Privacy Policy

Last updated: 15 June 2026

1. Introduction

Welcome to Trekky.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our job application tracking service. We've tried to keep this clear and readable - if anything seems confusing, please reach out.

Trekky is based in New Zealand, and we handle your personal information in line with the New Zealand Privacy Act 2020.

2. What information we collect

Account information

When you create an account, we collect your email address.

If you use Google sign-in, we also receive basic profile information provided by Google (typically your name and profile picture). We use this solely for authentication and display purposes.

Job application data

We store the job application information you enter, including:

• Company names, positions, and locations
• Application status (e.g., "Applied," "Interviewing," "Offer")
• Notes, salary information, and closing dates
• Any links or files you add related to the application

This data is stored securely and is only accessible to you. We don't share it with anyone or use it for any purpose other than providing the service to you.

Resume and career data

To power AI features, we store the resume text you upload or paste, the tailored resumes and cover letters the AI generates for you, and any accomplishments ("wins") you log in the Ledger. Your resume is excluded from our standard data responses for extra privacy hygiene and is only read when you ask us to generate or tailor a document.

Compensation data

If you use the Ledger's compensation features, we store the salary, bonus, and equity figures you enter so we can compare your total compensation against market estimates. We use these figures only to show you your own valuation and underpayment insights.

Google Calendar (optional)

If you explicitly connect Google Calendar, we use the calendar.events scope to create, update, and delete interview events on your calendar when you schedule an interview in Trekky, and to read the upcoming events Trekky created so the in-app calendar stays in sync. We do not read or modify unrelated events. You can disconnect at any time from your Google account permissions.

Gmail inbox sync (optional)

If you explicitly connect your Gmail, we scan your recent job-related email to keep your board up to date. We request read access (to find job emails) and compose access (to save reply drafts). We store only message metadata— the sender, subject, a short snippet, the date, and our AI's classification — so we can show you what changed and avoid re-processing the same email. We do not store the full message body or attachments. Reply drafts are saved in your own Gmail for you to review; we never send email on your behalf, and we never draft a reply to a rejection. You can disconnect at any time, which deletes the email metadata we stored; to also revoke our access at Google, visit your Google account permissions.

Payment data

If you subscribe to Pro, your payment is processed by Stripe. We receive a subscription status and customer ID from Stripe so we know your account is active, but we never see or store your full card number, CVV, or billing address. Stripe handles and encrypts all card data directly. See Stripe's privacy policy for details.

3. How we use your information

We use your information to:

• Provide and maintain the Trekky service
• Authenticate your identity when you log in
• Store and manage your job application data
• Generate AI features you request - tailored resumes, cover letters, role classification, salary benchmarks - by sending the relevant text to our AI provider (see below)
• Find matching public job listings when you enable the sourcing agent
• Improve the service based on general usage patterns (not your personal data)

That's it. We don't sell your data, show you ads, or use it for marketing.

AI processing (Google Gemini)

AI features are powered by Google's Gemini API. When you tailor a resume, classify a sourced role, parse a logged win, or run a salary benchmark, we send only the text needed for that task - for example, your resume and the target job's description - to Google for processing, and store the result on your account. We use a paid API tier, under which Google states that prompts are not used to train its models. We keep these requests as small as the feature allows. We do not use your job-search data or Google-derived data to train public AI models.

The sourcing agent

The autonomous sourcing agent is disabled by default and only runs after you explicitly turn it on. When enabled, it searches publicly accessiblejob listings (such as LinkedIn's public, guest job search) using the target roles and locations you configure, then saves matching roles to your board. We do not access, log in to, or scrape your personal LinkedIn (or any other) account, and we apply rate limits to stay a polite, low-volume visitor to public pages.

4. Google user data — Calendar & Gmail (Limited Use)

When you connect a Google service, Trekky requests only the scopes needed for the feature you turned on, and uses the data only as described below:

• .../auth/calendar.events (Google Calendar, optional) — create, update, and delete your interview events, and read upcoming Trekky-created events, so your interviews stay in sync. Used only to power the calendar feature.
• .../auth/gmail.readonly (Gmail Inbox Sync, optional) — read your recent job-related email to detect application status changes and prepare reply drafts. We store only metadata (sender, subject, snippet, date, and our classification), never the full body or attachments.
• .../auth/gmail.compose (Gmail Inbox Sync, optional) — save reply drafts in your Gmail for you to review. We never send email on your behalf.

Limited Use.Trekky's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular, we do not:

• use Google user data for advertising;
• sell, rent, or transfer Google user data to data brokers or other parties, except as needed to provide or improve this feature, to comply with law, or as part of a merger with adequate notice;
• allow humans to read Google user data, unless we have your consent, it's needed for security or to comply with law, or the data is aggregated and anonymized;
• use Google user data to train generalized AI/ML models.

Storage, retention, and deletion.Google-derived data is stored encrypted, scoped to your account, and used only to run the feature. You can revoke access and delete this data at any time: disconnecting Gmail in-app immediately deletes the stored email metadata, and you can revoke Trekky's access entirely from your Google account permissions. Resolved inbox items are also pruned automatically.

5. Data security

We implement industry-standard security measures to protect your data:

• All data transmission is encrypted using HTTPS
• Your data is stored in secure, encrypted databases (MongoDB Atlas)
• Access to your data is restricted to you via authentication

While we take security seriously, please remember that no method of transmission or storage is 100% secure. Use a strong, unique password and enable two-factor authentication if available.

6. How long we keep your data

Your data is retained as long as your account is active. You can delete your account and all associated data at any time from your Account Settings in the dashboard, which will permanently remove all associated information from our systems.

7. Third-party services

We use the following third-party services to operate Trekky:

• MongoDB – Database hosting
• Vercel – Application hosting and deployment
• Google OAuth – Optional sign-in method
• Google Calendar API – Optional interview calendar sync (only when you connect it)
• Gmail API – Optional Inbox Sync: reads recent job-related mail and saves reply drafts (only when you connect it; never sends mail)
• Google Gemini API – AI generation (resume tailoring, classification, salary benchmarks). Gemini API terms
• Public job listings– When you enable sourcing, the agent reads publicly available job-search pages (e.g. LinkedIn's guest job search). No account login is used.
• Stripe – Payment processing (Pro subscriptions). Stripe's privacy policy

These services have their own privacy policies and security practices. We chose them because they're trusted by thousands of developers and companies. Some of these providers may store or process data outside New Zealand. We take reasonable steps to ensure they provide privacy and security protections that meet New Zealand standards.

8. Your rights

You have the right to:

• Access your personal data (you can view it in the app anytime)
• Update or correct your data (edit it directly in the app)
• Delete your account and all associated data
• Export your data (contact us if you need a data export)

If you have questions about exercising these rights, please reach out to us at sambai.codes@gmail.com.

9. Cookies and tracking

We use essential cookies to keep you logged in and maintain your session. We do not use advertising or tracking cookies.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page and, if appropriate, notify you via email or in-app message.

By continuing to use the service after changes take effect, you agree to the updated policy.

11. Contact

For privacy-related questions or requests, please email us at sambai.codes@gmail.com. We're happy to help clarify anything or address your concerns.