Skip to content
jato
Writing Systems Experiments About

← About

Jaunty Lobster

Privacy Policy

Last updated May 10, 2026

Jaunty Lobster is a personal job-search assistant. It helps you build a profile from your résumé / a voice intro / a guided Q&A, scores public job postings against that profile, and drafts cover letters and tailored résumés that you review before sending.

This document describes what data the app collects, how it’s used, and who sees it. Plain-English first; the legalese is at the end.

Data the app collects

CategoryWhatWhy we have itWhere it lives
AccountEmail addressMagic-link sign-inSupabase Auth (Postgres)
ProfileRésumé text, voice transcript, Q&A answers, target job titles, work-auth, salary preferencesPowers job matching and draft generationSupabase Postgres (profiles table), encrypted at rest
Job interactionsWhich matches you saved / dismissed / applied to, your notes, draft cover letters and résumés you generateTracking your own job huntSupabase Postgres (matches, drafts tables)
DeviceAPNs device token (when push enabled)Daily-match notificationsSupabase Postgres (device_tokens), Apple APNs servers
OperationalToken-usage and timing per AI call (no profile content)Cost monitoring + debugging prompt regressionsSupabase Postgres (llm_calls table)

We do not collect: contacts, location, photos, calendar, browsing history, advertising identifiers, or any analytics events.

How your data is used

  • Job matching: your profile is sent to Anthropic’s Claude API to score job postings against it. The full request is the profile JSON + the public posting text. Anthropic’s data-use policy applies; per their API usage rules, inputs sent via the API are not used for training.
  • Draft generation: same channel — your profile + the posting → Claude → a cover-letter or résumé draft. Drafts are stored in your Supabase project and never leave it except when you tap Share.
  • Push notifications: if you enable them, Apple Push Notification service receives an opaque device token from your phone. We use that token to send a daily summary of your top matches. Apple’s APNs privacy applies.
  • Job-source fetching: when ingesting jobs from Greenhouse, Lever, and (optionally) USAJobs, we call those public endpoints with a User-Agent identifying the app. We don’t send your profile to them.
  • User-pasted job URLs: when you paste a URL via the + button, the parsed job is added to a shared cache that other users of the app may also see in their daily matches. The URL itself, the extracted title/company/description, and the source-id are shared. Your profile is not shared.

Who sees your data

  • You: full access via the app and (if you ask) export.
  • The author of this app (you, hosting Supabase): root access to the Supabase project as the owner.
  • Anthropic: receives prompts that include your profile + job text during scoring and drafting. See their data policy.
  • Apple: receives push tokens + push payload titles/bodies (which include the top-matched company name).
  • Job-source providers (Greenhouse, Lever, USAJobs): receive only HTTP requests for their public job listings. They don’t receive your profile.
  • No other third parties. No analytics, no advertising, no profiling vendors, no email marketing.

Retention

  • Account, profile, matches, drafts, device tokens, and llm_call logs are retained as long as your account exists.
  • Deleting your account removes all the above. (Manual step today: ask the author. A self-serve account-deletion flow is on the roadmap.)
  • The shared job_postings cache retains pasted-URL parses indefinitely but only the public posting content, not anything tied to you.

Children

This app is not intended for users under 16. Don’t use it if you are.

Changes

If we change what data is collected or how it’s used, this page will be updated and (for material changes) you’ll see a notice in the app.

Contact

Questions: jamesbrown4@gmail.com.

The legalese

This service is provided “as is” without warranty. By using it you authorize the data flows described above. We follow industry-standard practices for data security but make no specific representations beyond what’s required by applicable law (in the US, that primarily means notification of any data breach affecting personal information).

If you’re an EU/UK resident: you have the rights described in GDPR (access, rectification, erasure, portability, objection). Email the contact above and I’ll handle the request manually within 30 days.

If you’re a California resident: you have the rights described in CCPA. Same contact. Same 30-day response window. We do not sell your data.

GitHub · LinkedIn · Email

Earlier work →

jato
Writing Systems Experiments About Archive