Privacy policy

Back to home

Last updated: November 2024

Overview

Job Marked Down is a privacy-first application designed to help you create and manage job application documents. By default, all your data stays on your device and never leaves it.

Local storage

By default, Job Marked Down stores all your data locally in your browser using IndexedDB. This means:

  • Your data never leaves your device
  • We cannot access, read, or analyze your documents
  • Your data is only accessible to you on your current device
  • Clearing browser data will delete your documents

Cloud sync

Cloud sync is an optional feature that allows you to synchronize your data across multiple devices. When you enable cloud sync:

End-to-end encryption

We use end-to-end encryption with a zero-knowledge architecture. This means:

  • Your data is encrypted on your device before being uploaded
  • Your passphrase never leaves your device
  • We store only encrypted data that we cannot decrypt
  • Developers, administrators, and anyone with database access cannot read your data

What we can see

When you use cloud sync, we can see:

  • Your email address used for authentication
  • A random salt value stored in plain text
  • A verification hash to check passphrase validity
  • When you last synced your data
  • The size of your encrypted data

What we cannot see

We cannot see:

  • Your passphrase
  • Your document content
  • Your job application information
  • Document names, templates, or settings
  • Any decrypted information

Authentication

Cloud sync uses email-only authentication via magic links provided by Supabase. No passwords are required. When you sign in:

  • We send a one-time sign-in link to your email
  • Clicking the link authenticates your session
  • Your session is managed by Supabase authentication

Data recovery

Important: Due to our zero-knowledge encryption, if you forget your passphrase, your synced data cannot be recovered. There is no password reset or recovery mechanism. This is a security trade-off that ensures your data remains completely private.

Email changes

It is currently not possible to change the email address. This feature will be added in the future, if requested.
As a temporary solution, you can download the data, sign in to your new account and upload the data.

Data deletion

You can delete your data at any time:

  • Local data: Clear your browser data or delete documents individually within the app
  • Synced data: Delete the cloud data, sign out from cloud sync to stop syncing. To permanently delete your account, contact us,

Third-party services

We use the following third-party services:

  • Supabase: For authentication and encrypted data storage. See Supabase privacy policy
    Your personal data is processed and stored on servers located in Tokyo, Japan. This transfer is covered by the European Commission’s adequacy decision for Japan, which ensures your data is protected under standards equivalent to GDPR. We have a Data Processing Agreement (DPA) in place with Supabase.

Analytics and tracking

We do not use any analytics, tracking, or monitoring tools. Your usage of the application is completely private.

GDPR compliance

Job Marked Down is designed with GDPR principles in mind. You have the right to:

  • Access your data at any time by exporting it
  • Delete your data or request deletion of your account
  • Opt out of cloud sync and use only local storage

Changes to this policy

We may update this privacy policy from time to time. We will notify users of any material changes by updating the “Last updated” date at the top of this policy.

Contact

If you have questions about this privacy policy or how your data is handled, please contact us at https://support.tantely.fr/.