Privacy Policy | Aladdin

✦

The short version

01We collect your name, email, and profile photo when you sign in.
02Resumes and LinkedIn profiles you upload are yours — delete them anytime; deleting your account deletes your files.
03We use AI to help match you with jobs, which requires reading your resume content.
04We track job clicks and searches to improve your recommendations. You can disable personalization in account settings.
05We use Vercel Analytics — no cookies, no ad tracking.
06We never sell your data.
07You can request a copy or deletion of your data at any time.
08If there is ever a data breach affecting your account, we will notify you promptly.

Who We Are

Aladdin is an AI-powered job application workflow platform operated by [YOUR LEGAL ENTITY NAME], [ADDRESS]. We help job seekers discover opportunities, tailor their application materials, track their pipeline, and learn from community interview experiences.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over your data. If you have questions, contact us at [privacy@yourdomain.com].

What Data We Collect

Account Information

When you sign up or sign in, your identity is managed by Clerk. We receive from Clerk: your name, email address, and profile photo. This data is necessary to create and maintain your account.

Uploaded Files

You may upload resumes (PDF) and LinkedIn profile exports (PDF) to Aladdin. These are stored in AWS S3. You can delete individual files at any time from your profile settings. Deleting your account permanently deletes all associated uploaded files.

Application Tracking Data

When you track job applications, we store the data you enter: job status, personal notes, and any external links you add. External links point to third-party sites we do not control.

AI-Generated Documents

When you generate a cover letter or tailored resume, the AI output is stored so you can access it later. This feature activates when cover letter generation is live; data collection details will be updated at that time.

Behavioral Data

We collect information about how you use the platform: which jobs you click, view, or save; your search queries; and interaction events. This data is used to improve job matching and recommendation quality. Lawful basis: legitimate interest. You can opt out by disabling personalization in your account settings.

—Job clicks and views
—Search queries and search history
—Session identifiers (for linking interactions in a single visit)
—Result clicks from search results

Behavioral data is retained for [X months — to be specified] from the date of collection.

Interview Experience Posts

If you submit an interview experience, we store the content you provide: company name, role, location, work arrangement, offer status, salary range (if disclosed), process steps, and any additional comments. This content is visible to all users with active registered accounts. You are solely responsible for the accuracy of the information you share, including any salary or compensation figures. Posts are deleted when you delete your account or upon your request.

AI Preference Embeddings

Based on your usage patterns (jobs viewed, searches, interactions), we generate a behavioral embedding — a numerical representation of your job preferences — to improve personalized recommendations. Lawful basis: legitimate interest. You can opt out by navigating to Account Settings → Privacy → Disable Personalization. Upon opting out, your embedding will be deleted within 30 days. Your embedding is also deleted when you close your account.

Cookies & Tracking Technologies

Aladdin does not use advertising cookies or cross-site tracking. Here is what is used:

—Clerk (authentication cookies): Clerk sets session cookies required to keep you signed in. These are strictly necessary for the service to function and cannot be opted out of while using the platform.
—Vercel Analytics (cookieless): We use Vercel Analytics to understand how the app is used. Vercel Analytics is configured in cookieless mode — no tracking cookies are set. It collects aggregated, anonymized page view and performance data.
—Mapbox (IP address): When you use the Jobs Map feature, Mapbox loads map tiles and receives your IP address and map interaction data in order to serve the map. Lawful basis: legitimate interest for providing map functionality.

Why We Collect It & Legal Basis

We process your personal data on the following legal bases:

—Contract performance: Account data, uploaded files, and application tracking are necessary to provide the core service you signed up for.
—Legitimate interest: Behavioral data, search analytics, AI embeddings, and Mapbox IP data are processed to improve job matching, recommendation quality, and platform performance. You have the right to object to this processing (see Your Rights).
—Your own choice: Interview experience posts and salary disclosures are published entirely at your discretion. You choose what to share.

Third-Party Services

Aladdin uses the following third-party services. Each receives only the data necessary for its function.

—Clerk — Authentication and identity management. Manages your login, session, and account credentials.
—AWS S3 — File storage for uploaded resumes, LinkedIn profiles, and generated documents.
—Supabase / PostgreSQL — Primary database for application data, search history, interview posts, and embeddings.
—Vercel Analytics + Speed Insights — Cookieless usage analytics and performance monitoring.
—Mapbox — Map tile rendering for the Jobs Map feature.

Planned future processors: Stripe (payment processing), Google Gemini / OpenRouter (AI generation). This policy will be updated when these services become active.

Data processing with each provider is governed by their respective data processing terms. Links to each provider's terms are available on their websites.

Data Retention

—Uploaded files (resumes, LinkedIn profiles): Retained until you delete them or close your account. Account deletion permanently removes all associated files from AWS S3.
—Application tracking data and notes: Deleted on account closure.
—Behavioral data (interactions, search history): Retained for [X months — to be specified] from collection date.
—Search analytics: Retained for [X months — to be specified] from collection date.
—Vercel Analytics data: Retained per Vercel's configuration — [verify and state period].
—AI preference embeddings: Deleted within 30 days of opting out, or immediately on account closure.
—Interview experience posts: Deleted on account closure or upon your written request to [privacy@yourdomain.com].

Your Rights

All Users

—Access: Request a copy of the personal data we hold about you.
—Correction: Request that inaccurate data be corrected.
—Deletion: Request that your personal data be deleted (right to erasure).
—Portability: Request your data in a machine-readable format.

California Residents (CCPA)

—Right to know what personal information is collected, used, shared, or sold.
—Right to delete personal information we have collected.
—Right to opt out of the sale of personal information. We do not sell your data.
—Right to non-discrimination for exercising your CCPA rights.

EU / EEA Residents (GDPR)

—Right to object to processing based on legitimate interest.
—Right to restrict processing.
—Right to withdraw consent (where consent is the legal basis).
—Right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, contact us at [privacy@yourdomain.com]. We will respond within 30 days.

Data Security

We implement appropriate technical and organizational safeguards to protect your personal data:

—All data transmitted between your browser and our servers is encrypted in transit using TLS.
—Files stored in AWS S3 are encrypted at rest using server-side encryption.
—Authentication is managed by Clerk, which handles credential storage and session security.
—Database access is restricted to authorized services and personnel only.

No method of transmission or storage is 100% secure. While we use best practices, we cannot guarantee absolute security. If you discover a security vulnerability, please report it to [privacy@yourdomain.com].

Data Breach Notification

In the event of a security incident that affects your personal data, we will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach, in accordance with GDPR Article 33. Where legally required, we will also notify the relevant supervisory authority.

Notification will be sent to the email address associated with your account. We will describe the nature of the breach, the data involved, and the steps we are taking to address it.

Children

Aladdin is intended for users who are 13 years of age or older. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us at [privacy@yourdomain.com] and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Material changes will be communicated via email or a notice within the app. Continued use of Aladdin after changes are posted constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions, data requests, or concerns, contact us at:

—Email: [privacy@yourdomain.com]
—Address: [YOUR LEGAL ENTITY NAME, ADDRESS]

We aim to respond to all inquiries within 30 days.