com