Privacy Policy
Last updated: March 25, 2026
Jobbot Inc. ("Forage Bot," "we," "us," or "our"), a Delaware C-Corporation, is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information ("Personal Data") when you use our websites, applications, and services (collectively, the "Services") at forage.bot and its subdomains (*.forage.bot). For purposes of the EU General Data Protection Regulation ("GDPR") and UK GDPR, Jobbot Inc. is the data controller.
By using our Services, you acknowledge and agree to the data practices described in this policy. If you do not agree, please do not use our Services.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, company name, and password when you create an account.
- Payment Information: Billing details and transaction information are processed securely through Stripe. We do not store your full credit card number, expiration date, or CVC on our servers. Stripe handles all payment data in accordance with PCI-DSS standards. We may retain limited payment-related information such as payment method type, last four digits, expiration month/year, and billing address (as provided by Stripe) to manage subscriptions, invoices, refunds, and fraud prevention.
- Communications: Content of emails, support requests, and feedback you send to us at hello@forage.bot, including any attachments. We may also collect delivery and engagement metadata for messages we send (e.g., email address, send time, opens, clicks, and bounce status) through Resend.
- User Content: Data, text, prompts, instructions, files, and other content you submit, upload, or provide as input to our AI-powered tools ("User Content"), as well as outputs generated based on that input. Sensitive Personal Information: Please do not submit sensitive personal information (e.g., government ID numbers, full payment card details, health information, biometric data, or precise geolocation) unless it is necessary for the service and you have the lawful right to do so.
1.2 Information Collected Automatically
- Usage Data: Pages visited (including across *.forage.bot subdomains), features used, actions taken, time spent, search queries, and interaction patterns.
- Device Information: Browser type and version, operating system, device type, unique device identifiers, screen resolution, language preferences, and time zone.
- Log Data: IP address, access times, referring URLs, pages viewed, clicks, error logs, and system activity logs.
- Location Information: Approximate geographic location based on your IP address (country and city level only). We do not collect precise geolocation data.
- Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies. See Section 8 below for details.
1.3 Information from Third Parties
We may receive information from third-party services you connect to your account, such as analytics platforms, business tools, or authentication providers you integrate with our Services. We may also receive information from our payment processor (Stripe) regarding your payment status and transaction history.
2. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Services | Contract performance |
| Process payments and subscriptions | Contract performance |
| Send transactional emails (receipts, account updates) | Contract performance |
| Respond to support requests | Contract performance |
| Improve and develop new features | Legitimate interest |
| Analyze usage patterns and performance | Legitimate interest |
| Detect and prevent fraud or abuse | Legitimate interest |
| Send marketing communications (with consent) | Consent |
| Comply with legal obligations | Legal obligation |
AI Model Training: We do not use your Personal Data or User Content to train or fine-tune AI models unless you provide explicit, opt-in consent. We may use de-identified and aggregated usage data (that does not identify you or include your content) for analytics and to improve the Services.
3. How We Share Your Information
We do not sell, rent, or trade your personal information. We also do not "sell" or "share" personal information as those terms are defined under the CCPA/CPRA or other applicable U.S. state privacy laws. We share data only in the following limited circumstances:
3.1 Service Providers (Subprocessors)
We share information with trusted third-party providers (subprocessors) who help us operate our Services. These providers are contractually obligated to protect your information, may only process it on our instructions and for the purposes described, and are subject to appropriate data processing agreements:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, billing address, payment method details, transaction and fraud-prevention data |
| Vercel | Website/app hosting, CDN, and security | IP address, device/browser information, request/response metadata, and access logs |
| AI Model Providers (e.g., OpenRouter, Anthropic, OpenAI) | AI feature processing | Prompts, inputs, and related context for AI processing (pseudonymized/anonymized where feasible). We configure providers to restrict use of User Content for provider model training where available. |
| Resend | Transactional email delivery | Email address, recipient name, message content, and delivery events (sent, delivered, bounced) |
We conduct due diligence on all service providers and require appropriate security measures. We will provide notice of material changes to our subprocessor list, where required by applicable data protection law, by updating this policy or notifying affected users by email. For GDPR and UK GDPR purposes, Forage Bot acts as the data controller, and our subprocessors act as data processors under our instructions.
3.2 Legal Requirements and Protection of Rights
We may disclose your information when we believe in good faith that disclosure is necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request.
- Enforce our Terms of Service, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
- Protect the rights, property, or safety of Forage Bot, our users, or the public as required or permitted by law.
Where possible and legally permissible, we will notify you of such disclosures.
3.3 Business Transfers
If Forage Bot is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any such change in ownership, and of any choices you may have regarding your information, before your Personal Data is transferred and becomes subject to a different privacy policy.
4. Data Retention
We retain your Personal Data for as long as necessary to provide the Services and fulfill the purposes described in this policy, or as required by applicable law. Specifically:
- Account data: Retained while your account is active, plus 30 days after account deletion to allow for recovery and dispute resolution.
- Payment records: Retained for 7 years to comply with tax, financial reporting, and anti-fraud obligations.
- Usage logs: Retained for up to 12 months for analytics, security, and debugging purposes, then aggregated or deleted.
- Support communications: Retained for up to 3 years after resolution for quality assurance and legal compliance.
- AI processing inputs: Not retained after processing is complete, unless required to deliver ongoing service features you have enabled. Transient data sent to AI model providers is subject to those providers' data retention policies, which we work to minimize.
- Legal and compliance data: Certain data may be retained for longer periods as required by law, regulation, or to establish, exercise, or defend legal claims.
When data is no longer needed, we delete or anonymize it in accordance with our internal data management procedures. You may request deletion at any time by contacting us, subject to legal retention requirements.
5. Your Rights
5.1 Rights for All Users
Regardless of your location, you have the right to:
- Access: Request a copy of the Personal Data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your Personal Data, subject to legal, security, fraud-prevention, and contractual retention requirements.
- Data Portability: Receive certain data you provided to us in a structured, commonly used, machine-readable format.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before withdrawal.
- Opt-Out of Marketing: Unsubscribe from marketing communications at any time using the unsubscribe link in our emails or by contacting us.
To exercise any of these rights, contact us at hello@forage.bot. We may request information to verify your identity and authority to make the request. We will respond within the time periods required by applicable law (typically within 30 days).
5.2 Additional Rights Under GDPR (EEA/UK Residents)
If you are located in the European Economic Area or the United Kingdom, you also have the right to:
- Restrict Processing: Request that we limit how we process your data in certain circumstances.
- Object to Processing: Object to processing based on legitimate interests, and object at any time to processing for direct marketing purposes.
- Automated Decision-Making: Not be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects, except as permitted under GDPR. Where applicable, you may request human intervention and contest the decision.
- Lodge a Complaint: File a complaint with your local data protection authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk.
For GDPR and UK GDPR purposes, Jobbot Inc. is the data controller. We process data under the legal bases described in Section 2. For transfers of data outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission. For transfers from the UK, we rely on the UK International Data Transfer Addendum (UK IDTA) to the EU Standard Contractual Clauses, as approved by the UK Information Commissioner.
5.3 Additional Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected in the preceding 12 months, the sources of collection, the business or commercial purposes for collecting or selling it, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions (such as when retention is necessary for legal compliance, fraud prevention, or completing a transaction).
- Right to Correct: You may request correction of inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising as defined by the CCPA/CPRA. If this practice changes in the future, we will provide a conspicuous "Do Not Sell or Share My Personal Information" link on our website and update this policy accordingly.
- Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information (as defined by the CCPA/CPRA), you may request that we limit its use to what is necessary to provide the Services. Categories of sensitive personal information we may collect include account login credentials and payment information (processed via Stripe).
- Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights, including by denying services, charging different prices, or providing a different level of quality.
CCPA Disclosures: In the preceding 12 months, we have collected the categories of personal information described in Section 1 from the sources described therein, for the business purposes described in Section 2, and shared it with the categories of third parties described in Section 3. We have not sold personal information. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
To submit a request, email hello@forage.bot. You may also designate an authorized agent to make a request on your behalf. We will verify your identity (and your agent's authority, if applicable) before processing your request and respond within 45 days (with an option to extend by an additional 45 days if reasonably necessary, with notice).
5.4 Other US State Privacy Laws
If you reside in a US state with a comprehensive privacy law (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, and others), you may have similar rights to access, delete, correct, and opt out of certain processing (including targeted advertising, profiling, and sales of personal data). To exercise these rights, contact us at hello@forage.bot. We will process your request in accordance with the applicable state law and respond within the timeframe required by that law. If we deny your request, you may have the right to appeal by contacting us.
6. Data Security
We implement appropriate technical and organizational measures to protect your Personal Data, including:
- Encryption of data in transit (TLS 1.2+ / HTTPS) and at rest.
- Access controls limiting employee and contractor access to Personal Data on a need-to-know basis, with role-based permissions and multi-factor authentication.
- Regular security assessments, vulnerability scanning, and monitoring.
- Secure hosting infrastructure through Vercel with SOC 2 compliance.
- Secure payment processing through Stripe with PCI-DSS Level 1 certification.
- Incident response procedures to detect, respond to, and recover from security incidents.
While we strive to use commercially reasonable means to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Services at your own risk. If you become aware of any unauthorized access to your account, please notify us immediately at hello@forage.bot.
7. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users by email without undue delay and no later than 72 hours after becoming aware of the breach, as required by GDPR.
- Notify the relevant supervisory authority within 72 hours where required by applicable law.
- Provide details of the nature of the breach, the data affected, the likely consequences, and the measures taken to address and mitigate the breach.
- Cooperate with regulatory authorities as required.
8. Cookies and Tracking Technologies
We use cookies and similar technologies (such as local storage and web beacons) on our websites and Services, including *.forage.bot subdomains, for the following purposes:
| Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Authentication, security, fraud prevention, load balancing, and core functionality | Session / up to 1 year |
| Functional Cookies | Remembering your preferences and settings (such as language or display choices) | Session / up to 1 year |
| Analytics Cookies | Understanding usage patterns, measuring performance, and improving the Services (in aggregate where possible) | Up to 13 months |
We do not use cookies for targeted advertising, cross-site behavioral tracking, or to sell or share your personal information for advertising purposes. Some cookies may be set by service providers that help us deliver the Services (for example, Stripe for payments and Resend for email delivery) and are used only for providing and securing the Services.
EU/UK Cookie Consent: Where required by applicable law (including the EU ePrivacy Directive and UK PECR), we will request your consent before placing non-essential cookies, and you can withdraw consent at any time by adjusting your cookie preferences or browser settings. You can also control and delete cookies through your browser settings. Disabling essential cookies may affect the functionality of the Services. For more information about cookies, visit www.allaboutcookies.org.
9. Children's Privacy
Our Services are designed for business use and are not directed to individuals under the age of 16 (or under 13 in the United States). We do not knowingly collect Personal Data from children under these ages. If we become aware that we have collected data from a child under the applicable age threshold, we will promptly delete it and terminate the associated account. If you believe a child has provided us with personal information, please contact us immediately at hello@forage.bot.
10. International Data Transfers
Our Services are primarily hosted in the United States, and we and our service providers (including Stripe for payments and Resend for email delivery) may process and store Personal Data in the United States and other countries where we or our subprocessors operate. If you access the Services from outside the United States, your Personal Data may be transferred to, processed, and stored in the United States or other jurisdictions that may not provide the same level of data protection as your home country.
For transfers from the European Economic Area (EEA) and Switzerland, we implement appropriate safeguards required under applicable law, including Standard Contractual Clauses approved by the European Commission. For transfers from the United Kingdom, we rely on the UK International Data Transfer Addendum (UK IDTA) to the EU Standard Contractual Clauses, as approved by the UK Information Commissioner. We also implement supplementary measures (including encryption, access controls, and data minimization) to protect your Personal Data during transfer.
Entities Involved: The data exporter is Jobbot Inc. (Delaware, USA). Data is imported to and processed in the United States by Jobbot Inc. and its subprocessors listed in Section 3.1. You may request a copy of the relevant transfer safeguards by contacting us at hello@forage.bot.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on our website at least 30 days before the changes take effect. Non-material changes (such as corrections or clarifications) may be made at any time and will be effective upon posting. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy. If you do not agree with the changes, you should stop using the Services.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: hello@forage.bot
- Entity: Jobbot Inc., a Delaware C-Corporation
- Subject Line: For privacy-related requests, please include "Privacy Request" in your subject line to help us route your inquiry promptly.
For GDPR and UK GDPR-related inquiries, you may also contact your local data protection authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk. We will make every effort to resolve your concern before you feel it necessary to contact a supervisory authority.