Introduction
Welcome to AJA-AI ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered job application platform.
AJA-AI is a product of AJA Private Limited, a registered company in Zimbabwe. We operate in full compliance with the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) Data Protection Regulations and the Cyber and Data Protection Act [Chapter 12:07] of Zimbabwe.
Our Commitment: We are dedicated to ensuring that your personal data is handled with the utmost care, transparency, and security. We will never sell your personal information to third parties.
Information We Collect
We collect information that you provide directly to us when you register for an account, create a profile, or use our services. The types of information we collect include:
1. Personal Identification Information
| Data Type | Purpose | Retention Period |
|---|---|---|
| Full Name | Account identification, job applications | Until account deletion |
| Email Address | Account login, notifications, sending applications | Until account deletion |
| Phone Number | Account verification, WhatsApp notifications | Until account deletion |
| Home Address | CV generation, job applications | Until account deletion |
2. Professional Information
- Professional Summary: Your career objectives and professional overview
- Work Experience: Employment history, job titles, responsibilities
- Education: Academic qualifications, institutions, dates
- Skills: Technical and soft skills relevant to your career
- Certifications: Professional certifications and achievements
- References: Professional references (if provided)
- CV/Resume: Uploaded documents containing your professional information
3. Email Authentication Data (Google Authentication)
Secure Google Authentication:
To send job applications on your behalf, we use Google authentication. This is a secure, industry-standard method that:
- Uses Google's secure authentication system - No passwords stored
- Only requests minimal permissions - Only Gmail send access, nothing else
- Uses secure tokens - Access tokens and refresh tokens are securely stored
- Automatically refreshes tokens - Tokens are refreshed automatically to maintain access
- You can revoke access anytime - Through your Google Account settings
4. Subscription and Payment Information
- Subscription plan details
- Payment transaction references (via Paynow)
- Application usage statistics
Note: We do not store credit card numbers or bank account details. All payments are processed securely through Paynow Zimbabwe.
How We Use Your Information
We use the information we collect for the following purposes:
Primary Uses
- Job Application Processing: To generate personalized cover letters and send job applications on your behalf
- CV Generation: To create professional CVs using your profile information
- Auto-Apply Feature: To automatically apply to jobs matching your selected categories (when enabled)
- Account Management: To maintain your account and provide customer support
- Service Improvement: To analyze usage patterns and improve our AI algorithms
We Will Never
- Sell your personal information to third parties
- Use your email credentials for any purpose other than sending job applications
- Share your CV or professional information without your consent
- Send marketing emails to employers using your email address
- Access your email inbox or read your personal emails
Data Sharing, Transfer, and Disclosure
We are committed to protecting your privacy and being transparent about how we handle your data, especially Google user data.
Google User Data - Sharing and Disclosure Policy
We Do NOT Share, Transfer, or Disclose Google User Data:
We do not share, transfer, or disclose your Google user data (including OAuth2 access tokens, refresh tokens, and email authentication credentials) to any third parties, except as strictly necessary to provide the core functionality of our service.
Limited Service Provider Access
The only entities that may have access to your Google user data are:
- Google LLC: When you authenticate with Google, Google processes your authentication. We only receive secure tokens (not your password) that allow us to send emails on your behalf. This is a direct relationship between you and Google, and we do not control or have access to Google's processing of your authentication.
- Our Hosting Provider: Our secure servers hosted by our infrastructure provider may store encrypted Google authentication tokens as part of our secure database storage. These tokens are encrypted using AES-256 encryption and are only accessible to our application for the sole purpose of sending job application emails on your behalf.
What We Do NOT Do with Google User Data
We explicitly do NOT:
- Sell Google user data to third parties, data brokers, or information resellers
- Transfer Google user data to third parties for advertising, marketing, or promotional purposes
- Disclose Google user data to third parties for purposes other than providing our core service
- Share Google user data for targeted advertising, personalized advertisements, retargeted advertisements, or interest-based advertisements
- Use Google user data to determine credit-worthiness or for lending purposes
- Provide Google user data to create databases or train AI models
- Transfer Google user data to any third party for any reason other than the essential technical operation of our email sending service
Purpose-Limited Use
Google user data (OAuth2 tokens) is used exclusively for:
- Sending job application emails on your behalf
- Maintaining secure access to your Gmail account for email sending functionality
- Automatically refreshing authentication tokens to ensure continuous service
We do not use Google user data for any other purpose, including but not limited to:
- Reading or accessing your email inbox
- Accessing your contacts, calendar, or other Google services
- Analyzing your email content or patterns
- Creating user profiles for advertising or marketing
- Any purpose unrelated to sending job application emails
Data Protection and Security
All Google user data (OAuth2 tokens) is:
- Encrypted at rest using AES-256-CBC encryption before being stored in our database
- Decrypted only when needed for the specific purpose of sending emails
- Stored securely on our protected servers with strict access controls
- Never transmitted to any third party except Google's own API (which you authorized)
Your Control: You can revoke our access to your Google account at any time through your Google Account permissions page. When you revoke access, we immediately lose the ability to send emails on your behalf, and we do not retain any Google user data after revocation.
Data Security Measures
We implement robust security measures to protect your personal information:
Technical Safeguards
- Encryption: All sensitive data, including authentication tokens, are encrypted using AES-256 encryption
- HTTPS: All data transmission is secured using TLS/SSL encryption
- Secure Servers: Our servers are hosted in secure data centers with 24/7 monitoring
- Access Controls: Strict access controls limit who can access your data
- Regular Audits: We conduct regular security audits and vulnerability assessments
Organizational Safeguards
- Staff training on data protection and privacy
- Confidentiality agreements with all employees
- Incident response procedures for data breaches
- Regular policy reviews and updates
POTRAZ Compliance: We are fully compliant with the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) data protection regulations and the Cyber and Data Protection Act of Zimbabwe.
Email & Google Authentication Security
We use Google authentication to securely send job applications on your behalf. This is a secure, industry-standard method that eliminates the need for app passwords.
How Google Authentication Works
- Secure Authentication: When you sign in with Google, Google securely authenticates you and grants us limited access
- Minimal Permissions: We only request permission to send emails on your behalf - we cannot read your inbox, access contacts, or do anything else
- Token-Based Access: Google provides us with secure access tokens and refresh tokens (not your password)
- Automatic Token Refresh: Tokens are automatically refreshed to maintain access without requiring you to re-authenticate
- You Control Access: You can revoke our access at any time through your Google Account settings
What We Can and Cannot Do
| We CAN | We CANNOT |
|---|---|
| Send job application emails on your behalf | Read your inbox or existing emails |
| Attach your CV to applications | Access your contacts or calendar |
| Send from your email address | Delete or modify your emails |
| Log sent applications for your records | Use your email for any other purpose |
| Automatically refresh tokens to maintain access | Access your Google account settings or other Google services |
Benefits of Google Authentication:
- No passwords to manage - Google handles authentication securely
- You can revoke access anytime - Through Google Account settings
- More secure than app passwords - Industry-standard security protocol
- Automatic token refresh - No need to re-authenticate frequently
- Minimal permissions - We only request email sending access, nothing more
Revoking Access: If you ever want to revoke our access to send emails on your behalf, you can do so at any time by:
- Going to your Google Account permissions page
- Finding "AJA-AI" in the list of apps with access
- Clicking "Remove" to revoke access
Once revoked, you'll need to sign in with Google again to re-enable email sending.
Your Rights
Under Zimbabwean data protection law and our commitment to transparency, you have the following rights:
1. Right to Access
You can request a copy of all personal data we hold about you at any time through your account settings or by contacting us.
2. Right to Rectification
You can update or correct your personal information at any time through your profile settings.
3. Right to Erasure (Right to be Forgotten)
Delete Your Data Anytime: You can permanently delete all your personal information from our systems with a single click. Go to Settings → Account → Delete Account to remove all your data, including:
- Profile information and CV data
- Email configuration and authentication tokens
- Application history
- Subscription records
4. Right to Data Portability
You can export your data in a machine-readable format upon request.
5. Right to Object
You can object to certain processing of your data, including opting out of the Auto-Apply feature at any time.
6. Right to Withdraw Consent
You can withdraw your consent for data processing at any time by deleting your account or contacting us.
Cookies & Tracking
We use essential cookies to ensure the proper functioning of our platform:
Essential Cookies
- Session Cookies: To maintain your login session
- Security Cookies: To prevent cross-site request forgery
- Preference Cookies: To remember your settings
We do not use third-party tracking cookies or share your browsing data with advertisers.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For significant changes, we will notify you via email or through a prominent notice on our platform
- Your continued use of our services after changes constitutes acceptance of the updated policy
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: