Privacy Policy

Jobholster LLC ("Jobholster," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we handle information collected through jobholster.com (the "Site") and through the Job Holster application (the "App"). The App is a job tracking tool for contractors. The Site is currently in pre-launch and exists primarily to share information about the App ahead of public availability.

Information Collected Through the Site

Visiting the Site does not require an account. We may collect limited technical information automatically, including browser type, device type, operating system, approximate location derived from IP address, pages visited, time spent on the Site, and referring URLs. This information is gathered through standard server logs and aggregate analytics.

Information Collected Through the App

When you create an account in the App, the following information is stored on our backend (currently provided by Supabase) so we can deliver the service:

• Your sign-in email address and a hashed password (handled by Supabase Auth — never stored in plaintext)
• The client and job records you enter, including names, phone numbers, addresses, bid amounts, scheduled dates, and any custom fields you create
• Messages you paste in and notes you write, including voice-memo audio and the AI-generated transcripts of those memos
• Photos, drawings, and other attachments you upload to a job, client, or note
• Your App settings, including your status pipeline, custom fields, and privacy opt-out flags
• A field-level change history for each record so edits can be audited

Each user's rows are isolated from every other user's rows by Postgres Row-Level Security. Two contractors using the same hosted copy of the App never see each other's data.

How We Use Information

We use the information described above to operate and improve the Site and App, deliver the features you ask us to deliver, prevent abuse, and communicate with you about the service. We do not sell personal information, and we do not use your customer or job data for advertising.

AI Extraction

The App offers AI-assisted features — primarily extracting client details from messages you paste in, and cleaning up voice-memo transcripts. When you trigger one of these features, the relevant text (and, for matching, the names, phone numbers, and addresses of your existing clients) is forwarded through our AI proxy to a third-party AI provider, currently Anthropic's Claude API. The provider's API key is held by us on the server side; the App does not accept user-supplied API keys, and per-account monthly token budgets are enforced by the proxy. The provider's data-handling policy governs that transmission — for the current provider, see anthropic.com/legal/privacy. If the AI proxy is not configured or unavailable, an offline heuristic extractor runs locally instead, and no message is sent to any third party.

Analytics

If analytics is enabled on a build of the App, we send a small set of anonymous product events to PostHog — for example: signup, signin, message_analyzed, client_created, client_status_changed, settings_opened, export_data, cloud_backup_enabled, cloud_backup_disabled. The only user-scoped value sent is your Supabase user ID (a random UUID). No email, name, phone number, address, dollar amount, message text, voice-memo audio or transcript, photo, or note content is ever sent to PostHog. Pageview capture, autocapture, and session replay are turned off. You can opt out at any time in Settings → Privacy.

Cookies and Local Storage

The Site may use cookies or similar technologies to remember preferences and to gather aggregate analytics. The App uses your browser's localStorage to cache your data for offline access and to remember your sign-in session; it does not set tracking cookies. If you sign out and clear your browser data, the local cache is removed.

Third-Party Services

The Site and App are hosted by third-party infrastructure providers and may load assets (such as web fonts) from third-party content delivery networks. We also rely on Supabase for authentication and storage, Anthropic for AI extraction, and (optionally) PostHog for product analytics. These providers may receive limited information as part of standard request handling. Their use of that information is governed by their own privacy policies.

Data Retention and Deletion

Active rows are retained for as long as your account exists. Soft-deleted rows are kept for 30 days before being permanently purged so that accidental deletions can be undone. Routine backups taken for disaster recovery are retained according to the backup provider's standard window. Self-service account deletion is not yet available in the App — to request that your account and associated data be deleted, contact us at the address below. Deletions are reviewed manually so that shared organization data is not accidentally removed.

Data Security

We take commercially reasonable administrative, technical, and physical steps to safeguard the information we hold, including transport encryption, hashed passwords, and Row-Level Security in the database. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security.

Children

The Site and App are not directed to children under 13, and we do not knowingly collect information from children.

Your Rights

Depending on your location, you may have rights to access, correct, delete, or restrict the processing of personal information about you, including the right to export the records you have entered into the App. The App provides a self-service CSV export from Settings → Your data. To exercise any other right, contact us at the address below.

Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Last updated" date. Material changes will surface a notice in the App on next sign-in.

Contact

Questions about this Privacy Policy can be sent to: privacy@jobholster.com