How we handle your data, your AI inputs, and how to report an issue.
Your resume content and account data are encrypted at rest and in transit using industry-standard encryption. Data is used solely to power your account and the features you opt into. Never sold, never rented, never shared with advertisers.
You can export your full resume data at any time, and you can permanently delete your account and all associated data directly from your settings. For full detail, see our Privacy Policy.
Ojamafy uses intelligent model routing to process your content. Different AI models handle different operations (parsing, enhancement, cover letter generation, agentic application) and we contractually require our AI providers to handle your data in line with our Privacy Policy. Your content is not used to train third-party models.
All AI outputs are advisory. Every recommendation, enhancement, or generated document is presented to you for review before any action is taken on your behalf. Nothing is sent or submitted without your explicit approval.
We use a managed authentication provider for password storage, with passwords never directly accessible to us. Sessions are protected by HTTP-only cookies. We rate-limit sensitive endpoints to prevent abuse, monitor for security events, and validate all input at trust boundaries.
If you connect Gmail for OjamaDash, your OAuth tokens are encrypted at rest using AES-128 (Fernet) with a dedicated encryption key, and you can disconnect at any time. Disconnecting permanently and immediately deletes all stored tokens.
If you believe you've found a security vulnerability in Ojamafy, please report it to contact@ojamafy.com with the subject line "Security Vulnerability Report." Please include enough detail for us to reproduce the issue. We'll acknowledge your report within 72 hours.
Please don't publicly disclose the issue until we've had a chance to investigate and fix it. We don't currently run a paid bug bounty program, but we're grateful to researchers who help keep Ojamafy safe.