Privacy Policy
Last updated: June 5, 2026
What Nulera is
Nulera is a personal job search CRM that helps you track applications, follow-ups, and interviews. Optionally, you can connect your Google account to send follow-up emails via Gmail and automatically create interview reminders in Google Calendar.
Data we collect
- Account data — your email address and name, used to identify your account.
- Job tracking data — companies, roles, stages, notes, tasks, follow-up dates, and the messages you write or send from inside the app.
- Contacts you add — names, email addresses, phone numbers, LinkedIn links, and your notes about other people (such as someone who works somewhere you're interested in, or a person who helps with hiring). This is other people's information that you choose to save; you're responsible for having a reason to store it, and we process it on your behalf.
- Resumes, cover letters, attachments, and what you're looking for — files you upload (and the text we read from them), and the kinds of roles you tell us you want. We use these in two ways: to attach to your applications, interviews, tasks, or emails; and to personalize the messages Nulera helps you write — your resume and the roles you want give a draft the right facts, and your cover letter is used as a sample of your writing voice so drafts sound like you. That text is sent to Google's Gemini AI models, through the Vercel AI Gateway, only to create suggestions for you (see "How AI features use your information" below) — never used to train AI models, and never sold or shared. These files often contain personal details like your address, phone number, and work history, and are kept in private storage that requires you to be signed in.
- Digest notification email — optionally, a separate email address you can specify in Settings to receive digest emails (defaults to your account email).
- Product feedback — when you submit feedback via the in-app feedback widget, we store your message, the route it was sent from, and your account identifier. You can attach up to three screenshots; those images are deleted automatically when the feedback conversation is closed.
- Sharing data — if you invite someone to review a job, company, or interview prep, we store the email address you invited and the parts of that record you chose to share, so the invited person can see them and leave comments. You can revoke access at any time.
- Account security data — your IP address and browser/device information are stored with your sign-in sessions to keep your account secure and detect abuse.
- Usage telemetry — page-view counts collected by Vercel Analytics in cookieless mode, plus basic in-app activity signals (such as which days you were active and major milestones) used to understand and improve the product. We do not set tracking cookies for analytics.
- Google OAuth tokens — if you connect Google, we store an access token and refresh token to act on your behalf. These are used only to:
- — Send emails you explicitly compose and approve via Gmail
- — Create and manage calendar events on your primary Google Calendar tied to your tracked jobs
Lawful basis for processing (GDPR)
- Contract (GDPR Art. 6(1)(b)) — processing necessary to provide the Nulera service you signed up for: storing your jobs, sending the emails you compose, syncing your calendar.
- Legitimate interest (GDPR Art. 6(1)(f)) — security logs (admin audit trail), abuse detection, and basic product analytics in aggregate. You may object to processing under this basis by emailing the privacy contact below.
- Consent (GDPR Art. 6(1)(a)) — connecting your Google account (you explicitly grant the OAuth scopes and can revoke at any time).
How we use Google data
We request two Google scopes:
- gmail.send— used only when you click "Send via Gmail" in the AI draft modal. We compose the message from content you review and approve; we never read your inbox and never send anything without your explicit action. This is a send-only scope — it grants no ability to read any of your mail.
- calendar.events— used to create reminder events on your primary calendar when you advance a job to an interview stage (auto-create can be toggled off in Settings → Integrations), to update or delete those events when you reschedule or cancel in Nulera, and to scan a narrow time window around your upcoming interviews to surface the recruiter's own invite as a candidate match.
We do not read, store, index, or share any content from your Gmail mailbox. Google data is never sold or used for advertising.
Limited Use of Google user data
Nulera's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google data to provide and improve the features you can see — sending emails you compose and approve, and managing the calendar events tied to your tracked interviews.
- We do not transfer Google data to others except as needed to provide or improve those features, for security purposes, or to comply with applicable law.
- We do not use Google data for advertising, and we never sell it.
- No humans read your Google data, except where you give explicit consent for specific items, where it is necessary for security purposes (such as investigating abuse), or where required by law.
How AI features use your information
Some Nulera features use AI to help you — for example, drafting a message or summarizing a job. To do this, we send the relevant text (which can include parts of your resume, cover letter, job descriptions, and your notes) to Google's Gemini AI models through a service called the Vercel AI Gateway. We set every one of these requests so it can only go to a provider that has agreed not to use your text to train or improve its AI models — and Vercel does not keep your text to improve its own models either. Google may hold onto the text for up to 55 days, only to check for misuse and meet legal requirements, and it does not use that held text to train its models. We do not sell this information, and we only send it when an AI feature you're using needs it. These protections rely on Vercel's and Google's published policies and Vercel's agreements with its AI providers.
Data storage and security
All data is stored in a private PostgreSQL database (Neon, US-East region). Google OAuth tokens are stored encrypted at rest. We use HTTPS for all data in transit. You can disconnect Google at any time from Settings → Integrations, which immediately deletes your stored tokens.
International data transfers
Customer data is stored in the United States. We rely on the EU-US Data Privacy Framework (DPF) for transfers from the European Economic Area, and on Standard Contractual Clauses where DPF coverage is not yet in place. See our sub-processors page for each vendor's DPF status.
Third-party services (sub-processors)
We use these third parties to operate Nulera. The full list with purposes and countries is at /subprocessors:
- Vercel — hosting, serverless functions, blob storage, analytics
- Neon — PostgreSQL database
- Resend — transactional email (verification, password reset, digest notifications)
- Google APIs — OAuth sign-in; Gmail send and Calendar (only when you connect)
- Google Gemini (via Vercel AI Gateway) — AI inference for draft and prep suggestions. Processes the text those features use (which can include your resume, cover letter, the roles you want, and job and contact details), routed only to providers that don't use it to train AI models — never sold
Your rights
Under GDPR, CCPA, and equivalent privacy laws, you have the right to:
- Access + portability — download a copy of all your data in machine-readable JSON via Settings → Danger zone → Download my data.
- Rectification — correct your profile in Settings; edit job and contact data directly inside the app.
- Erasure — delete your account and all associated data from Settings → Danger zone → Delete account. Deletion is immediate and permanent: every job, contact, task, interaction, notification, uploaded file (resumes, cover letters, and attachments), and connected Google token is removed. Any feedback you submitted is de-identified — your email and any screenshots are deleted, and only anonymous text is kept to help improve the product.
- Restriction + objection — email the privacy contact below to restrict specific processing or object to processing under legitimate interest.
- Complaint — you have the right to lodge a complaint with your local supervisory authority (in the EU, your national data protection authority).
If you can't sign in for any reason, email aguvaitkus@gmail.com and we'll exercise the right on your behalf within 30 days (GDPR requires "without undue delay, within one month").
Data retention
Active account data is retained while your account is active. Completed tasks are automatically purged 5 days after they're marked done. When you delete your account, personal data is removed immediately. Database backups follow Neon's standard retention (typically 7–14 days) and are then permanently destroyed.
Children
Nulera is not intended for users under the age of 16. We do not knowingly collect data from anyone under 16. If you believe we have, email the privacy contact below and we will delete the data.
Privacy contact
Questions, concerns, or to exercise any of the rights above, email aguvaitkus@gmail.com. We aim to respond within 5 business days; complex requests take longer but always within the 30-day window required by GDPR.