JAAP

Legal

Privacy Policy

Last updated: March 12, 2026

1. Overview

JAAP (“we”, “our”, “us”) operates the website at getjaap.com. This policy explains what data we collect, why we collect it, and how we protect it.

2. Data We Collect

When you use JAAP, we collect:

  • Account information: email address, name, and hashed password
  • Candidate profile: your CV, job preferences, skills, and value proposition you provide
  • Gmail OAuth token — only if you choose to connect Gmail; used solely to send outreach emails on your behalf
  • LinkedIn session cookie (li_at) — only if you choose to connect LinkedIn; encrypted at rest; used solely to submit Easy Apply applications on your behalf
  • Pipeline activity: jobs found, applications submitted, emails sent, and replies detected
  • Telegram chat ID — only if you connect Telegram; used only to deliver job approval notifications to you

3. How We Use Your Data

  • To automate job applications on your behalf, with your approval at every step
  • To find hiring managers and send personalised outreach emails in your name
  • To notify you via Telegram when actions require your review or approval
  • To improve the accuracy and quality of the service

We do not sell your data to third parties. We do not use your data for advertising.

4. Gmail Data Use Policy

JAAP's use of Google user data is limited to the following:

  • We request only gmail.send and gmail.readonly scopes — the minimum required to send outreach emails and detect replies.
  • Gmail data (email content, contacts) is never shared with third parties, used for advertising, or processed for any purpose other than sending job applications on your behalf.
  • We do not read, index, or store your email inbox. Inbox access is limited to detecting replies to emails JAAP sent.
  • You can revoke Gmail access at any time from your Google Account security settings or from the JAAP settings page.

5. Third-Party Services

JAAP uses the following third-party services, each with its own privacy policy: Supabase (database), Railway (hosting), Resend (transactional email), Sentry (error monitoring), Hunter.io and Apollo.io (contact research — no personal data is shared with them beyond publicly available company names), Anthropic / DeepSeek / Google Gemini (AI email generation).

6. Data Retention & Deletion

You can delete your account and all associated data at any time from the settings page or by emailing hello@getjaap.com. LinkedIn cookies and Gmail tokens are deleted immediately upon disconnection. We retain anonymised pipeline statistics for up to 90 days after account deletion for service improvement.

7. Security

All sensitive credentials (LinkedIn cookies, Gmail tokens) are encrypted with AES-256 (Fernet) before storage. All data is transmitted over HTTPS. Database access is restricted to our backend services and is not accessible to the public.

8. Your Rights

You have the right to access, correct, or delete any personal data we hold about you. To exercise these rights, email hello@getjaap.com. We will respond within 30 days.

9. Contact

Questions about this policy? Email us at hello@getjaap.com.

View Terms of Service →