Last updated: July 16, 2026
This page describes the concrete practices we use to protect your account and your data on iNeedAutoJob. We focus on describing what we actually do — not on badges we haven’t earned.
Encryption
Sensitive data — most importantly your job-board login credentials — is encrypted at rest using AES-256-GCM, an authenticated encryption standard with a random initialization vector per secret. Credentials are never stored in plain text. Traffic between your browser and the app travels over HTTPS/TLS, so data is protected in transit as well as at rest.
How credentials are handled
We never store your JobStreet password. Applications on boards like JobStreet happen inside your own already-signed-in browser session — the extension never sees or transmits that password. For other sources that require a login, we store those credentials encrypted and use them only to find and submit jobs on your behalf. You can update or remove a source — and its stored credentials — at any time from the Sources page.
Your session, your IP
Boards like JobStreet require applications to be filed from your own logged-in session. The optional browser extension acts within that session to complete forms you’ve approved — using your login, your session, and your IP. It runs only while enabled, works on your behalf, and can be disabled or removed whenever you like. On those boards, file uploads use the résumé already on your job-board profile.
You’re always in control
The engine drafts and queues applications, but it never submits anything on its own. Every application requires your explicit approval, individually or in bulk. If a job can’t be applied to, the queue reports the exact reason so you’re never left guessing — we practice honest failure reporting rather than silent drops.
Access & data handling
- Access to production data is limited to what’s needed to operate and support the Service.
- We don’t sell your personal data, and we share it only with the providers that help run the product (see below).
- Your data belongs to you — export it (on Pro) or request deletion at any time.
Infrastructure & sub-processors
We rely on a small set of trusted providers to run the Service, and share only what each needs:
- Supabase — database and authentication.
- Google Gemini — AI text generation.
- Vercel — application hosting.
- Resend — transactional email (e.g. sign-in codes).
- Our payment provider — Pro subscription billing.
Résumé handling
We read the text of the résumé PDF you upload so the AI can tailor applications accurately. Uploading a new PDF replaces the old one; an ordinary save never wipes it. ATS-optimized versions are generated as copies — your original is never overwritten.
Report a security issue
Found a vulnerability or have a concern? We appreciate responsible disclosure. Email support@ineedautojob.com and we’ll respond promptly.