Privacy Policy

Jona - Job Search and Career Management Platform

Last Updated: February 5, 2026

Effective Date: February 5, 2026

1. Introduction

Jona ("we," "us," "our," or the "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our job search and career management platform ("Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information

  • Email address
  • Password (encrypted)
  • Full name
  • Phone number (optional)

Profile Information

  • Professional biography/summary
  • Job title and company
  • Experience level
  • Location and geographic preferences
  • Preferred job types
  • Salary range expectations (minimum and maximum)
  • Website and portfolio links
  • LinkedIn profile URL
  • GitHub profile URL
  • Avatar/profile picture

Resume and Career Documents

  • Full resume content and text
  • Cover letters
  • Professional certifications
  • Skills and qualifications
  • Work history and education

Job Application Information

  • Jobs you save or apply to
  • Application status and history
  • Matched skills from job descriptions
  • Application notes

Organization Member Information (if applicable)

  • First and last name
  • Region/state
  • Document or identification numbers
  • Certification records and completion dates
  • Employment milestones
  • Job applications, interviews, and offers
  • Employment records (job titles, start/end dates, wages)
  • Manager assignments

2.2 Information Collected Automatically

Usage Data

  • Pages and features accessed
  • Time spent on the Service
  • Actions taken within the Service
  • Search queries and job preferences

Device and Technical Information

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Screen resolution

Session Information

  • Session creation and activity timestamps
  • Geographic location derived from IP address
  • User agent strings
  • Session duration and status

Analytics and Metrics

  • Jobs scraped and saved counts
  • Applications sent
  • Resumes uploaded
  • API calls made
  • Storage usage

2.3 Information from Third Parties

Job Board Data

We aggregate job listings from third-party job boards including:

  • Indeed
  • Dice
  • Monster
  • ZipRecruiter
  • CareerBuilder
  • TekSystems
  • SnagAJob
  • Glassdoor
  • And other job aggregation sources

Authentication Providers

If you choose to register or log in through third-party services, we may receive basic profile information from those providers.

3. How We Use Your Information

3.1 To Provide and Maintain the Service

  • Create and manage your account
  • Process and store your resumes
  • Match your profile with job opportunities
  • Track your job applications
  • Deliver AI-generated content (cover letters, resume suggestions)
  • Provide customer support

3.2 To Improve the Service

  • Analyze usage patterns and trends
  • Develop new features and functionality
  • Optimize AI matching algorithms
  • Enhance user experience
  • Conduct research and analytics

3.3 To Communicate with You

  • Send service-related notifications
  • Respond to your inquiries
  • Provide updates about your applications
  • Send organization invitations
  • Deliver important account information

3.4 For AI Processing

  • Analyze your resume content for skill extraction
  • Generate semantic embeddings for job matching
  • Create personalized cover letters
  • Provide resume optimization suggestions
  • Calculate match scores between your profile and jobs

3.5 For Business Operations

  • Process payments and subscriptions
  • Prevent fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations

3.6 For Organization Management (if applicable)

  • Enable managers to track member progress
  • Record employment milestones
  • Generate reports and analytics
  • Facilitate team collaboration

4. How We Share Your Information

4.1 With Your Consent

We may share your information when you explicitly consent or direct us to do so.

4.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

| Provider Category | Purpose | Data Shared | |-----------------|---------|-------------| | Supabase | Database hosting, authentication | Account data, resumes, applications | | Stripe | Payment processing | Billing information, subscription data | | AI Providers (Groq, OpenAI, Anthropic, AWS Bedrock, HuggingFace) | AI processing and content generation | Resume text, job descriptions (for analysis only) | | Email Services (Resend, SendGrid, Mailgun) | Email delivery | Email addresses, notification content | | AWS S3 | File storage | Uploaded documents | | Analytics Providers | Usage analytics | Anonymized usage data |

4.3 Within Organizations

If you are part of an organization on Jona:

  • Organization administrators may access your member profile
  • Managers may view and update records for members in their caseload
  • Employment milestones and progress may be visible to authorized organization members

4.4 For Legal Reasons

We may disclose your information if required to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from public authorities
  • Protect our rights, privacy, safety, or property
  • Enforce our Terms of Service
  • Investigate potential violations

4.5 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

4.6 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, marketing, analytics, or other purposes.

5. Data Retention

5.1 Retention Periods

We retain your information for as long as:

  • Your account is active
  • Necessary to provide you with the Service
  • Required to comply with legal obligations
  • Needed to resolve disputes and enforce agreements

5.2 Specific Retention

| Data Type | Retention Period | |-----------|------------------| | Account information | Duration of account + 30 days after deletion | | Resumes and documents | Duration of account | | Job application history | Duration of account | | Session data | 90 days | | Usage analytics | 2 years | | Organization member records | As determined by the organization | | Payment records | 7 years (for tax and legal compliance) |

5.3 Deletion

When you delete your account:

  • Your personal profile information will be deleted within 30 days
  • Some information may be retained for legal or operational purposes
  • Aggregated, anonymized data may be retained indefinitely

6. Data Security

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of sensitive data at rest
  • Secure password hashing
  • Row Level Security (RLS) in our database
  • Access controls and authentication
  • Regular security assessments
  • Secure session management

6.2 Your Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your password
  • Logging out of your account when using shared devices
  • Notifying us of any unauthorized access

6.3 Limitations

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

  • Access the personal information we hold about you
  • Request a copy of your data in a portable format
  • View and download your resumes and application history

7.2 Correction

You have the right to:

  • Update or correct inaccurate information
  • Modify your profile and preferences
  • Edit your resumes and documents

7.3 Deletion

You have the right to:

  • Delete your account and associated data
  • Request removal of specific information
  • Withdraw consent where processing is based on consent

7.4 Restriction and Objection

You have the right to:

  • Restrict processing of your data in certain circumstances
  • Object to processing for direct marketing purposes
  • Object to automated decision-making in certain cases

7.5 Exercising Your Rights

To exercise your privacy rights, you may:

  • Use the settings in your account dashboard
  • Contact us at support@jona.com
  • Submit a written request to our address

We will respond to your request within 30 days, or as required by applicable law.

8. AI and Automated Processing

8.1 How AI Is Used

We use artificial intelligence and automated processing to:

  • Extract skills and qualifications from your resume
  • Generate semantic embeddings for job matching
  • Calculate compatibility scores between profiles and jobs
  • Generate personalized cover letters and resume suggestions
  • Identify missing skills and improvement opportunities

8.2 AI Providers

We use multiple AI providers to process your data:

  • Groq: Primary AI processing (free tier)
  • AWS Bedrock: Secondary AI processing
  • OpenAI: Fallback AI processing
  • Anthropic: Fallback AI processing
  • HuggingFace: Open-source models and embeddings

8.3 Human Oversight

  • AI-generated content is provided as suggestions only
  • You control whether to use AI-generated content
  • You can review and edit all AI outputs before use
  • No fully automated decisions with legal or significant effects are made without human involvement

8.4 Opting Out

You may choose not to use AI-powered features, though this may limit some Service functionality.

9. Cookies and Tracking Technologies

9.1 What We Use

We use cookies and similar technologies to:

  • Maintain your session and authentication
  • Remember your preferences
  • Analyze usage patterns
  • Improve the Service

9.2 Types of Cookies

| Cookie Type | Purpose | |------------|---------| | Essential | Required for Service functionality | | Authentication | Maintain your logged-in session | | Preferences | Remember your settings | | Analytics | Understand how you use the Service |

9.3 Your Choices

Most browsers allow you to control cookies through settings. Note that disabling cookies may affect Service functionality.

10. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at support@jona.com.

11. International Data Transfers

11.1 Data Location

Your information may be transferred to and processed in countries other than your own, including the United States, where our servers and service providers are located.

11.2 Safeguards

When transferring data internationally, we implement appropriate safeguards including:

  • Standard contractual clauses
  • Data processing agreements
  • Compliance with applicable transfer mechanisms

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

12.1 Right to Know

You can request information about:

  • Categories of personal information collected
  • Sources of personal information
  • Business purposes for collection
  • Categories of third parties with whom we share data
  • Specific pieces of personal information collected

12.2 Right to Delete

You can request deletion of your personal information, subject to certain exceptions.

12.3 Right to Opt-Out

You can opt-out of the "sale" of personal information. Note that we do not sell personal information in the traditional sense.

12.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

12.5 How to Exercise

California residents may submit requests by:

  • Emailing support@jona.com
  • Using account settings

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under applicable data protection laws:

13.1 Legal Basis for Processing

We process your data based on:

  • Contract: To provide the Service you requested
  • Consent: Where you have given explicit consent
  • Legitimate Interests: For business operations, security, and improvement
  • Legal Obligations: To comply with applicable laws

13.2 Additional Rights

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making

13.3 Data Protection Authority

You have the right to lodge a complaint with a supervisory authority in your country of residence.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending email notification (for significant changes)
  • Displaying a notice within the Service

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@jona.com

Address: 4147 Willow Lake Blvd, Memphis, TN 38118

For privacy-related inquiries, please include "Privacy Request" in your subject line.

16. Definitions

Personal Information: Information that identifies, relates to, or could reasonably be linked to you or your household.

Processing: Any operation performed on personal information, including collection, storage, use, and disclosure.

Service: The Jona platform and all related services, features, and functionality.

User: Any individual who accesses or uses the Service.

Organization: A business or entity that uses Jona's team management features.

Member: An individual associated with an organization on the Service.

By using Jona, you acknowledge that you have read and understood this Privacy Policy.