Privacy Policy
Last updated: February 26, 2026
My Career Hub (“we”, “us”, or “our”) operates the website mycareerhub.website and the My Career Hub web application at app.mycareerhub.website (together, the “Service”). This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
My Career Hub
Email: ask@mycareerhub.website
If you have any questions about how we process your data, please contact us at the email above.
2. What Data We Collect
We collect and process the following categories of personal data:
a) Account Information
- Name and email address (provided via Google Sign-In)
- Google account identifier
b) Email Metadata (with your consent)
- Email subject lines, sender addresses, and message snippets from job-related emails
- Email message IDs (for deduplication)
- We do not read or store the full body of your emails
c) Application Data
- Company names, job titles, and application statuses extracted by our AI
- Status history and timeline of your job applications
d) Technical Data
- Browser type and version
- Device information and screen resolution
- IP address (anonymized where possible)
- Pages visited and interaction patterns
e) Cookie Data
- Essential cookies required for the Service to function
- Optional analytics cookies (only with your consent)
- See our Cookie Policy for full details
3. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Scanning your Gmail for job-related emails | Explicit consent (Art. 6(1)(a)) |
| AI processing of email data to extract application info | Explicit consent (Art. 6(1)(a)) |
| Sending service-related communications | Legitimate interest (Art. 6(1)(f)) |
| Improving the Service and fixing bugs | Legitimate interest (Art. 6(1)(f)) |
| Analytics and usage tracking | Consent (Art. 6(1)(a)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
Where processing is based on consent, you may withdraw your consent at any time (see Section 11).
4. How We Use Your Data
We use the personal data we collect to:
- Provide, operate, and maintain the Service
- Identify and track job applications from your connected email accounts
- Display your application pipeline and status history
- Improve, personalize, and develop new features
- Communicate with you about service updates or support requests
- Ensure the security and integrity of the Service
- Comply with applicable laws and regulations
5. Automated Decision-Making and AI Processing
Our Service uses artificial intelligence (AI) to process your email metadata and automatically extract job application information (company names, job titles, application statuses, and dates). This constitutes automated processing under GDPR Article 22.
How it works: When you connect your Gmail, our system scans email subject lines, sender addresses, and snippets to identify job-related correspondence. The AI categorizes emails as applications, rejections, interview invitations, or offers, and extracts structured data.
Your rights regarding automated processing:
- Request human review of any automated decision
- Express your point of view and contest any automated result
- Edit or correct any extracted data in your dashboard
- Opt out of automated processing by disconnecting your email
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
- Account data: Retained while your account is active. Deleted within 30 days of account deletion.
- Application data: Retained while your account is active. Deleted within 30 days of account deletion.
- Email tokens: OAuth refresh tokens are retained while your email account is connected. Revoked and deleted when you disconnect the email or delete your account.
- Email content: Email metadata is processed in real-time and not permanently stored. Only extracted application data (company, title, status) is retained.
- Technical logs: Server logs are retained for up to 90 days for security and debugging purposes.
- Cookie consent preferences: Stored in your browser localStorage until you clear it.
7. Google API Services User Data Policy
MyCareerHub’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
7.1 Limited Use Disclosure
MyCareerHub accesses Google user data (specifically Gmail messages via the gmail.readonly scope) solely to identify and track job application-related emails. Our use of this data is limited as follows:
- Purpose limitation: We only use Gmail data to identify job application confirmation emails, interview invitations, offers, and rejections. We extract only the email subject, sender, and a short snippet — we do not read or store full email bodies.
- No advertising: We do not use Google user data to serve advertisements.
- No unauthorized transfers: We do not transfer Google user data to third parties unless necessary to provide or improve the service, comply with applicable laws, or as part of a merger/acquisition with adequate data protection.
- No human reading: No humans read your Google user data unless (a) you give us affirmative consent, (b) it is necessary for security purposes (investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
- Data minimization: We process email metadata (subject, sender, snippet) in real-time through our AI classification system and only store the extracted job application details (company name, position, status). Raw email data is not permanently stored.
7.2 Scope Justification
We request the gmail.readonly scope to scan your inbox for job application-related emails. This is the minimum scope required to identify application confirmations, interview invitations, and status updates from employers. We do not request write, send, or modify permissions.
8. Data Sharing and Sub-Processors
We do not sell, rent, or trade your personal data to third parties. We share data only with the following service providers who process data on our behalf:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Supabase | Database hosting and authentication | United States |
| Google (Gmail API) | Email access via OAuth 2.0 | United States |
| Anthropic (Claude AI) | AI processing of email content | United States |
| Hostinger | Website and VPS hosting | European Union |
All sub-processors are bound by data processing agreements and are required to protect your data in accordance with GDPR standards.
9. International Data Transfers
Some of our sub-processors are located in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Data processing agreements with all sub-processors
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest
- Access control: Row-level security (RLS) ensures users can only access their own data
- Authentication: Secure OAuth 2.0 for Google Sign-In with minimal permission scopes
- Read-only access: We request only read-only access to your Gmail (no ability to send, delete, or modify emails)
- Regular audits: We regularly review and update our security practices
11. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of all personal data we hold about you
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
- Right to erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”)
- Right to restrict processing (Art. 18): Request that we limit how we use your data
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interest
- Right to withdraw consent (Art. 7): Withdraw previously given consent at any time
- Rights related to automated decisions (Art. 22): Request human review of automated decisions
To exercise any of these rights, please contact us at ask@mycareerhub.website. We will respond to your request within 30 days.
12. Right to Lodge a Complaint
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can contact the data protection authority in your country of residence, place of work, or where the alleged infringement took place.
For the UK: Information Commissioner’s Office (ICO) — ico.org.uk
13. Cookies
Our website uses cookies. Essential cookies are necessary for the site to function and are always active. Optional cookies (such as analytics) are only set with your explicit consent via our cookie banner. For detailed information about the cookies we use, please see our Cookie Policy.
14. Children’s Privacy
Our Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised “Last updated” date. We encourage you to review this page periodically.
16. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us:
Email: ask@mycareerhub.website
Website: mycareerhub.website/contact