Privacy Policy

Last updated: May 28, 2026

Overview

nawt ("we," "our," or "us") is a job application tracker that connects to your Gmail to automatically detect and organize your job application emails. This policy explains what data we collect, how we use it, and your rights.

What we collect

  • Google account info: Your name, email address, and profile picture via Google OAuth.
  • Gmail data (read-only): We scan your emails to find job application-related messages (confirmations, rejections, interviews, offers). We only read email metadata and body text and we never send, modify, or delete any emails.
  • Application data: Company names, roles, statuses, interview dates, and other information extracted from your job emails.
  • Usage data: Basic analytics like page views and feature usage to improve the product.

How we use your data

  • To identify and classify your job application emails
  • To display your application status, interview dates, and company information on your dashboard
  • To send you notifications about interviews, offers, and action items (if enabled)
  • To generate AI-powered content like rejection roasts and company insights
  • To improve the product and fix bugs

Google API Limited Use Disclosure

nawt's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request gmail.readonly access, the minimum scope needed to read your emails. We cannot send, modify, or delete emails.
  • Your Gmail data is only used to provide and improve the job tracking features you see in the app.
  • We do not sell, share, or transfer your Gmail data to third parties for advertising, marketing, or any purpose unrelated to the app's core functionality.
  • We do not use your Gmail data to build user profiles for advertising.
  • Gmail data is processed by our AI classification service solely to categorize emails as job-related. No email content is retained by the AI service beyond the classification request.

Data storage and security

  • Your data is stored in a Supabase (PostgreSQL) database hosted in the United States.
  • Google OAuth tokens are encrypted at rest using AES-256 encryption before storage.
  • All data is transmitted over HTTPS (TLS 1.2+).
  • We use Vercel for hosting, which provides SOC 2 Type II compliant infrastructure.

Data retention

We retain your data for as long as your account is active. When you delete your account, we permanently delete all your data including application records, email metadata, OAuth tokens, and notification history. This deletion is immediate and irreversible.

Your rights

  • Access: You can view all your data in the app dashboard at any time.
  • Deletion: You can delete your account and all associated data from Settings > Danger Zone.
  • Disconnect: You can disconnect Gmail access from Settings without deleting your account. We will revoke our access tokens and stop scanning your emails.
  • Portability: You can export your application data from Settings.

Cookies

We use essential cookies only: authentication session cookies required for the app to function. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Third-party services

We use trusted third-party services to operate the app, including providers for hosting, database storage, authentication, AI processing, email delivery, and payment processing. These services only receive the minimum data necessary to perform their function. We do not sell or share your data with third parties for advertising or marketing purposes. Payment card details are handled entirely by our payment processor and we never see or store them.

Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notification. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions about this policy? Email us at privacy@nawt.io.