Privacy

Privacy policy

Effective: 2026-04-30 · Last reviewed: 2026-04-30

Plain English summary — your resume, profile, and application history live on your machine. We see your email + license key (for billing). We see usage counts (sessions, applications submitted) for service quality and dispute defense. We don’t see resume contents, application answers, or cover letter drafts.

What stays on your machine

Your resume content
Your profile (name, address, work history, education)
Your Q&A library (custom answers to screening questions)
Your application history (which jobs you applied to)
Cover letter drafts
Browser session cookies for the platforms you log into

All of the above is stored in a local SQLite database on your computer. We never receive a copy.

What we collect

Account information: email, license key, subscription tier, billing status — via our payment processor (Stripe).
Usage telemetry: session start times, application submission counts (per platform), AI request counts. We don’t see the content of your applications.
Device fingerprint: a hashed identifier so we can enforce per-license device limits.
Crash diagnostics: opt-in. If enabled, we receive stack traces (no user data).

AI request handling

AI requests (resume tailoring, cover letter drafts, screening answers) are routed through Cloudflare AI Gateway with logging disabled. The data flows through Cloudflare’s SOC 2 audited infrastructure to either Google AI Studio or OpenAI for completion. We don’t store or log the content of these requests on our side.

Both Google and OpenAI honor zero-retention contracts on the API tier we use. Their privacy policies apply to data passing through their systems.

Why we collect usage telemetry

To enforce subscription tier limits (applications-per-month caps)
To detect and prevent abuse
To respond to chargeback disputes (proof that you actively used the product)
To improve the product (which platforms struggle, which features are used)

Data retention

Account information: kept while your subscription is active, plus 30 days after cancellation.
Usage telemetry: 180 days, then deleted.
Billing records: 7 years (legal/tax requirement).

Your rights (GDPR / CCPA)

You can request a copy, correction, or deletion of any data we hold about you by emailing support@timebaq.app. We respond within 30 days.

Subprocessors

Stripe — payment processing, subscription management
Cloudflare — hosting, AI Gateway, edge database
Google AI Studio & OpenAI — AI inference (logging-off contracts)

Contact

support@timebaq.app

This is a working draft. Legal review pending before public launch.