Effective date: May 20, 2026
Operator: JobKyte service operator, as identified on the imprint page.
Privacy contact: privacy@jobkyte.com
Support contact: support@jobkyte.com
Mailing address: See the imprint page for current provider information.
Not legal advice: This policy describes how JobKyte is intended to handle personal information. It is not legal advice and should be reviewed by qualified counsel before publication.
1. Introduction
JobKyte, including any Talent Hub-branded product area we operate, provides a production MVP service for job seekers. This policy explains how we collect, use, disclose, retain, and protect personal information when you use our website, app, API, public resume pages, document vault, resume builder, PDF export, support channels, newsletters, and related services.
JobKyte is available to a global audience. Some privacy rights and notices apply only in specific regions, but we aim to explain our practices clearly for all users.
2. Who We Are and How to Contact Us
JobKyte is operated by the JobKyte service operator identified on the imprint page. The legal operator, registered address, and any required company registration details must be verified before public launch.
Use the privacy contact above for privacy requests, account data questions, deletion requests, access requests, correction requests, data export requests, consent withdrawal, newsletter unsubscribe support, or complaints about how personal information is handled.
If we appoint a data protection officer, EU representative, UK representative, or another privacy representative, we will add those details here.
3. Information We Collect
We collect information you provide directly, information created when you use the service, and technical information needed to run and secure JobKyte.
Account and authentication data
- Email address.
- Authentication identifiers.
- Passwordless or social-login state.
- Google OAuth profile details if you choose Google sign-in.
- Session status, authentication cookies, and security tokens.
Profile data
- Name, phone number, email, city, state, country, postal code, public username, and similar profile details.
- Profile image or CV image metadata and linked private image document identifiers.
Career library data
- Work experience, education, skills, projects, certificates, languages, social links, awards, exhibitions, press features, side projects, speaking engagements, volunteering, published writing, key achievements, and related dates, descriptions, links, notes, sort order, and archive state.
Resume data
- Resume titles, target roles, headlines, summaries, language, selected templates, style settings, selected sections, selected career-library items, resume-specific title or description overrides, contact visibility settings, profile-image settings, publication state, and public resume settings.
Document vault data
- Uploaded PDFs, images, certificates, and other supported files.
- File names, file categories, descriptions, content types, file sizes, upload metadata, private storage references, and signed-upload or signed-download activity.
Sharing and publication data
- Public resume publication state.
- Public resume document-link visibility.
- Document-share recipients, email identifiers, company, organization, or HR recipient labels, share status, expiry, and revocation state.
Export data
- PDF export metadata, export status, template, file name, timestamps, retry state, and failure reference or diagnostic information.
Technical, security, and operations data
- IP address, device and browser information, operating system, approximate region derived from technical data, request metadata, logs, security events, abuse-prevention signals, route and performance data, error details, and support diagnostics.
- Cloudflare Turnstile or similar abuse-prevention verification data where configured.
- Sentry or similar error-monitoring data, such as stack traces, browser details, route information, release version, and limited user or session identifiers where needed for debugging.
Analytics, newsletter, payment, and future AI data
- Simple public website and product analytics, such as page views, referrers, events, device category, and aggregate usage trends. Analytics events should not include resume body text, career descriptions, private document contents, phone numbers, email addresses, or uploaded file names.
- Newsletter subscription details and email engagement metadata if you sign up for platform updates.
- Stripe customer identifiers, subscription or billing metadata, invoice state, payment status, fraud-prevention signals, and support information. Payment card details are processed by Stripe; JobKyte does not store full card numbers.
- OpenAI or other AI processing data only if AI features are enabled later. We will update this policy before AI features process resume, profile, document, or career-library content.
4. How We Use Information
We use personal information to:
- Provide accounts, authentication, session handling, and account security.
- Let users create profiles, maintain a career library, build resumes, preview resumes, publish public resumes, and export PDFs.
- Store, retrieve, categorize, preview, download, and delete private documents.
- Enable user-directed sharing, public resume publication, and public resume document links.
- Create Stripe customer records, manage billing readiness, process payments or subscriptions if enabled, prevent payment fraud, and provide billing support.
- Send platform updates, product announcements, or newsletter emails when you subscribe or where otherwise permitted. You can opt out of marketing emails.
- Run simple analytics to understand public website usage, product funnels, reliability, and feature adoption.
- Detect, debug, and repair errors using monitoring tools such as Sentry.
- Prevent abuse, spam, fraud, unauthorized access, and security incidents.
- Respond to support, privacy, legal, and operational requests.
- Comply with legal obligations, enforce terms, and protect rights, safety, and service integrity.
5. Private Documents and Public Resume Controls
Documents are private by default. Private document storage references are not public URLs and should not be exposed directly in the browser.
Public resumes do not make all of your private documents public. A document becomes available from a public resume only when you explicitly mark that resume-document link as public. You can remove or make a linked document private again through the product controls when those controls are available.
Owner PDF exports may include selected private images or documents as part of the user-directed export flow without publishing those files on a public resume page.
If you publish a public resume, the public resume content may be visible to anyone with the URL. Public pages may also be indexed by search engines if indexing is enabled.
6. When We Share Information
We share personal information only as needed to provide the service, follow your directions, operate safely, meet legal obligations, or complete business operations.
Service providers and processors
We may use providers for:
- Hosting, app infrastructure, databases, logs, and deployment.
- Cloudflare R2 or similar private object storage.
- SuperTokens or similar authentication infrastructure.
- Gotenberg or similar PDF rendering infrastructure.
- Email delivery and newsletter delivery.
- Stripe payment and billing infrastructure.
- Google OAuth when you choose Google sign-in.
- Sentry or similar error monitoring.
- Analytics for public website and product usage.
- OpenAI or other AI providers only if AI features are enabled later and disclosed before use.
User-directed sharing
We share information when you choose to publish a resume, create a public resume document link, share a private document, or otherwise direct us to make information available to another person, company, organization, or recipient.
Legal, safety, and business reasons
We may disclose information if required by law, legal process, or enforceable government request; to protect users, the public, JobKyte, or others; to investigate security, fraud, or abuse; to enforce our terms; or as part of a merger, acquisition, financing, reorganization, asset sale, or similar business transfer.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
7. Cookies and Similar Technologies
JobKyte uses cookies and similar technologies for:
- Authentication and session management.
- Security, abuse prevention, and protected form submissions.
- Remembering cookie preferences.
- Simple analytics, if enabled.
Current consent cookies include jk_cookie_consent and jk_cookie_enabled_ids. Authentication and session cookies may include SuperTokens-related cookies such as sAccessToken, sRefreshToken, sFrontToken, sAntiCsrf, st-last-access-token-update, sIdRefreshToken, st-access-token, st-refresh-token, and sIRTFrontend.
If analytics or other optional tools require non-essential cookies, those cookies should be handled through cookie controls. You can also manage cookies through your browser settings.
8. Data Retention
We keep personal information only as long as needed for the purposes described in this policy, unless a longer period is required or permitted by law.
| Data type | Typical retention |
|---|---|
| Account and profile data | While your account exists, unless deleted earlier or retained where legally required. |
| Career library and resume data | Until you delete the data, delete the account, or request deletion, subject to backup and legal retention limits. |
| Private documents | Until you delete the file, delete the account, or request deletion, subject to backup and legal retention limits. |
| Public resume data | While the resume is published or otherwise retained in your account. Cached or indexed copies outside JobKyte may persist outside our control. |
| Export metadata | Retained for history, debugging, abuse prevention, support, and service reliability. |
| Logs, analytics, and monitoring data | Retained for a limited security, operations, debugging, analytics, or compliance window. |
| Stripe billing records | Retained as needed for billing, tax, accounting, dispute, fraud-prevention, and legal obligations. |
| Backups | Deleted or overwritten on the normal backup lifecycle. |
9. Your Choices and Rights
Depending on your location and the data involved, you may have rights to:
- Access personal information.
- Correct inaccurate information.
- Export or receive a copy of information.
- Delete account data, profile data, resumes, career-library items, or uploaded documents.
- Restrict or object to certain processing.
- Withdraw consent where processing is based on consent.
- Revoke document shares.
- Manage public and private resume settings.
- Opt out of marketing emails and newsletters.
- Lodge a complaint with a privacy or data protection authority.
To exercise rights, use the privacy contact above. We may need to verify your identity before fulfilling a request. Some requests may be limited by security, legal, accounting, fraud-prevention, backup, or technical requirements.
10. Security
We use access controls, private storage, signed upload and download URLs, authentication, session controls, and monitoring to protect personal information. Public/private controls are designed to prevent private documents and private storage references from being exposed directly.
No service can guarantee perfect security. You are responsible for keeping your sign-in method secure and for understanding that public resume URLs, public document links, and shared documents can be copied or forwarded by recipients.
11. International Transfers
JobKyte is available globally. Personal information may be processed in countries where we, our infrastructure providers, and our service providers operate. Where required, we use appropriate safeguards for international transfers, such as contractual protections or other lawful transfer mechanisms.
12. Children
JobKyte is not intended for children under 13. If the law in your location requires a higher age to use online services or consent to data processing, you may use JobKyte only if you meet that higher age requirement or have valid parent or guardian consent.
If we learn that we collected personal information from a child in a way that is not permitted, we will take appropriate steps to delete it.
13. AI and Automated Decision-Making
The current MVP does not make automated hiring decisions, candidate-screening decisions, or employment eligibility decisions. JobKyte does not decide whether you get a job.
AI features, including possible OpenAI-powered features, may be added later. Before enabling AI features that process user content, we will update this policy to explain what data is sent, why it is sent, what controls users have, whether humans review the data, and whether the data is used for model training.
14. Changes to This Policy
We may update this policy as JobKyte changes. We will update the effective date when we make changes. If changes are material, we may provide additional notice, such as an in-app notice, email, or other prominent notice.
15. California Notice at Collection
This section is for California residents and is intended to summarize categories of personal information collected, purposes, disclosure, and rights.
| Category | Examples | Purposes |
|---|---|---|
| Identifiers | Name, email, username, authentication identifiers, Stripe customer ID, document-share recipient identifiers. | Account access, support, billing, sharing, security, and service operations. |
| Customer records information | Contact details, billing metadata, payment status, account details. | Account management, payments, support, and legal compliance. |
| Internet or network activity | Device/browser data, logs, routes, analytics events, security events. | Security, debugging, analytics, fraud prevention, and service reliability. |
| Professional or employment-related information | Work history, education, skills, projects, certifications, achievements, resumes. | Resume building, career-library management, public resume publication, and PDF exports. |
| Sensitive personal information where provided | Account credentials, private documents, precise content in career/resume materials, and payment-related fraud signals handled by Stripe. | Security, authentication, user-directed document storage, billing, and service delivery. |
| Inferences | Limited product analytics or aggregate usage trends. | Product improvement, reliability, and service planning. |
We do not sell personal information or share it for cross-context behavioral advertising. We do not use sensitive personal information to infer characteristics outside the purposes needed to provide, secure, and improve JobKyte.
California residents may request to know/access, delete, correct, opt out of sale/share, limit certain uses of sensitive personal information, and receive non-discriminatory treatment for exercising privacy rights. Use the privacy contact above to submit a request.
16. EEA and UK Notice
For users in the European Economic Area or United Kingdom, our legal bases may include:
- Contract: to provide accounts, resumes, documents, exports, billing, and requested product features.
- Legitimate interests: to secure the service, prevent abuse, debug errors, improve reliability, understand aggregate usage, and provide support.
- Consent: for optional cookies, newsletters, marketing emails, or other consent-based processing where required.
- Legal obligation: for tax, accounting, payment, compliance, and lawful request obligations.
You may have rights to access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority. Withdrawing consent does not affect processing that happened before withdrawal.
If you believe we have not resolved your concern, you may have the right to contact your local data protection authority.