Effective date: April 17, 2026
JobAnvil is a desktop application published by JobAnvil LLC. This policy describes what data JobAnvil accesses, where it goes, and how it is protected.
All data JobAnvil collects — job listings, resumes, application history, and configuration — is stored on your computer in your local application data directory. JobAnvil LLC operates a cloud backend (get.jobanvil.io) for license validation, update checks, and managed AI proxying. This infrastructure does not store your job data, documents, or email content. See §3 (AI Provider Integration), §6 (License Validation), and §9 (Updates & Telemetry) for exactly what transits through that infrastructure.
JobAnvil reads your email inbox to find job alert messages. Depending on your setup, it connects via one of the following:
Email content is parsed locally to extract job listing information. The extracted job data — title, company, description, and related details — is then passed to an AI provider for scoring and resume tailoring as described in §3. Raw email bodies are never sent to JobAnvil LLC, but extracted job content does transit through our AI infrastructure for subscribers using Managed AI.
JobAnvil sends job listing data and portions of your candidate profile to an AI provider to generate match scores, summaries, and tailored resumes. How this data flows depends on your account tier:
You are responsible for ensuring your usage complies with the applicable AI provider's terms of service and acceptable use policy.
Trial usage limits. The 7-day full-access trial ends at whichever happens first: (a) 7 calendar days from your first pipeline run (the clock does not start at install — it starts when you actually use the app), OR (b) the trial token budget is exhausted (currently 187,500 JobAnvil Tokens — roughly 1.5× a typical week of Spark-tier usage). Both limits are intentional: most users hit the time limit first; the token limit prevents abuse via continuous high-volume runs. The token budget is shown in-app on the trial banner. After the trial ends, you remain on a permanent free tier (limited weekly digests) unless you subscribe.
JobAnvil retrieves public job listings from sources you configure:
No personal information is sent to job boards. Only publicly available listing data is retrieved.
The optional JobAnvil browser extension for Chrome captures job listing details (title, company, description, URL) from supported job boards and can import your LinkedIn profile text for resume optimization. Supported sites: LinkedIn, Indeed, Greenhouse, Lever, and Workday. All captured data is sent to the JobAnvil desktop app on your computer via Chrome's native messaging protocol — a local-only communication channel. No data is sent to JobAnvil LLC or any external server by the extension.
To deliver its functionality, the extension uses the following browser capabilities:
JobAnvil validates your license key and binds it to your device through a Cloudflare Worker operated by JobAnvil LLC at get.jobanvil.io. The data transmitted during validation is your license key and a pseudonymous machine identifier (derived from hardware characteristics — not linked to your name, email, or any personal account). No job data, email content, or profile information is included. Payments are processed by Lemon Squeezy; JobAnvil LLC receives only the license key and order confirmation needed to activate your subscription.
All sensitive credentials (OAuth tokens, IMAP passwords, AI API keys) are encrypted at rest using Windows Data Protection API (DPAPI), which ties encryption to your Windows user account. Credentials cannot be read by other users on the same machine.
JobAnvil installers and executables are digitally signed using Azure Trusted Signing (a Microsoft cloud signing service) to verify authenticity and protect against tampering. The signing process transmits only a cryptographic hash of the binary — no personal data or application content is sent. A DigiCert timestamp is embedded in the signature to ensure validity beyond the certificate's rotation window.
When JobAnvil checks for updates, it contacts a Cloudflare Worker operated by JobAnvil LLC (get.jobanvil.io). This request transmits your app version, license tier (trial / free / subscription / lapsed), subscription tier (spark / crucible / astroloy, if applicable), and a pseudonymous machine identifier. This data is stored in a database operated by JobAnvil LLC and used solely to understand which versions are in active use and to enforce minimum version requirements. No name, email address, or personally identifiable information is transmitted.
The Tauri updater separately contacts a hosted endpoint to retrieve the update manifest and installer download. Updates are cryptographically signed and verified before installation — only authentic, signed updates are applied. JobAnvil LLC reserves the right to require mandatory updates, including forcing a minimum version, in cases involving security vulnerabilities, critical bugs, or other circumstances at our discretion.
Forced-update mechanics. When a release is marked as a forced update, the desktop app shows a non-dismissible "Update Required" dialog the next time the app is opened or whenever it is otherwise idle (no pipeline run in flight, no AI streaming response in progress). Until you click Install, the dialog blocks further use of the app. We will never force a restart while a pipeline run, AI streaming response, or other foreground operation is active — you can finish what you started before the prompt appears. Forced updates are applied by downloading the new installer and running it; your local data and settings are preserved across updates.
JobAnvil does not collect usage analytics, crash reports, or personal telemetry beyond what is described in §9 (update/version ping) and §3 (managed AI proxy for subscribers). There are no tracking pixels and no data shared with advertising networks.
JobAnvil includes an optional in-app "Report a bug" feature. When you choose to submit a bug report, the following data is sent to a public GitHub Discussions thread on the JobAnvil repository:
Bug reports are public by default on GitHub Discussions so other users can find and follow up on similar issues. Do not include personally identifying information in the title, description, or screenshot if you want to remain anonymous. The JobAnvil team can also see and respond to bug reports directly via the GitHub Discussions interface. Submission is entirely opt-in — no bug data is sent unless you click Report.
Payment processing via Lemon Squeezy provides us with the email address associated with your subscription for transactional purposes only: order confirmations, receipts, renewal notices, and essential account updates. These are non-marketing messages required to fulfill your subscription.
If we ever introduce marketing emails (for example, trial reminders, feature announcements, or promotional offers), we will do so only on an opt-in basis with a clear unsubscribe mechanism in every message, in compliance with the CAN-SPAM Act, GDPR, and CASL. Opt-in consent defaults to off; you will never be enrolled in marketing communications without affirmatively choosing to receive them. You can withdraw consent at any time by using the unsubscribe link or emailing hello@jobanvil.io.
Since all job data and documents are stored locally, you have full control over them. You can delete individual jobs, resumes, and cover letters from within the app. To remove all data, delete the JobAnvil application data folder directly — located at %LOCALAPPDATA%\JobAnvil on Windows. Uninstalling JobAnvil removes the application but leaves your data folder intact so you don't lose history accidentally — delete it manually if desired. Pseudonymous telemetry data (version pings) stored in JobAnvil LLC's database is not individually deletable, as it contains no personal identifiers.
We may update this policy when we add new integrations or features. Material changes will be noted in the app's release notes. The effective date above reflects the latest revision.
Questions about this policy: hello@jobanvil.io