Privacy Policy

Overview

JobSentinel is an open-source job scam detection tool. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

What We Collect

When you use the web analyzer

• Job posting text — The text you paste into the analyzer. We process it to detect scam signals and return a risk score.
• IP address — Used solely for rate limiting (10 requests/minute). We do not store IP addresses beyond the rate-limit window (60 seconds).
• Scan metadata — Job title, company name, risk score, and signal count are logged to our database to improve detection accuracy. Raw job description text is not stored.

When you submit a report

• URL — The job posting URL you report.
• Verdict — Whether you marked it as scam or legitimate.
• Reason — Optional text explaining why.

When you use the browser extension

• The extension reads job posting content from the current page and sends it to our API for analysis.
• Analysis results are cached locally in your browser (chrome.storage.local) for 24 hours.
• No browsing history, credentials, or personal data is collected.

What we do NOT collect

• No personal information (name, email, phone)
• No account creation required
• No cookies for tracking or advertising
• No third-party analytics or advertising scripts
• No selling or sharing of any data with third parties

How We Use Data

• Scam detection — Analyzing the text you submit and returning a risk score.
• Service improvement — Aggregate scan statistics (total scans, risk level distribution) help us measure detection accuracy.
• User reports — Community reports of scams and legitimate postings help us calibrate signal weights and detect new scam patterns.

Data Storage

• Scan metadata is stored in a Cloudflare D1 database (SQLite at the edge).
• Rate limit data is stored in Cloudflare KV with a 70-second TTL and is automatically deleted.
• No data is stored in regions outside of Cloudflare's global network.

Data Retention

• Scan metadata — Retained for 90 days, then automatically purged.
• User reports — Retained indefinitely to improve detection (reports contain no personal data).
• Rate limit data — Automatically deleted after 70 seconds.

Your Rights

• You can use JobSentinel without creating an account or providing personal information.
• The client-side demo on our homepage processes everything in your browser — no data leaves your device.
• You can run JobSentinel locally (pip install sentinel) for fully offline analysis.
• To request deletion of any data associated with a URL you reported, email ericrihm@gmail.com.

Third-Party Services

• Cloudflare Workers — Our API runs on Cloudflare's edge network. See Cloudflare's privacy policy.
• GitHub Pages — Our website is hosted on GitHub Pages. See GitHub's privacy statement.

Open Source

JobSentinel is fully open source under the MIT license. You can inspect exactly what data is collected by reading our source code on GitHub. The API worker code, signal detection logic, and database schema are all publicly auditable.

Changes

We may update this policy as the service evolves. Changes will be committed to the GitHub repository and reflected on this page with an updated date.

Contact

Questions about this privacy policy? Open an issue on GitHub or email ericrihm@gmail.com.