Privacy Policy

myjobb (operated by Infyn Technologies Pvt Ltd, Bengaluru, India) provides an AI-powered job-search assistant: a web application at app.myjobb.ai and a companion Chrome extension that helps you discover and apply to roles across Indian job aggregators.

References to “we”, “us”, or “myjobb” mean the operating entity above. References to “you” or “your” mean the person using our services.

For any privacy question, contact us at contact@myjobb.ai.

We collect only what we need to operate myjobb. Concretely:

• Account information — name, email address, phone number, password hash (never the plaintext password), Google or LinkedIn OAuth identifier if you sign in via SSO.
• Professional profile — résumé contents (parsed text + structured fields you confirm), current and target job titles, years of experience, current and expected compensation, preferred locations, skills, education history. You can edit or delete this any time from your dashboard.
• Auto-apply state — which job boards you have connected, the cookies needed to keep those sessions warm (stored encrypted at rest), and the application history your agent generates. The exact per-platform cookie scope is enumerated in §09 below — on Naukri this includes every cookie set on naukri.com that the browser would normally send on a logged-in request (session, refresh, session anchors, anti-bot / fingerprint cookies); on Foundit, Hirist, and Instahyre we read a strict named subset.
• Operational metadata — request logs, IP address (for abuse prevention only), user-agent, timestamps. Retained 90 days, then aggregated or deleted.
• Communications you initiate — support tickets, email replies, voluntary feedback.

We do not collect: health information, government-issued identification numbers, financial account credentials, or location data beyond city-level preferences you set yourself.

Your data is used only for the following narrow purposes:

• To match your profile against job postings and produce a relevance score.
• To submit applications you have explicitly opted into, on your behalf, on supported platforms.
• To keep your job-board sessions live so auto-apply does not fail overnight.
• To send service emails (welcome, connection-expired, run-summary). You can mute these from settings.
• To improve our matching and scoring quality — in aggregate, never tied to your identity.
• To prevent fraud, abuse, and unauthorised access.

We do not use your data to train third-party AI foundation models, profile you for advertising, build look-alike audiences, or score you for any lending, credit, insurance, or employment-screening purpose.

We have never sold, rented, or traded user data, and we never will. This is not a marketing line — it is a commercial commitment we make to every paying and free user. Our revenue comes from subscriptions to the myjobb product. Period.

We share data only with:

• The job boards you connected — when your agent applies on your behalf, your résumé and answers are submitted to that specific employer or platform, exactly as you would have done manually.
• Sub-processors who run our infrastructure — listed in §08 below. Every sub-processor is bound by a data-processing agreement that mirrors this policy.
• Law-enforcement — only when compelled by a valid Indian legal order, and only the narrowest subset of data the order requires. We publish a transparency note any time we receive one.

Engineering practices used to protect your data:

• All traffic is HTTPS / TLS 1.2+. We do not accept plaintext HTTP for any API.
• Job-board session cookies are encrypted at rest using AES-256 with keys rotated quarterly.
• Passwords (where applicable) are stored as argon2id hashes — never as plaintext, never recoverable.
• Database backups are encrypted, regionally restricted (India), and retained 30 days.
• Access to production data is limited to two engineers, gated by hardware-key MFA, and logged for audit.
• Every code change passes review and automated security scanning before deploy.

No system is perfectly secure. If we ever experience an incident that affects your data, we will notify you within 72 hours of confirming it, describe what happened, and tell you what to do.

• Active account data — for as long as your account is open.
• Closed account data — wiped within 30 days of deletion request, except records we are legally required to retain.
• Request logs — 90 days, then aggregated.
• Support tickets — 2 years, for warranty and pattern-detection.
• Billing records — 7 years, per Indian tax law.

You have the right to:

• Access a portable copy of everything we hold about you — request from the dashboard or email us.
• Correct any field — most are editable in-app; for anything else, email us.
• Delete your account and all derived data — use Settings → Delete Account, or email us.
• Withdraw consent for auto-apply at any time — disconnects every job board immediately.
• Lodge a complaint with the Data Protection Board of India once it becomes operational under the DPDP Act, 2023.

We respond to verified rights requests within 7 business days.

We use the following providers to run myjobb. Each handles narrow, scoped data — never the whole picture:

• Google Cloud Platform — application hosting, Cloud SQL (Postgres), Cloud Storage. Region: asia-south1 (Mumbai).
• Vertex AI — LLM inference for résumé tailoring and match-scoring. No data is retained by Google after the request.
• Resend — transactional email delivery (welcome, connection-refresh).
• Stripe / Razorpay — payment processing. We never see your card details.
• Trigger.dev — scheduled background workers for cookie refresh.
• Sentry / Langfuse — error and cost telemetry. Personal data is scrubbed before ingestion.

On the website (myjobb.ai, app.myjobb.ai): we use a single first-party session cookie to keep you signed in. We do not use third-party advertising cookies, no Facebook Pixel, no Google Ads tag, no behavioural tracking.

In the Chrome extension: the cookies permission is used onlyafter you click “I agree & connect” inside the extension popup for a given platform. We never read cookies on any site outside the four job boards listed below, and we never read cookies on any board you have not explicitly connected through the popup.

Below is the exact per-platform scope of cookies the extension reads and transmits over HTTPS to api.myjobb.ai, where they are encrypted at rest with AES-256 and used solely to keep your job-board session warm for the daily auto-apply run you scheduled.

Naukri (www.naukri.com)

When you click “Connect Naukri” and consent, the extension reads every cookie currently set on naukri.com that your browser would send on a logged-in request. This is necessary because Naukri’s server-side refresh endpoint requires the full session jar (auth JWT, refresh JWT, session anchors, and anti-bot / fingerprint cookies) to mint a fresh 1-hour access token each cycle — narrowing the jar causes the daily auto-apply run to fail. Representative cookie names include:

• nauk_at — 1-hour-lived access JWT (primary auth)
• nauk_rt — long-lived refresh JWT (used by the keep-warm worker)
• nauk_sid — session anchor
• session and anti-bot / fingerprint cookies set by naukri.com (names vary)

We do not read cookies on any other subdomain of naukri.com beyond what the browser would send to www.naukri.com, and we do not use the cookies for any purpose other than keeping the Naukri session warm and submitting applications you opted into.

Foundit (www.foundit.in)

The extension reads a strict named allowlist:

• MSSOAT — primary auth token
• MSAL — session anchor
• MSSOCLIENT — client identifier
• _abck, bm_sz, ak_bmsc — Akamai bot-manager cookies (required to pass anti-bot checks during the keep-warm refresh)

Hirist (www.hirist.tech, gladiator.hirist.tech)

The extension reads a strict named allowlist:

• HIRIST_CK1 — auth JWT (primary)
• hirist_seeker_enc — duplicate of the auth JWT on a different cookie scope; required by the gladiator.hirist.tech API
• PHPSESSID — server-side session anchor
• ak_bmsc, bm_sv — Akamai bot-manager cookies (required to pass anti-bot checks during the keep-warm refresh)
• _t_ds — tracking cookie that Akamai signs into its bot-manager state; must replay verbatim or the refresh fails
• chatSdkToken, assessmentSdkToken — captured opportunistically when present; required by the screening-questionnaire flow but not required to connect

Instahyre (www.instahyre.com)

The extension reads a strict named allowlist:

• sessionid — Django session cookie (primary auth)
• csrftoken — CSRF token required for apply requests
• cf_clearance, __cf_bm — Cloudflare cookies, when present

How to revoke: click Disconnect on any platform card in the extension popup. This deletes the stored cookies from our backend immediately and revokes the per-platform consent inside the extension. You can also uninstall the extension at any time — Chrome clears all chrome.storage.local data, including the consent record, on uninstall.

myjobb is built for working professionals. We do not knowingly accept users under 18. If you believe a minor has created an account, contact us and we will remove it.

We will update this page when our practices change. The effective date at the top reflects the most recent revision. Material changes are emailed to active users at least 14 days before they take effect.

Questions, requests, or complaints — email contact@myjobb.ai. Postal: Infyn Technologies Pvt Ltd, Bengaluru, Karnataka, India.