Privacy Policy

Last updated: May 2026

Joblio("we", "us") is operated by Kesh Business Hub LLC, a Delaware limited liability company. This policy explains what data we collect, how we use it, and the rights you have over it.

1. What we collect

  • Account information: your email address, and (if you sign in with Google) your name and profile photo.
  • Resume content: the resume text you paste or upload to Joblio. Stored encrypted at rest in our database.
  • Job descriptions: any job descriptions you paste for tailoring. Stored with the corresponding tailoring job.
  • Usage data: which features you use, when, and token/cost metadata for AI calls. We use this to enforce plan limits and monitor system health.
  • Payment data: we use Stripe for billing. We never see or store your card details. Stripe gives us a customer ID and subscription status.
  • Cookies: a single essential cookie to keep you signed in. No advertising or third-party tracking cookies.

2. How we use it

  • Run the service: generate tailorings, cover letters, interview questions, etc.
  • Bill you: only if you upgrade beyond the free tier.
  • Improve product:aggregate, de-identified usage stats (e.g. "average tailoring takes 18 seconds").
  • Service emails: account verification, password reset, subscription receipts. No marketing emails without explicit opt-in.

3. Third parties we share with

  • Anthropic (Claude API):we send your resume + JD text to Anthropic to generate the rewrite. Per Anthropic's policy, they do not train models on API data and do not retain it beyond what's needed to provide the service.
  • Supabase: hosts our database and authentication in SOC 2-compliant infrastructure.
  • Stripe: processes payments. PCI-DSS Level 1 compliant.
  • Hetzner: hosts our application servers in ISO-27001 certified data centers.
  • Cloudflare: provides DNS and SSL.

We do not sell or rent your data to advertisers or any other third party.

4. Your rights

You can, at any time:

  • Export your data — from Settings → Export my data.
  • Delete your account — from Settings → Delete account. Removes all your data within 30 days.
  • Request a copy of all data we hold on you by emailing privacy@thejoblio.com.
  • Correct inaccurate data — you can edit your profile, name, and saved resumes directly.
  • Under GDPR / UK GDPR / CCPA, you also have the right to object to processing, restrict processing, and lodge a complaint with your local data protection authority.

5. Data retention

We keep your account data while your account is active and for 30 days after you delete it (for recovery in case of mistakes). After 30 days, all your data is permanently removed from primary storage and from backups within 90 days. Aggregate, de-identified analytics may be retained indefinitely.

6. Security

All data is encrypted in transit (TLS 1.3) and at rest. Row-level security ensures that even within our database, you can only access your own data. Passwords are never stored — we delegate authentication to Supabase Auth, which uses bcrypt and modern best practices.

7. Children

Joblio is for users 16 and over. We don't knowingly collect data from anyone younger. If you believe a child has signed up, email privacy@thejoblio.com and we'll remove the account.

8. Changes to this policy

If we make material changes we'll notify you by email and show a banner in the app. Continued use after the effective date constitutes acceptance.

9. Contact

Kesh Business Hub LLC
privacy@thejoblio.com
Contact form