← Back to JobSentry

Privacy Policy

Last updated: 21 March 2026

About this policy

JobSentry ("we", "us", "our") is an Australian job search platform that provides ghost job detection, scam alerts, salary intelligence, and personalised job matching. This policy explains how we handle your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and the EU General Data Protection Regulation (GDPR) where applicable.

1. Information we collect

Account information:

  • Email address (for authentication and communications)
  • Password (stored as a bcrypt hash — we never store or see your plaintext password)
  • Subscription tier and billing identifiers (if you subscribe to Pro)

Profile preferences:

  • Target job roles, industries, and locations
  • Skills, qualifications, and experience level
  • Work type and arrangement preferences
  • Matching weight preferences

Usage data:

  • Job application tracking entries you create (company, title, status, offered salary)
  • Saved searches and company watch lists (Pro)
  • Job listing reports you submit (scam, ghost, misleading)
  • Salary submissions you voluntarily provide

Extension data:

  • Job listing metadata extracted from SEEK, Indeed AU, and LinkedIn job pages (title, company, salary, location, description) — only on job pages you visit, and only with the extension installed
  • Authentication token stored locally on your device (chrome.storage.local)

2. Information we do not collect

  • Browsing history or activity on non-job-board websites
  • Personal files, contacts, or device information
  • Cookies or tracking pixels (we use privacy-friendly Plausible analytics on the landing page only)
  • Financial information (payment processing is handled entirely by Stripe)
  • Government identifiers (TFN, Medicare, passport)

3. How we collect information

  • Directly from you: when you register, set up your profile, submit reports, or track applications
  • Via the Chrome extension: job listing metadata is extracted from supported job boards (SEEK, Indeed AU, LinkedIn) when you visit job pages with the extension installed
  • From data providers: job listings are sourced from Australian job data providers (Adzuna, Jooble, Careerjet, SerpAPI, Techmap) — this data does not contain your personal information
  • From Stripe: subscription status and billing period dates (not card numbers or bank details)

4. How we use your information

  • Job matching: your profile preferences drive personalised match scores against our job database
  • Ghost job detection: identifying potentially stale or fraudulent listings using 6 automated signals
  • Scam detection: flagging listings that match known scam patterns (7 AU-specific indicators)
  • Salary intelligence: benchmarking salaries by role, state, and work type using aggregated, anonymised data
  • Alerts: notifying you of new jobs matching your saved searches or watched companies (Pro)
  • Communications: welcome emails, weekly digests, and account-related notifications
  • Platform improvement: aggregated, anonymised usage statistics to improve features

We do not use your personal information for advertising, profiling for third parties, or any purpose unrelated to the JobSentry service.

5. Overseas disclosure

Your personal information may be processed by the following overseas service providers:

  • Convex (United States) — cloud database and serverless functions
  • OpenAI (United States) — vector embeddings for semantic job search (job text only, no personal data)
  • Stripe (United States) — payment processing for Pro subscriptions
  • Resend (United States) — transactional email delivery

Our primary server infrastructure is hosted in Sydney, Australia. Job data and user account information are stored on Australian servers. Overseas providers process data under their respective privacy policies and applicable data protection laws.

6. Data security

  • Passwords hashed with bcrypt (cost factor 12)
  • Authentication tokens generated using HMAC-SHA256
  • All connections encrypted with TLS (HTTPS)
  • Rate limiting on all API endpoints to prevent abuse
  • Internal API endpoints protected by shared secret authentication
  • Server containers run as non-root users
  • CORS restricted to specific whitelisted origins
  • Regular security audits of the codebase

7. Data retention

  • Account data: retained while your account is active, deleted on account deletion
  • Job listings: refreshed daily; stale listings are progressively archived (48h stale, 14d inactive, 30d expired)
  • Match scores: recalculated periodically, deleted on account deletion
  • Salary submissions: retained in anonymised, aggregated form (not linked to your identity after processing)
  • Email logs: retained for 90 days for deduplication

8. Access, correction, and deletion

You have the right to:

  • Access your personal information via the extension popup (profile, matches, applications)
  • Correct your information by updating your profile at any time
  • Delete your account permanently from the extension popup settings — this cascade-deletes all your data including match scores, alerts, applications, and profile information
  • Export your data by contacting us (see below)

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

9. EU/UK users (GDPR)

If you access JobSentry from the EU or UK, the following additional rights apply under the General Data Protection Regulation:

  • Legal basis: we process your data based on consent (account registration) and legitimate interest (platform operation and security)
  • Right to erasure: delete your account at any time via the extension (DELETE /api/auth/delete)
  • Right to portability: request an export of your data by contacting us
  • Right to restrict processing: contact us to limit how we use your data
  • Breach notification: in the event of a data breach affecting your personal information, we will notify you within 72 hours

10. Chrome extension permissions

The JobSentry extension requests the following permissions:

  • Host permissions (SEEK, Indeed AU, LinkedIn): to read job listing metadata on supported job board pages and display match scores, ghost indicators, and scam alerts
  • Storage: to save your authentication token and preferences locally on your device
  • Notifications: to alert you about saved search matches (Pro)
  • Active tab: to detect when you are viewing a job listing page

The extension only activates on job listing pages of supported platforms. It does not run on other websites or collect any data outside of SEEK, Indeed AU, and LinkedIn job pages.

11. Pro subscriptions and billing

  • Payment is processed entirely by Stripe — we never see or store your card number, CVV, or bank details
  • Subscriptions renew automatically at the end of each billing period
  • You can cancel at any time via the Stripe billing portal (accessible from your account)
  • Money-back guarantee: 14 days for monthly plans, 30 days for annual plans
  • Refund requests can be made by email within the guarantee period

12. Contact

For privacy enquiries, data access requests, or complaints:

Email: switmitz@hotmail.com

We aim to respond to all privacy-related requests within 30 days, as required under the Australian Privacy Act.