Skip to main content

PRIVACY

Privacy policy

Last updated: May 3, 2026

1. What we collect

  • — Resume and parsed fields
  • — Job description URLs you paste
  • — Evaluations the agent generates
  • — Tailored resumes and cover letters you generate
  • — Subscription state (Stripe customer ID, tier, dates)
  • — Email and password hash (Firebase Auth)
  • — Application telemetry (Application Insights, server-side)

2. What we don't collect

  • — No third-party analytics or trackers in the app
  • — No advertising pixels in the app
  • — No card details (Stripe Elements tokenizes client-side)
  • — No contacts, calendar, or browsing history

3. Where it's stored

Azure for Cosmos DB, Blob Storage, and Application Insights. Firebase for Auth. Stripe for subscription and payment. Postmark for transactional email. ScrapingAnt as a job-description URL scrape proxy. OpenAI and Azure OpenAI for LLM inference.

See the current detailed list at sub-processors.

4. Why we collect each item

  • — Resume so the agent can evaluate fit.
  • — Job description URLs so the agent knows what to evaluate against.
  • — Evaluations so you can revisit prior reads of a role.
  • — Tailored materials so you can edit, export, and re-use them.
  • — Subscription state so we charge you correctly.
  • — Email and password hash so you can sign in.
  • — Application telemetry so we can debug failures and keep the agent running.

5. How long we keep it

Resume, evaluations, and tailored materials stay while your account is active and are removed within 30 days of a deletion request. Subscription records are retained for 7 years after cancellation per US tax retention; Stripe holds these. Application Insights logs are retained for 90 days. Postmark email logs are retained for 45 days.

6. Who we share it with

Sub-processors only. No data brokers, no advertisers, no LinkedIn, no recruiters, no employers. You decide what to send to an employer; the agent never does.

See the current detailed list at sub-processors.

7. How the agent uses your resume

Your resume is parsed via Azure OpenAI and embedded for fit evaluation. Azure OpenAI does not use your prompts or completions to train its models — that is the no-training posture stated in their service contract.

8. How we secure it

TLS in transit. Encryption at rest with Azure-managed keys. Password hashing via Firebase Auth. Secrets in Key Vault. Compute reaches data only via managed identity — there are no static credentials in the application.

9. Cookies and analytics

One first-party cookie for session (Firebase Auth ID token). The marketing site uses Posthog for product analytics, gated by the consent banner. The app uses Application Insights server-side only — no client cookies for analytics.

10. Your rights and how to exercise them

Right to access — email privacy@hellodreamjob.com.

Right to deletion — in-app at Account Settings, completes within 30 days.

Right to correction — edit your profile in-app.

EU and UK users have GDPR rights. California users have CCPA rights. The mechanism is the same: in-app for deletion, email for everything else.

11. Children's privacy

This service is not directed to users under 16. We don't knowingly collect data from users under 16.

12. Changes to this policy

Material changes are notified by email at least 14 days before they take effect. The "last updated" date at the top reflects the most recent change.