Privacy Policy

Ghosted — Job Application Tracker

Effective April 13, 2026

1Introduction

This Privacy Policy describes how Ghosted (“we,” “us,” or “our”) collects, uses, stores, shares, and protects your personal information when you use the Ghosted mobile application (“App” or “Service”). We are committed to protecting your privacy and being transparent about our data practices.

By using Ghosted, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this Policy, you must discontinue use of the App immediately.

2Information We Collect

2.1 Information You Provide Directly

Account Information

Email address (if registering with email)
Password (stored as a cryptographic hash, never in plaintext)
Display name
Apple ID identifier (if using Sign in with Apple)

Applicant Profile Information

Professional headline
Background and strengths description
Key professional highlights
Resume text (extracted from uploaded files)
Auto-ghost threshold preference (number of days)

Job Application Data

Company names
Job role titles
Application statuses and status history with timestamps
Applied dates and last activity dates
Job posting text (up to 12,000 characters)
Job source URLs
Salary information
Personal notes and comments
Archive status

AI-Generated Content Stored in Your Account

Cover letter drafts
Follow-up email drafts (up to three waves)
Interview preparation materials
Tailored resume drafts
Weekly coaching reports

2.2 Information Collected Automatically

Device and Usage Information

Anonymous usage analytics via TelemetryDeck (privacy-first analytics provider)
App feature usage events (e.g., app launch, application added, status changed, feature accessed)
No device identifiers, IP addresses, or personally identifiable information are included in analytics

Application-Derived Data

Application status change timestamps
Application velocity and conversion metrics (computed locally)
Days elapsed since last application activity

2.3 Information Processed Temporarily

Screenshot and Image Data

When you use the screenshot import feature, images are processed on your device using Apple’s Vision framework for optical character recognition (OCR). The extracted text and, if needed, a base64-encoded representation of the image are transmitted to our server for AI parsing to extract job posting details.

Images are processed in transit only and are not permanently stored on our servers.

Resume File Data

When you import a resume file (PDF, DOCX, DOC, RTF, or TXT), text is extracted locally on your device. Only the extracted text — not the original binary file — is transmitted to our server if you use the AI profile auto-fill feature.

Original resume files are not uploaded or stored on our servers.

3How We Use Your Information

3.1 Providing the Service

Creating and managing your user account.
Storing and syncing your job application data across sessions.
Computing and displaying your personal application analytics and insights.
Delivering follow-up reminders and notification features you enable.

3.2 AI-Powered Features

Generating cover letters tailored to specific job applications using your applicant profile and job posting data.
Creating follow-up email drafts based on your application details and timing.
Producing interview preparation questions based on job postings and your profile.
Generating tailored resume suggestions based on your resume and target job postings.
Creating personalized weekly coaching reports based on your application activity and trends.
Parsing job posting screenshots and URLs to auto-fill application details.
Auto-filling your applicant profile from imported resume text.

3.3 Community Intelligence

Computing anonymized, aggregated company ghost rates and response statistics from collective user data.
Generating company-level responsiveness metrics for the community browse feature.
Producing industry-level trends and insights from aggregated data.

3.4 Service Improvement

Analyzing anonymous usage patterns to improve App features and user experience.
Monitoring service health and diagnosing technical issues.

3.5 Subscription Management

Processing and validating subscription purchases through RevenueCat and Apple.
Managing your subscription tier and feature entitlements.
Syncing subscription status between Apple, RevenueCat, and our backend.

3.6 Communications

Delivering local push notifications you have opted into (follow-up reminders, daily motivation, company watch alerts).
Sending service-related notices when necessary (e.g., critical security updates).

4Data Storage and Security

4.1 Where Your Data Is Stored

On Your Device — Application data, profile information, preferences, and cached AI-generated content are stored locally on your iOS device using Apple’s SwiftData framework, which benefits from iOS platform-level encryption.
On Our Servers — Your account information, application data, profile data, subscription records, and AI-generated content are synced to our backend infrastructure hosted on Supabase (built on PostgreSQL). Supabase servers are hosted in secure, industry-standard data centers.

4.2 Security Measures

Encryption in Transit — All data transmitted between your device and our servers uses HTTPS/TLS encryption.
Authentication — Secure authentication via Supabase Auth (built on GoTrue), supporting email/password and Sign in with Apple. Passwords are cryptographically hashed and never stored in plaintext.
Token-Based Access — API requests use JWT (JSON Web Token) authentication with automatic token refresh.
Access Control — Row-level security policies on our database ensure users can only access their own data.
Payment Security — All payment processing is handled by Apple and RevenueCat, both of which maintain PCI DSS compliance. We never see or store your payment card details.

4.3 Security Limitations

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from factors beyond our reasonable control, including but not limited to device theft, compromised credentials, or vulnerabilities in third-party infrastructure.

5Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.2 Third-Party Service Providers

We share limited data with the following third-party service providers who assist in operating the App:

Provider	Purpose	Data Shared
Supabase	Backend infrastructure, database, authentication	Account data, application data, profile data
RevenueCat	Subscription management and billing	Anonymous user ID, subscription status, purchase receipts
Apple	Payment processing, app distribution, authentication	Apple ID (for Sign in with Apple), purchase transactions
TelemetryDeck	Privacy-focused analytics	Anonymous event data only — no personal information
AI Model Provider	Processing AI feature requests	Job posting text, profile data, resume text, application details

5.3 Aggregated and Anonymized Data

We create anonymized, aggregated statistics from user data, including:

Company ghost rates (percentage of applications with no response).
Company response statistics and trends.
Industry-level application outcome data.

This aggregated data cannot be used to identify individual users and is displayed within the App’s community features. Individual application details are never exposed to other users.

5.4 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, including but not limited to:

Complying with a subpoena, court order, or similar legal process.
Enforcing our Terms of Service.
Protecting the rights, property, or safety of Ghosted, our users, or the public.
Detecting, preventing, or addressing fraud, security, or technical issues.

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.

6Your Rights and Choices

6.1 Access and Export

You can view all data stored in your account directly within the App.
Super Ghosted subscribers can export all application data in CSV format via the App’s export feature.

6.2 Correction

You can edit and update your applicant profile, application details, and account information at any time within the App.

6.3 Deletion

Account Deletion — You can permanently delete your account and all associated data through the App’s Profile settings. This deletes all your applications, status history, profile data, and subscription records from our servers, deletes all local data from your device, and signs you out. This action is irreversible.
Individual Application Deletion — You can delete individual applications at any time.

6.4 Notification Preferences

You can enable or disable follow-up reminder notifications at any time.
You can enable or disable daily motivation notifications and customize the delivery time.
You can manage company watch alerts through the App.
You can revoke notification permissions entirely through your iOS device settings.

6.5 AI Feature Opt-Out

AI features are optional and only activated when you explicitly request them (e.g., tapping “Generate Cover Letter”). You are never required to use AI features. If you prefer not to have your data processed by AI, simply do not use these features.

6.6 Analytics Opt-Out

TelemetryDeck, our analytics provider, is privacy-first by design and does not collect personally identifiable information. However, if you wish to limit analytics collection, you can enable the “Limit Ad Tracking” or equivalent privacy settings on your iOS device, which TelemetryDeck respects.

7Data Retention

7.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide you the Service. Your application data, profile information, and AI-generated content are stored indefinitely until you delete them or delete your account.

7.2 Deleted Accounts

All personally identifiable data is deleted from our servers promptly.
Anonymized, aggregated contributions to community statistics (e.g., ghost rates) are retained, as they cannot be traced back to you.
Backup systems may retain encrypted copies for up to 30 days before automatic purging.

7.3 Subscription Records

Subscription transaction records may be retained as required for financial reporting, tax compliance, and dispute resolution, even after account deletion. These records are maintained by Apple and RevenueCat under their respective retention policies.

8Children’s Privacy

Ghosted is not intended for use by children under the age of 17. We do not knowingly collect personal information from children under 17. If we discover that we have inadvertently collected information from a child under 17, we will delete that information promptly. If you believe a child under 17 has provided us with personal information, please contact us immediately.

9International Data Transfers

Your data may be processed and stored in jurisdictions outside your country of residence, including the United States and other countries where our service providers operate. By using the App, you consent to the transfer of your information to these jurisdictions, which may have data protection laws that differ from those in your jurisdiction. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

10Specific Regional Rights

10.1 European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, you may have additional rights under the General Data Protection Regulation (GDPR), including:

Right of Access — Request a copy of the personal data we hold about you.
Right to Rectification — Request correction of inaccurate data.
Right to Erasure — Request deletion of your data (exercisable via account deletion).
Right to Restrict Processing — Request limitation of how we process your data.
Right to Data Portability — Request your data in a portable format (available via CSV export).
Right to Object — Object to processing based on legitimate interests.
Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent.

Our legal bases for processing under GDPR include: performance of a contract (providing the Service), legitimate interests (service improvement, security, community statistics), and consent (AI features, notifications).

10.2 California (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, and disclose.
Request deletion of your personal information.
Opt out of the sale of your personal information. We do not sell personal information.
Non-discrimination for exercising your privacy rights.

Categories of personal information collected: Identifiers (email, name), professional information (job applications, resume data), internet activity (anonymous analytics), and inferences (application statistics).

10.3 Other Jurisdictions

We strive to comply with applicable data protection laws in all jurisdictions where our users are located. If you have specific questions about your rights under local law, please contact us.

11Resume and Job Posting Data

11.1 Resume Data

We recognize that resume data is particularly sensitive. Here is exactly how we handle it:

Local Extraction — Resume files (PDF, DOCX, DOC, RTF, TXT) are processed locally on your device. Text is extracted using Apple’s native frameworks (PDFKit, Vision).
Original Files — The original binary resume file is never uploaded to our servers.
Extracted Text — Resume text is stored in your applicant profile on our servers to enable features like cover letter generation and profile management.
AI Processing — When you use AI features, resume text may be included in the data sent to our AI processing infrastructure to personalize outputs.
Deletion — Resume text is deleted when you clear your profile or delete your account.

11.2 Job Posting Data

Job posting text you enter or import is stored as part of your application records.
This text may be sent to AI processing infrastructure when you use AI features.
Job posting text is included in CSV exports.
Job posting text is deleted when you delete the associated application or your account.

12Push Notifications

12.1 Types of Notifications

Ghosted uses local push notifications only (generated on your device, not from our servers):

Follow-Up Reminders — Notify you when an application hasn’t been updated within your configured threshold (default: 30 days).
Daily Motivation — An optional daily motivational message at your chosen time.
Company Watch Alerts — Notify you when a watched company’s ghost rate changes significantly (premium feature).

12.2 Notification Data

Notifications are generated and scheduled entirely on your device.
No notification data is transmitted to our servers.
Notification preferences are stored locally on your device.

12.3 Opting Out

You can disable any or all notification types within the App’s settings or revoke notification permissions entirely through iOS Settings.

13Cookies and Tracking

Ghosted is a native iOS application and does not use cookies, web beacons, pixel tags, or browser-based tracking technologies. Our analytics provider (TelemetryDeck) operates without cookies or device fingerprinting.

14Third-Party Links

The App may display job source URLs or company websites provided by users. We are not responsible for the privacy practices of external websites. We encourage you to review the privacy policies of any external sites you visit.

15Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the “Last Updated” date at the top of this Policy.
Make reasonable efforts to notify you through the App or via email.
Post the updated Policy within the App.

Your continued use of the App after changes are posted constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Policy periodically.

16Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

Investigate the breach promptly and take steps to mitigate its impact.
Notify affected users as required by applicable law.
Notify relevant regulatory authorities where required.
Provide information about the breach and steps you can take to protect yourself.

17Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: ahmed@elkadii.com

For data protection inquiries, account deletion requests, or to exercise your privacy rights, please use the subject line “Privacy Request” in your communication.

18Summary of Key Points

Data Sale	We never sell your personal data.
Account Data	Email, name, and authentication credentials.
Application Data	Stored on your device and synced to our servers.
Resume Handling	Text extracted locally; original files never uploaded.
AI Processing	Your data is sent to AI infrastructure only when you actively use AI features.
Screenshots	Processed temporarily for parsing; never permanently stored on our servers.
Analytics	Privacy-first, anonymous only. No personal data in analytics.
Notifications	All local (on-device). No server-side push.
Community Data	Anonymized, aggregated statistics only. Individual data never exposed.
Payment Info	Handled entirely by Apple and RevenueCat. We never see your card details.
Data Deletion	Full account deletion available in-app. Irreversible and complete.
Cookies	None. No web-based tracking of any kind.

By using Ghosted, you acknowledge that you have read, understood, and consent to the data practices described in this Privacy Policy.