Privacy Policy
This Privacy Policy explains how Shigoto AI (ABN 27 284 578 634) (“Shigoto AI”, “we”, “us”, “our”) collects, uses, stores, and discloses personal information when you use the Shigoto AI Chrome extension and website (together, the “Service”).
We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the Service you agree to this Policy. If you do not agree, please do not use the Service.
1. Information we collect
We collect only what we need to run the Service:
| Category | What it includes | Why |
|---|---|---|
| Account details | Email address, name, and (if you sign up with email/password) a securely hashed password. If you sign in with Google, your Google account identifier and profile picture. | To create and authenticate your account. |
| Résumé data | The résumé text and any résumé file (PDF/DOCX) you upload or paste. | To generate tailored answers and cover letters, and to attach to applications you direct the Service to submit. |
| Device & licence | A randomly generated device identifier and your licence key. | To link your installation to your plan and enforce usage limits. |
| Subscription data | Your Stripe customer ID, subscription ID, and subscription status. We never see or store your full card number — payments are handled entirely by Stripe. | To manage billing and your Pro entitlement. |
| Usage data | Your saved search keywords, location, filters, daily application counts, and a log of jobs applied to or skipped (title, company, date, link, and which board). | To operate the bot, show your activity, and enforce daily limits. |
| Screening answers | The questions a job application asks and the answers generated for you. | Processed in real time to complete applications; see Section 3. |
| Technical & diagnostic data | Your IP address, and — when something goes wrong — limited error and diagnostic information such as the page address (URL) where an error occurred, the extension version, and an internal user or device identifier. | To rate-limit and secure the Service, prevent abuse, and detect and fix faults. We do not include your résumé, screening answers, or cover letters in this diagnostic data. |
Most résumé and configuration data is also stored locally in your browser via the extension, and only sent to our backend when an answer, cover letter, or résumé file is needed.
Sensitive information and third parties. A résumé can contain sensitive information — for example, health or disability details, ethnicity, religious or political affiliation, or union membership — and may include personal information about other people, such as your referees. By uploading or pasting your résumé you consent to us collecting and handling any such information for the sole purpose of operating the Service for you (including sending the relevant portions to Google's Gemini API), and you confirm you are entitled to provide any third-party details it contains. If you do not want particular sensitive details processed, remove them from your résumé before uploading.
2. How we use your information
- To provide the Service: generating answers and cover letters, and submitting applications you direct it to make on supported job boards (currently SEEK and LinkedIn).
- To authenticate you and keep you signed in.
- To process subscriptions, enforce plan limits, and send you your licence key.
- To maintain, secure, debug, and improve the Service.
- To respond to your support requests.
We do not sell your personal information, and we do not use your résumé to train our own models. Your résumé is processed by Google's Gemini API to generate answers and cover letters; Google's use of data submitted to that API is governed by Google's own API terms.
3. Your résumé and AI processing
To answer screening questions and write cover letters, the relevant portion of your résumé and the job details are sent to a third-party large language model provider (Google, via the Gemini API). This processing happens on demand. We instruct the model to draw only on the information in your résumé, but AI-generated output can contain errors or omissions, and you are responsible for reviewing every application before it is submitted (Approval Mode lets you review each one first).
We do not write your screening answers or cover-letter content to long-term logs on our server. Google processes the request under its own API terms; we do not control and are not responsible for Google's processing beyond sending the minimum data required to produce a result.
4. Who we share information with
We share personal information only with service providers that help us run the Service, and only as needed:
| Provider | Purpose |
|---|---|
| Google (Gemini API & Google Sign-In) | Generating answers/cover letters; optional Google login. |
| Stripe | Payment processing and subscription management. |
| Railway | Application hosting and database. |
| Email delivery provider | Sending your licence key and account emails. |
| Sentry | Error and crash monitoring. Receives diagnostic data only (such as error details, page address, extension version, and an internal identifier) — configured to exclude your résumé, screening answers, and cover letters. |
Some of these providers may store or process data outside Australia (for example, in the United States). We expressly notify you, and by using the Service you expressly consent, that under Australian Privacy Principle 8.2(b) the accountability in Australian Privacy Principle 8.1 will not apply to this overseas disclosure. This means we will not be accountable under the Privacy Act 1988 (Cth) for, and you will not be able to seek redress under that Act against us in respect of, any act or practice of an overseas recipient (such as Google) that would breach the Australian Privacy Principles. If you do not agree to this, do not use the Service. We otherwise disclose personal information only where required by law.
5. Storage and security
Account, subscription, and résumé data is stored in a PostgreSQL database hosted by Railway. We use industry-standard measures including encryption in transit (HTTPS), hashed passwords, and signed session cookies. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
If we suspect a data breach that is likely to result in serious harm, we will assess it within 30 days and, where it is an eligible data breach, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).
6. Data retention
We keep your personal information while your account is active and for as long as needed to provide the Service and meet legal obligations. You can ask us to delete your résumé at any time from your account page, or to delete your entire account by contacting us (see Section 11). Some records (for example, billing records) may be retained where the law requires.
7. Your rights
Under the Australian Privacy Principles you may:
- request access to the personal information we hold about you;
- ask us to correct information that is inaccurate or out of date;
- request deletion of your résumé and/or account;
- complain if you believe we have breached the APPs.
To exercise any of these, contact us at the address below. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
8. Children's privacy
The Service is intended only for adults. You must be at least 18 years old to create an account or use the Service (this also reflects the requirements of our payment provider, Stripe). The Service is not directed at children, and we do not knowingly collect personal information from anyone under 18. If you are under 18, do not use the Service or provide us with any personal information. If we become aware that we have collected personal information from a person under 18, we will delete it.
9. Where the Service is offered
The Service is operated from Australia and is intended for residents of Australia. It is not directed at, or marketed to, individuals in the European Union/EEA, the United Kingdom, or California (or elsewhere), and we do not intentionally offer it to them.
If you access the Service from outside Australia, you do so on your own initiative and are responsible for compliance with your local laws. By using the Service you understand and agree that your personal information will be collected, stored, and processed in Australia and by the overseas providers listed in Section 4, and handled in accordance with this Policy and the Australian Privacy Act, which may differ from the data-protection laws of your country. We do not represent that the Service complies with the GDPR, UK GDPR, CCPA/CPRA, or other foreign privacy regimes. Where a non-excludable foreign law nonetheless applies to you, contact us and we will consider any request you are entitled to make under it.
10. Cookies
The website uses a single essential, signed session cookie to keep you signed in. We do not use advertising or third-party tracking cookies. The extension stores settings and your résumé locally in your browser's storage, not in cookies.
11. Contact us
Privacy questions, access requests, and complaints: support@shigotoai.com.au. We will respond within a reasonable time and in line with the timeframes set by the Privacy Act.
We may update this Policy from time to time. The “Last updated” date above shows when it last changed; material changes will be notified through the Service.