Effective date: April 17, 2026
JobAnvil is a desktop application published by JobAnvil LLC. This policy describes what data JobAnvil accesses, where it goes, and how it is protected.
All data JobAnvil collects — job listings, resumes, application history, and configuration — is stored on your computer in your local application data directory. JobAnvil LLC operates a cloud backend (get.jobanvil.io) for license validation, update checks, and AI proxying. This infrastructure does not store your job data, documents, or email content. See §3 (AI Provider Integration), §6 (License Validation), and §9 (Updates & Telemetry) for exactly what transits through that infrastructure.
JobAnvil reads your email inbox to find job alert messages. Depending on your setup, it connects via one of the following:
Email content is parsed locally to extract job listing information. The extracted job data — title, company, description, and related details — is then passed to an AI provider for scoring and resume tailoring as described in §3. Raw email bodies are never sent to JobAnvil LLC, but extracted job content does transit through our AI infrastructure for subscribers using JobAnvil's AI.
JobAnvil sends job listing data and portions of your candidate profile to an AI provider to generate match scores, summaries, and tailored resumes. How this data flows depends on your account tier:
You are responsible for ensuring your usage complies with the applicable AI provider's terms of service and acceptable use policy.
Trial usage limits. The 7-day full-access trial ends at whichever happens first: (a) 7 calendar days from your first pipeline run (the clock does not start at install — it starts when you actually use the app), OR (b) the trial token budget is exhausted (currently 187,500 JobAnvil Tokens — roughly 1.5× a typical week of Spark-tier usage). Both limits are intentional: most users hit the time limit first; the token limit prevents abuse via continuous high-volume runs. The token budget is shown in-app on the trial banner. After the trial ends, you remain on a permanent free tier (limited weekly digests) unless you subscribe.
JobAnvil retrieves public job listings from sources you configure:
No personal information is sent to job boards. Only publicly available listing data is retrieved.
The optional JobAnvil browser extension for Chrome captures job listing details (title, company, description, URL) from supported job boards and can import your LinkedIn profile text for resume optimization. Supported sites: LinkedIn, Indeed, Greenhouse, Lever, and Workday. All captured data is sent to the JobAnvil desktop app on your computer via Chrome's native messaging protocol — a local-only communication channel. No data is sent to JobAnvil LLC or any external server by the extension.
To deliver its functionality, the extension uses the following browser capabilities:
JobAnvil validates your license key and binds it to your device through a Cloudflare Worker operated by JobAnvil LLC at get.jobanvil.io. The data transmitted during validation is your license key and a pseudonymous machine identifier (derived from hardware characteristics — not linked to your name, email, or any personal account). No job data, email content, or profile information is included. Payments are processed by Lemon Squeezy; JobAnvil LLC receives only the license key and order confirmation needed to activate your subscription.
All sensitive credentials (OAuth tokens, IMAP passwords, AI API keys) are encrypted at rest using Windows Data Protection API (DPAPI), which ties encryption to your Windows user account. Credentials cannot be read by other users on the same machine.
JobAnvil installers and executables are digitally signed using Azure Trusted Signing (a Microsoft cloud signing service) to verify authenticity and protect against tampering. The signing process transmits only a cryptographic hash of the binary — no personal data or application content is sent. A DigiCert timestamp is embedded in the signature to ensure validity beyond the certificate's rotation window.
When JobAnvil checks for updates, it contacts a Cloudflare Worker operated by JobAnvil LLC (get.jobanvil.io). This request transmits your app version, license tier (trial / free / subscription / lapsed), subscription tier (spark / crucible / astroloy, if applicable), and a pseudonymous machine identifier. This data is stored in a database operated by JobAnvil LLC and used solely to understand which versions are in active use and to enforce minimum version requirements. No name, email address, or personally identifiable information is transmitted.
The Tauri updater separately contacts a hosted endpoint to retrieve the update manifest and installer download. Updates are cryptographically signed and verified before installation — only authentic, signed updates are applied. JobAnvil LLC reserves the right to require mandatory updates, including forcing a minimum version, in cases involving security vulnerabilities, critical bugs, or other circumstances at our discretion.
Forced-update mechanics. When a release is marked as a forced update, the desktop app shows a non-dismissible "Update Required" dialog the next time the app is opened or whenever it is otherwise idle (no pipeline run in flight, no AI streaming response in progress). Until you click Install, the dialog blocks further use of the app. We will never force a restart while a pipeline run, AI streaming response, or other foreground operation is active — you can finish what you started before the prompt appears. Forced updates are applied by downloading the new installer and running it; your local data and settings are preserved across updates.
The JobAnvil desktop application and browser extension do not collect usage analytics, crash reports, or personal telemetry beyond what is described in §9 (update/version ping), §3 (AI proxy for subscribers), and §11 (channel-attribution and aggregate funnel events keyed by your pseudonymous machine identifier). There are no tracking pixels in the app, no data shared with advertising networks from the app, and no analytics scripts (Google Analytics, Meta Pixel, or otherwise) inside the Tauri binary or extension content scripts.
To understand which marketing channels bring users to JobAnvil — and to invest more in the ones that work for people like you — we log a small set of aggregate funnel events on both the marketing website and inside the desktop app. Everything in this section is pseudonymous: keyed either by a per-browser-session identifier (website) or by the same machine identifier hash described in §9 (app). No name, email address, IP address, or precise location is ever stored alongside these events.
Marketing website (jobanvil.io, store.jobanvil.io). The website uses Google Analytics 4 and Meta Pixel for aggregate visitor behavior (page views, navigation paths, scroll depth, conversion events). It also captures UTM campaign parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term) from inbound URLs along with the document.referrer value, and logs aggregate front-of-funnel events (page view, pricing-section view, download click) to a JobAnvil-operated Cloudflare Worker. When you click on a JobAnvil ad on a major platform, that platform may append a click identifier to the URL (fbclid from Facebook/Instagram, gclid from Google Ads, ttclid from TikTok, li_fat_id from LinkedIn, twclid from X, epik from Pinterest). We store the click identifier alongside your UTM trail so we can measure which ads actually drive installs, without identifying you personally.
Server-side conversion forwarding. After you install JobAnvil and the app claims your attribution token on first launch, our Cloudflare Worker may forward a conversion event (e.g. "registration complete", "first run") to Meta's Conversions API and Google's Measurement Protocol alongside the same browser-side events. Server-side forwarding lets ad-optimizers see deep-funnel signals (the app has no browser context, so the pixel cannot observe app-side moments on its own). Identifiers we send: a hash of your pseudonymous machine identifier, the click identifier you arrived with (if any), and the request's coarse IP + user-agent at claim time. We never send name, email address, precise location, or any other identifying field.
What we deliberately turned OFF. Meta Pixel's Automatic Advanced Matching feature — which would auto-scrape hashed email addresses, phone numbers, names, dates of birth, gender, postal codes, and other identifying fields from any form on the website and forward them to Meta — is disabled across the entire site. We made this an explicit choice; the toggles are off in our Meta Events Manager configuration. If we ever add a form to jobanvil.io, none of its fields will be shared with Meta as a side-effect of the Pixel being present. The same posture holds for Google Analytics 4 — no user-provided data fields are forwarded.
Installer (Windows NSIS). When you click a download link on the marketing website, a short-lived attribution token may be embedded in the installer's filename (the token contains no personal data and expires within 24 hours). The installer logs two events to the JobAnvil Worker — installer run and installer complete — and writes the attribution token to a local file under %LOCALAPPDATA%\JobAnvil for the app to read on first launch.
Desktop application. On first launch, JobAnvil POSTs the locally-stored attribution token together with your pseudonymous machine identifier to the same Cloudflare Worker so the marketing-channel data captured before install can be associated with your eventual usage. The local token file is deleted after a successful POST. The app also logs three aggregate funnel events keyed by your machine identifier — first launch, wizard complete, and first pipeline run — and, during onboarding, asks the optional one-question survey "How did you hear about JobAnvil?". The survey is skippable and the response (if given) is stored only as one of a fixed set of channel keywords (e.g. reddit, linkedin, web_search, friend_referral); any free-text "Other" response is capped at 64 characters.
Browser extension. The browser extension fires no funnel events and no analytics requests of any kind. It communicates only with the JobAnvil desktop app over the local native-messaging channel described in §2.
Opt-out. Visitors who prefer not to be tracked can block the website's analytics scripts with any standard tracker-blocker (uBlock Origin, browser built-in protections, Privacy Badger) without affecting site functionality; we also honor the Do Not Track browser signal where supported. On the app side, blocking the funnel events requires blocking the Cloudflare Worker hostname (get.jobanvil.io) at the network level — note that this also disables the update / version-ping path described in §9.
JobAnvil includes an optional in-app "Report a bug" feature. When you choose to submit a bug report, the following data is sent to a public GitHub Discussions thread on the JobAnvil repository:
Bug reports are public by default on GitHub Discussions so other users can find and follow up on similar issues. Do not include personally identifying information in the title, description, or screenshot if you want to remain anonymous. The JobAnvil team can also see and respond to bug reports directly via the GitHub Discussions interface. Submission is entirely opt-in — no bug data is sent unless you click Report.
Payment processing via Lemon Squeezy provides us with the email address associated with your subscription for transactional purposes only: order confirmations, receipts, renewal notices, and essential account updates. These are non-marketing messages required to fulfill your subscription.
If we ever introduce marketing emails (for example, trial reminders, feature announcements, or promotional offers), we will do so only on an opt-in basis with a clear unsubscribe mechanism in every message, in compliance with the CAN-SPAM Act, GDPR, and CASL. Opt-in consent defaults to off; you will never be enrolled in marketing communications without affirmatively choosing to receive them. You can withdraw consent at any time by using the unsubscribe link or emailing hello@jobanvil.io.
Since all job data and documents are stored locally, you have full control over them. You can delete individual jobs, resumes, and cover letters from within the app. To remove all data, delete the JobAnvil application data folder directly — located at %LOCALAPPDATA%\JobAnvil on Windows. Uninstalling JobAnvil removes the application but leaves your data folder intact so you don't lose history accidentally — delete it manually if desired. Pseudonymous telemetry data (version pings) stored in JobAnvil LLC's database is not individually deletable, as it contains no personal identifiers.
We may update this policy when we add new integrations or features. Material changes will be noted in the app's release notes. The effective date above reflects the latest revision.
Questions about this policy: hello@jobanvil.io