Privacy Policy
Last Updated: March 15, 2026
This Privacy Policy describes how Doda ("Doda," "we," "us," and "our") collects, uses, stores, and protects your personal information when you use our website, Chrome extension, and related services (collectively the "Services"). By using the Services, you consent to the practices described in this policy.
Doda is operated from Ontario, Canada. This policy is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.
1. Information We Collect
1.1 Information You Provide
When you create an account and use the Services, you may provide:
- Account information — your email address and full name, provided during sign-up via our authentication provider
- Resume content — if you upload a resume file (PDF or DOCX, up to 5 MB), we extract your professional summary, work experience, education, skills, and contact details (location, phone number, LinkedIn URL, website). The uploaded file is stored securely in our database.
- Profile information — if you enter your information manually instead of uploading a resume, we store the same categories of data listed above
- Payment information — when purchasing credits, your payment details (card number, billing address) are collected and processed entirely by our third-party payment processor, Chargebee. We never see or store your payment card data. We do store your purchase history (credits purchased, amount, and transaction status).
1.2 Information Collected Automatically
- Job posting content — when you click "Tailor Resume" on a job posting page, the extension reads the page title, URL, and text content (up to 15,000 characters) of the active browser tab. This only occurs when you explicitly initiate it; the extension never reads page content in the background.
- Session data — we store a session identifier in a secure, HTTP-only cookie to keep you signed in. See Section 5 for details.
1.3 Information We Do NOT Collect
We do not collect:
- Browsing history or activity on any website
- Device identifiers or fingerprints
- Location data (other than what you include in your resume profile)
- Analytics, behavioral tracking, or session recordings
- Data from pages you visit unless you explicitly click "Tailor Resume"
2. How We Use Your Information
We use your information solely to provide and improve the Services:
- Resume tailoring — your profile data and the extracted job posting are sent to our AI provider to generate a tailored resume and cover letter for the specific job
- Resume parsing — if you upload a resume file, it is sent to our resume parsing provider to extract structured data (name, experience, education, skills). The parsing provider does not retain your file.
- Authentication — your email address is used to verify your identity and send sign-in codes
- Payment processing — your email and selected credit pack are sent to our payment processor to complete purchases
- Application history — tailored resumes and cover letters are stored so you can access them later
- Service improvement — we may use de-identified, aggregated data to improve the Services. We will never use identifiable personal information for this purpose.
3. Third-Party Service Providers
We share your information with the following third-party providers, solely to operate the Services. Each provider processes data only as necessary for its specific function.
| Provider | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude API) | AI-powered resume tailoring and cover letter generation | Your profile data (summary, work experience, education, skills) and the job posting text. Anthropic does not use API inputs to train its models. |
| Auth0 (by Okta) | User authentication | Email address, name, authentication events. Auth0 stores your identity profile and login history. |
| RChilli | Resume file parsing | Your uploaded resume file (PDF or DOCX). RChilli extracts structured data and returns it to us. RChilli does not retain your file after processing. |
| Chargebee | Payment processing and billing | Email address, credit pack selection. Chargebee handles all payment card processing. Chargebee retains payment records as required by financial regulations. |
| Purelymail (via Auth0) | Transactional email delivery | Your email address and one-time sign-in codes. Purelymail delivers emails on behalf of Auth0. |
| Fly.io | Application hosting | All application data transits through Fly.io infrastructure. |
| Neon | Database hosting (PostgreSQL) | All stored user data resides in a Neon-managed database. |
We do not sell, rent, or share your personal information with third parties for their marketing purposes. We do not use any third-party analytics, advertising, or tracking services.
4. Data Storage and Cross-Border Transfers
Our servers and database are hosted in the United States via Fly.io and Neon. Our third-party providers (Anthropic, Auth0, Chargebee, SendGrid) also process data in the United States. By using the Services, you consent to the transfer and processing of your data in the United States.
All data is encrypted in transit using HTTPS/TLS. Session cookies are secured with HttpOnly, Secure, and SameSite attributes.
5. Cookies
We use a single cookie for authentication:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
YodaDodaSession |
Maintains your authenticated session so you stay signed in | Up to 7 days | Strictly necessary (HttpOnly, Secure) |
We do not use any analytics cookies, advertising cookies, or third-party tracking cookies. We do not use local storage for tracking purposes.
6. Data Retention
| Data | Retention Period |
|---|---|
| Account and profile data | Until you delete your account |
| Uploaded resume files | Until you delete your account |
| Tailored resumes and cover letters | Until you delete your account |
| Credit balance and transaction history | Until you delete your account |
| Authentication sessions | Up to 7 days, or until you sign out |
| Payment records at Chargebee | Retained by Chargebee per financial regulations |
We do not automatically delete inactive accounts. All data associated with your account is retained until you choose to delete it.
7. Your Rights and Choices
7.1 Access and Deletion
You can access all of your personal information through the extension at any time — your profile, resume, tailored documents, and transaction history are all visible in the app.
You may permanently delete your account and all associated data at any time from the Account page in the extension. Account deletion is immediate and irreversible. When you delete your account, we delete:
- Your user profile and all personal information
- Uploaded resume files
- All tailored resumes and cover letters
- Skills, work experience, and education entries
- Credit balance and transaction records
- All session data
We also revoke your authentication tokens at Auth0. Payment records held by Chargebee are retained by Chargebee in accordance with financial regulations and their own privacy policy.
7.2 Consent Withdrawal
You may withdraw your consent to data processing at any time by deleting your account. Note that withdrawing consent means you will no longer be able to use the Services.
7.3 Browser Permissions
The Chrome extension requests permission to read page content only when you initiate a job scan. You can revoke the extension's permissions at any time through your browser's extension settings. The extension uses Chrome's optional permissions model — it requests access to specific websites only when needed and only with your approval.
8. Security
We implement the following security measures to protect your data:
- HTTPS/TLS encryption for all data in transit
- HttpOnly, Secure cookies to prevent cross-site scripting attacks
- Strict security headers (HSTS, X-Frame-Options, Content-Type-Options, Referrer-Policy, Permissions-Policy)
- Rate limiting on sign-ups and API requests to prevent abuse
- Session expiration with absolute maximum lifetime
- No storage of payment card data (handled entirely by Chargebee)
While we take reasonable measures to protect your information, no method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us immediately at privacy@yodadoda.com.
9. Children's Privacy
The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us at privacy@yodadoda.com and we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time by posting a revised version on this page. The "Last Updated" date at the top indicates when the policy was last changed. We encourage you to review this page periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the updated policy.
For material changes that significantly affect how we handle your personal information, we will make reasonable efforts to notify you (for example, via a notice in the extension).
11. Contact Us
If you have any questions about this Privacy Policy, your personal data, or our privacy practices, please contact us at:
For general support inquiries, contact us at support@yodadoda.com.