Privacy Policy

Last updated: March 29, 2026

This Privacy Policy describes how Josy ("we", "our", or "us") collects, uses, and protects your information when you use the Josy Chrome extension and associated backend service.

1. Information We Collect

• Account information: Your email address and name via Google OAuth login (managed by Supabase Auth).
• CV / Resume data: The text content of CV files you upload (PDF or DOCX). This is stored securely in Supabase Storage and used solely to perform job description matching.
• Job description text: Text you select on job listing pages is sent to our API for AI-powered matching. This text is cached temporarily (up to 7 days) via an anonymized hash to reduce redundant API calls.
• Application tracking data: Job title, company name, and URL captured when you click Apply on a job page. This data is written directly to your own Google Sheet — we do not store it on our servers.
• Payment information: Payments are processed by LemonSqueezy and PayOS. We do not store your card details. We receive and store transaction records (amount, date, credit granted) for credit balance management.
• Usage data: Credit balance, transaction history, and basic usage logs for billing and support purposes.

2. How We Use Your Information

• To authenticate you and maintain your session.
• To match your CV against job descriptions using AI.
• To manage your credit balance and process payments.
• To set up and write to your Google Sheet job tracker.
• To improve the reliability and quality of the service.

3. Data Storage and Security

Your data is stored on Supabase (PostgreSQL database and file storage), hosted on AWS infrastructure. CV files are stored in Supabase Storage with access restricted to your account. All data in transit is encrypted via HTTPS/TLS.

4. Third-Party Services

• Supabase — authentication, database, and file storage. Privacy Policy
• Google OAuth & Google Sheets API — login and job tracking. Privacy Policy
• LemonSqueezy — payment processing. Privacy Policy
• PayOS — Vietnamese payment gateway. Their privacy policy governs payment data.
• Google Gemini / OpenAI — AI matching via LiteLLM proxy. Job description text and CV summaries are sent to these providers for analysis. Inputs are not used to train their models under our API agreements.

5. Data Retention

Your CV files and profile data are retained as long as your account is active. Cached match results are retained for up to 7 days. You may request deletion of your account and all associated data by contacting us.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at the email below. We will respond within 30 days.

7. Children's Privacy

Josy is not directed at children under 13. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date above.

9. Contact

If you have any questions about this Privacy Policy, please contact us at: support@josy.app