Ffindmynew.work
DocsOpen dashboard
LEGAL

Privacy policy

Last updated: 2026-05-17

findmynew.work (“we”, “us”) is a job-application copilot operated as a hosted dashboard at findmynew.work with a companion command-line tool (fmwork) that you run on your own machine. This policy explains what personal data we collect, why, where it lives, and the choices you have. It applies both to the hosted service and to the CLI when it talks to the hosted service. If you self-host the backend, this policy does not apply — the operator of that deployment is the controller.

Data we collect

  • Account identifiers. When you sign in with Google we receive your name, email address, and Google account ID via OpenID Connect. No other Google scopes are requested.
  • Résumé and preferences you upload. The text of your résumé, the technologies you weight up or down, free-form scoring instructions, preferred locations, and similar settings you enter in the dashboard.
  • Vacancies you (or the CLI) submit. Title, company, source URL, location, description text, and the scoring / cover-letter outputs we derive from them.
  • Application metadata. Which vacancies you marked to send, captured screening questions and your answers, submission outcomes (success / failure / handoff), and timestamps. Used to drive the dashboard and to recover from partial runs.
  • Operational logs. HTTP request logs, error reports, and pipeline events kept for a short window to debug failures.

Data we deliberately do not collect

  • Job-board credentials and cookies. LinkedIn, hh.ru, Wellfound, and GetMatch sessions are held in a persistent Chromium profile on your machine by the fmwork CLI. They are never transmitted to the server.
  • Payment information. The hosted service is free at the moment; there is no payment processor in the loop.
  • Sensitive categories. We do not ask for and do not knowingly process government IDs, financial account numbers, health data, or other special-category data. Don't paste these into résumé text or screening answers.

How we use it

  • To run the core service: scoring vacancies against your résumé, drafting cover letters and résumé tunings, queuing and reporting on applications.
  • To authenticate you and keep your session active across the dashboard and the paired CLI client.
  • To diagnose service problems and improve reliability.

We do not sell personal data, do not use it to train third-party models, and do not run behavioural advertising.

Third parties

  • Google — OpenID Connect for sign-in. Only the openid, email, and profile scopes.
  • LLM provider — the server sends résumé text, vacancy text, and screening questions to the configured large-language-model backend (a self-hosted Ollama instance by default; OpenAI if the operator switches the provider in settings) so it can produce scores, cover letters, and answer suggestions. The LLM provider's own privacy terms apply to that processing.
  • Infrastructure provider. The hosted service runs in commodity cloud infrastructure. Backups of the database are encrypted at rest.

Retention

Account data, résumés, vacancies, and application metadata are kept while your account is active. You can delete individual records from the dashboard or request account deletion (below). Operational logs are kept for a rolling 30-day window. Backups are rotated within 90 days.

Your rights

Depending on where you live (GDPR for the EU/EEA/UK, similar laws elsewhere) you have the right to access, correct, export, restrict, or delete the personal data we hold about you, and to lodge a complaint with a data-protection authority. To exercise any of these, email the address below. We respond within 30 days.

You can also export everything we hold about you as JSON from the dashboard (Settings → Export). Account deletion removes the user record, résumés, vacancies, and screening answers; some operational log lines may persist for the retention window above in an anonymised form.

Security

Transport is TLS end-to-end. Session cookies are httpOnly and SameSite=Lax. The CLI authenticates over the same TLS channel using a per-user bearer token you can revoke from the dashboard. Job-board credentials never enter the server because they live in the local Chromium profile the CLI manages on your own machine.

Children

The service is not directed at children under 16. If you believe a child has created an account, contact us and we will delete it.

Changes to this policy

We will update the “last updated” date at the top of this page when the policy changes. Material changes that affect how we process your data will be announced in the dashboard at next sign-in.

Contact

Privacy questions, deletion requests, and other inquiries: privacy@findmynew.work.

Privacy policy · findmynew.work · findmynew.work