This document describes how Jobholster ("the app") handles your data. The app is intentionally designed so that the operators of any hosted copy hold the minimum information needed to provide the service.
When you create an account, the following data is stored on the operator's managed cloud database:
Each user's rows are isolated from every other user's rows by row-level security at the database layer. Two contractors using the same hosted URL never see each other's data.
AI features are enabled by default for every signed-in user. When you click "Analyze" on a message — or "Format with AI" on a voice memo — the relevant text (and, for analyze, the names/phones/addresses of your existing clients used for matching) is forwarded through the operator's AI proxy to a third-party large-language-model provider for processing. The provider's API key lives only on the proxy server; the app does not accept user-supplied API keys. The provider's published data-handling policy governs that transmission. You can request the current provider's name from the operator's support address at any time. If the operator hasn't configured the proxy in this build, the offline heuristic extractor runs instead and nothing is sent to any AI provider.
If the hosted copy has analytics configured, the app sends a small set of anonymous product events to a third-party product-analytics provider: signup, signin, signout, message_analyzed, client_created, client_status_changed, settings_opened, export_data, cloud_backup_enabled, cloud_backup_disabled. The only user-scoped value sent is your random account ID (a UUID with no personal information embedded). No email, name, phone number, address, dollar amount, message text, voice memo, audio, photo, or note content is ever sent to the analytics provider. You can opt out at any time in Settings → Privacy.
The app uses your browser's localStorage to cache your data for offline access and to remember your sign-in session. It does not set tracking cookies. If you sign out and clear browser data, the local cache is removed.
You can permanently delete your account and all associated data at any time from inside the app: open Account → Delete my account, type the confirmation phrase, and confirm. Deletion is immediate and removes your sign-in identity, all client records, messages, notes, attachments, voice memos, encrypted backups, organization memberships, and AI usage history. If you can no longer access the app, see delete-account.html for an email-based deletion request process. Aggregated, non-identifiable analytics events and anonymized server logs may persist briefly before being purged.
Active rows are retained as long as your account exists. Soft-deleted rows are kept for 30 days before being permanently purged so accidental deletions can be undone. Backups taken by the operator's cloud database provider for disaster recovery are retained according to that provider's standard backup window.
The app is not intended for use by children under 13. Do not create an account if you are under 13.
If this policy materially changes, the operator will update the "Last updated" date above and surface a notice in the app on next sign-in.
This is the privacy policy for a specific deployed copy of the app. The operator of your copy is responsible for keeping their contact details up to date here. If you accessed this app via a domain that isn't yours, ask the person who shared the link for their contact details.
© 2026 Jobholster LLC. All rights reserved.