1. About ManifestJob Portals
ManifestJob operates two distinct user-facing portals with different data access needs:
⚡ Apply Portal
apply.manifestjob.com
- Google SSO (email + profile)
- CV tailoring & job matching
- LinkedIn automation
- No Gmail access
🎯 Concierge Portal
concierge.manifestjob.com
- All Apply features
- Gmail read-only (on explicit opt-in)
- Email-based application tracking
- Priority automation
Progressive Permission Model: All users start with basic Google SSO (email + profile only).
Gmail access is only requested on the Concierge portal when you explicitly click "Connect Gmail Tracking."
You can use the full Apply portal without ever granting Gmail access.
2. Data We Collect
2.1 Google Account Data
| Google OAuth Scope | Purpose | Portal |
|---|
openid |
Keep you signed in to ManifestJob |
Both |
userinfo.email |
Identify your ManifestJob account |
Both |
userinfo.profile |
Display your name in the dashboard |
Both |
gmail.readonly |
Read job response emails (interview invitations, rejections, offer letters) to auto-update application status. Read-only. We never send, modify, delete, or label your emails. |
Concierge only — explicit opt-in |
2.2 User-Provided Data
- CV content — resume text uploaded or pasted by you
- Job preferences — target roles, locations, salary expectations
- Job portal credentials — encrypted using AES-256, never stored as plaintext
- Answer book — application Q&A answers you provide (notice period, CTC, etc.)
- LinkedIn session data — browser storage state for LinkedIn automation; stored encrypted in AWS S3
2.3 Automatically Collected Data
- Application tracking records (which jobs you applied to, outcomes, timestamps)
- Automation run logs (step names, errors, HITL events) — retained for 90 days
- Payment metadata (plan, amount, Razorpay payment/order ID — no card data)
- Basic usage metrics (feature credit consumption per billing cycle)
3. How We Use Your Data
- Authenticate you and maintain your session
- Tailor your CV to specific job descriptions using AI
- Match and score job listings against your profile
- Submit job applications on your behalf via browser automation
- Detect application responses in Gmail (Concierge only, opt-in) and update your dashboard status
- Send transactional emails (application success, HITL alerts, billing confirmations)
- Process payments and manage your subscription plan
ManifestJob DOES NOT use your data for: targeted advertising, selling to data brokers, determining credit-worthiness, interest-based advertising, or training AI models on your personal information.
4. Gmail Access — Detailed Disclosure
This section applies only to users who connect Gmail on the Concierge portal.
4.1 What we read
- Email metadata (sender, subject, date) and snippets from emails likely to be job-related responses
- We search for keywords: "interview," "offer," "rejection," "next steps," "your application," and similar phrases
4.2 What we never do
- We do NOT send emails from your Gmail account
- We do NOT modify, delete, archive, or label your emails
- We do NOT read personal emails unrelated to job applications
- We do NOT store full email body text — only extracted status labels
- We do NOT share Gmail data with third parties
4.3 Revoking Gmail access
You may disconnect Gmail at any time from your Account Settings. You may also revoke access at Google Account Permissions. Revocation immediately stops all Gmail reading. Previously extracted status labels in your dashboard will be retained until account deletion.
Limited Use Disclosure: ManifestJob's use and transfer of information received from Google APIs to any other app will adhere to the
Google API Services User Data Policy,
including the Limited Use requirements.
5. Data Storage & Security
- Infrastructure: AWS (us-east-1) — DynamoDB (user records), S3 (CV files, LinkedIn sessions), Secrets Manager (API keys)
- Encryption in transit: TLS 1.2+ on all connections
- Encryption at rest: DynamoDB and S3 server-side encryption (AES-256)
- Credential vault: Portal passwords encrypted with Fernet symmetric encryption before storage. Only decrypted in-memory during automation
- OAuth tokens: Stored encrypted in DynamoDB. Access tokens are short-lived and refreshed automatically
- Access controls: Strict AWS IAM roles. Admin dashboard requires separate credentials. No user data is exposed in application logs
6. Data Sharing
- AWS: Cloud infrastructure provider. Data never leaves AWS us-east-1 region
- OpenAI / LLM providers: Your CV content is sent to OpenAI APIs for tailoring. OpenAI's data processing agreement applies. We do not send your name, email, or contact details to OpenAI
- Razorpay: Payment processing only. We share your email for payment receipts. Card data is handled entirely by Razorpay
- Amazon SES: Email delivery for transactional notifications
We do not sell, rent, or trade your personal data to any third party.
7. Data Retention & Deletion
- Active accounts: Data retained for the duration of your account
- Deleted accounts: All user data (profile, CV, applications, tokens) deleted within 30 days of account closure request
- Automation logs: Retained for 90 days, then automatically purged
- Payment records: Retained for 7 years per Indian financial record-keeping requirements
Request account deletion: [email protected] with subject line "Data Deletion Request".
8. Your Rights
- Access: Request a copy of your data via email
- Correction: Update your profile and CV through the dashboard
- Deletion: Request full account and data deletion
- Portability: Request your application history and CV data in JSON format
- Revoke Google access: via Google Account Permissions
9. Cookies & Sessions
ManifestJob uses session cookies to maintain your login state. We do not use advertising cookies, third-party tracking pixels, or analytics cookies. Session data is stored server-side in encrypted form and expires after 24 hours of inactivity.
10. Changes to This Policy
We will notify you of material changes via email or in-app banner at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.
11. Contact
For privacy questions or data requests:
- Email: [email protected]
- Subject line: "ManifestJob Privacy Request"
- Business: VARTANA (OPC) PRIVATE LIMITED (CIN: U62090KA2026OPC216160 | GSTIN: 29AALCV9050H1ZS)
- Address: 2B202, Suncity Gloria, Sarjapura Road, Carmelaram, Bangalore South, Bangalore, Karnataka, India, 560035