Security

Security at iNeedAutoJob

Your credentials are encrypted, your data is yours, and nothing is ever submitted without your approval.

AES-256-GCM encryption

Source login credentials are encrypted at rest — never stored in plain text.

You approve everything

Nothing is submitted automatically. Every application is a click you make.

Honest by design

When something fails, you get the exact reason — no silent drops.

Last updated: July 16, 2026

This page describes the concrete practices we use to protect your account and your data on iNeedAutoJob. We focus on describing what we actually do — not on badges we haven’t earned.

Encryption

Sensitive data — most importantly your job-board login credentials — is encrypted at rest using AES-256-GCM, an authenticated encryption standard with a random initialization vector per secret. Credentials are never stored in plain text. Traffic between your browser and the app travels over HTTPS/TLS, so data is protected in transit as well as at rest.

How credentials are handled

We never store your JobStreet password. Applications on boards like JobStreet happen inside your own already-signed-in browser session — the extension never sees or transmits that password. For other sources that require a login, we store those credentials encrypted and use them only to find and submit jobs on your behalf. You can update or remove a source — and its stored credentials — at any time from the Sources page.

Your session, your IP

Boards like JobStreet require applications to be filed from your own logged-in session. The optional browser extension acts within that session to complete forms you’ve approved — using your login, your session, and your IP. It runs only while enabled, works on your behalf, and can be disabled or removed whenever you like. On those boards, file uploads use the résumé already on your job-board profile.

You’re always in control

The engine drafts and queues applications, but it never submits anything on its own. Every application requires your explicit approval, individually or in bulk. If a job can’t be applied to, the queue reports the exact reason so you’re never left guessing — we practice honest failure reporting rather than silent drops.

Access & data handling

  • Access to production data is limited to what’s needed to operate and support the Service.
  • We don’t sell your personal data, and we share it only with the providers that help run the product (see below).
  • Your data belongs to you — export it (on Pro) or request deletion at any time.

Infrastructure & sub-processors

We rely on a small set of trusted providers to run the Service, and share only what each needs:

  • Supabase — database and authentication.
  • Google Gemini — AI text generation.
  • Vercel — application hosting.
  • Resend — transactional email (e.g. sign-in codes).
  • Our payment provider — Pro subscription billing.

Résumé handling

We read the text of the résumé PDF you upload so the AI can tailor applications accurately. Uploading a new PDF replaces the old one; an ordinary save never wipes it. ATS-optimized versions are generated as copies — your original is never overwritten.

Report a security issue

Found a vulnerability or have a concern? We appreciate responsible disclosure. Email support@ineedautojob.com and we’ll respond promptly.