Privacy Policy

KeyStep (“we”, “us”, “our”) is a job aggregation platform that helps job seekers discover opportunities and recruiters connect with candidates. Our registered contact email is keystep9@gmail.com.

We collect the following personal data when you use KeyStep:

• •Account information — your name and email address, provided when you sign in via Google OAuth or email.
• •Profile data — headline, summary, skills, work experience, location, phone number, LinkedIn URL, and personal website, which you provide voluntarily or which are extracted from your uploaded CV.
• •CV / résumé — the PDF file you upload is stored securely in Vercel Blob storage (private access). Its text is processed by Google Gemini solely to pre-populate your profile fields.
• •Job interactions — jobs you save, applications you track, and filters you apply.
• •Usage data — page views and interaction events collected anonymously via Vercel Analytics.

• •Authenticating your account and maintaining your session.
• •Displaying your profile and powering job-matching features.
• •Sending job alert emails (only if you opt in).
• •Pre-filling your profile from your CV using AI extraction.
• •Improving the platform through aggregated, anonymous analytics.

We do not sell your personal data to third parties or use it for unsolicited advertising.

We share data with the following third parties only as necessary to operate the service:

• •Google OAuth — used for sign-in. Governed by Google’s Privacy Policy.
• •Adzuna, Reed, Remotive & Arbeitnow — job listing providers. Search queries (keyword, location) are sent to their APIs. No personal data is shared.
• •Google Gemini — CV text is sent to Gemini for profile extraction. Text is not stored by Google beyond the API call under standard terms.
• •Vercel — our hosting, database (Neon PostgreSQL via Vercel), and file storage (Vercel Blob) provider.
• •Vercel Analytics — anonymised, cookieless usage analytics.

Your account data is retained for as long as your account is active. Job listings fetched from external APIs are cached for up to 90 days. CV files are deleted from storage immediately when you remove them from your profile or delete your account.

Depending on your jurisdiction you have the right to:

• •Access the personal data we hold about you.
• •Correct inaccurate data via your profile settings.
• •Delete your account and all associated data by contacting us.
• •Export your data in a portable format on request.
• •Object to certain processing activities.

To exercise any of these rights, email keystep9@gmail.com and we will respond within 30 days.

KeyStep uses a single session cookie to keep you signed in (NextAuth). We do not use advertising cookies or third-party tracking pixels. Vercel Analytics is cookieless and does not fingerprint individual users.

All data is transmitted over HTTPS. CV files are stored with private access and are only accessible via short-lived signed URLs generated on request. Database access is restricted to server-side code only.

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the platform after changes constitutes acceptance of the updated policy.

Questions about this policy? Email keystep9@gmail.com.