Privacy Policy

Shipped (“we”, “us”, “our”) operates the Shipped desktop application and shipped.one website. This policy describes how we collect, use, and protect your information.

1. Information We Collect

Account Information

When you create an account, we collect your email address and name via Google or GitHub OAuth. We do not store passwords — authentication is handled by Supabase Auth.

Profile and Resume Data

You provide work experience, education, skills, projects, and other resume content. This data is stored securely and used solely to generate tailored resumes and portfolio projects for your job applications.

Job Application Data

We store information about jobs you apply to, including job titles, company names, application URLs, and application status. This powers your application tracking dashboard.

Credentials

If you connect third-party services (GitHub, Gmail, Workday), access tokens and passwords are encrypted at rest using AES-256 encryption before storage. We never store credentials in plaintext.

Usage Analytics

We use PostHog for product analytics (feature usage, page views) and Sentry for error tracking. These services collect anonymized usage data to help us improve the product. No resume content or personal details are sent to analytics services.

2. How We Use Your Information

• Generate tailored resumes and portfolio projects for job applications
• Auto-fill and submit job applications on your behalf (when enabled)
• Track your application pipeline and provide status updates
• Scan connected email accounts for application status updates (when enabled)
• Improve the product through anonymized usage analytics
• Send you notifications about your applications

3. AI and LLM Usage

We use OpenAI's API (GPT-4o-mini) to tailor resumes, optimize bullet points, and generate portfolio projects. Your resume content and job descriptions are sent to OpenAI for processing. OpenAI's data usage policy applies to this processing — per their API terms, data sent via the API is not used to train their models.

4. Data Storage and Security

• Data is stored in a PostgreSQL database hosted on Supabase (AWS us-west-2)
• All connections use TLS/SSL encryption in transit
• Sensitive credentials are encrypted at rest with AES-256
• The application enforces rate limiting and JWT-based authentication
• Row-level security policies restrict database access to authorized users

5. Data Sharing

We do not sell, rent, or share your personal information with third parties except:

• Service providers necessary to operate the product (Supabase, OpenAI, PostHog, Sentry)
• When required by law or legal process
• To protect the rights, safety, or property of Shipped or its users

6. GitHub Integration

When you connect GitHub, we request permission to create repositories on your behalf. Generated portfolio projects are pushed to your GitHub account. You retain full ownership of all generated code and repositories. We store your GitHub OAuth token (encrypted) to perform these operations.

7. Email Integration

When you connect Gmail, we request read-only access to scan for job application status updates (OTP codes, confirmation emails). We do not read, store, or process any email content beyond extracting application-related verification codes. You can disconnect email access at any time.

8. Data Retention and Deletion

Your data is retained as long as your account is active. You can request deletion of your account and all associated data by contacting us. Upon deletion, all profile data, resume content, application history, and stored credentials are permanently removed.

9. Your Rights

• Access, update, or delete your personal information at any time through the app
• Export your resume and profile data
• Disconnect third-party integrations (GitHub, Gmail) at any time
• Disable auto-apply and email scanning features
• Request complete account deletion

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes through the application or by email.

11. Contact

Questions about this privacy policy? Contact us at support@shipped.one.