Privacy Policy

What Nulera is

Nulera is a personal job search CRM that helps you track applications, follow-ups, and interviews. Optionally, you can connect your Google account to send follow-up emails via Gmail and automatically create interview reminders in Google Calendar.

Data we collect

• Account data — your email address and name, used to identify your account.
• Job tracking data — companies, roles, stages, notes, tasks, and follow-up dates you create inside the app.
• Digest notification email — optionally, a separate email address you can specify in Settings to receive digest emails (defaults to your account email).
• Product feedback — when you submit feedback via the in-app feedback widget, we store your message, the route it was sent from, and your account identifier. Anonymous feedback (no account) is also accepted.
• Usage telemetry — page-view counts collected by Vercel Analytics in cookieless mode. We do not set tracking cookies for analytics.
• Google OAuth tokens — if you connect Google, we store an access token and refresh token to act on your behalf. These are used only to:
  • — Send emails you explicitly compose and approve via Gmail
  • — Create and manage calendar events on your primary Google Calendar tied to your tracked jobs

Lawful basis for processing (GDPR)

• Contract (GDPR Art. 6(1)(b)) — processing necessary to provide the Nulera service you signed up for: storing your jobs, sending the emails you compose, syncing your calendar.
• Legitimate interest (GDPR Art. 6(1)(f)) — security logs (admin audit trail), abuse detection, and basic product analytics in aggregate. You may object to processing under this basis by emailing the privacy contact below.
• Consent (GDPR Art. 6(1)(a)) — connecting your Google account (you explicitly grant the OAuth scopes and can revoke at any time).

How we use Google data

We request two Google scopes:

• gmail.send— used only when you click "Send via Gmail" in the AI draft modal. We compose the message from content you review and approve; we never read your inbox and never send anything without your explicit action. This is a send-only scope — it grants no ability to read any of your mail.
• calendar.events— used to create reminder events on your primary calendar when you advance a job to an interview stage (auto-create can be toggled off in Settings → Integrations), to update or delete those events when you reschedule or cancel in Nulera, and to scan a narrow time window around your upcoming interviews to surface the recruiter's own invite as a candidate match.

We do not read, store, index, or share any content from your Gmail mailbox. Google data is never sold or used for advertising.

Data storage and security

All data is stored in a private PostgreSQL database (Neon, US-East region). Google OAuth tokens are stored encrypted at rest. We use HTTPS for all data in transit. You can disconnect Google at any time from Settings → Integrations, which immediately deletes your stored tokens.

International data transfers

Customer data is stored in the United States. We rely on the EU-US Data Privacy Framework (DPF) for transfers from the European Economic Area, and on Standard Contractual Clauses where DPF coverage is not yet in place. See our sub-processors page for each vendor's DPF status.

Third-party services (sub-processors)

We use these third parties to operate Nulera. The full list with purposes and countries is at /subprocessors:

• Vercel — hosting, serverless functions, blob storage, analytics
• Neon — PostgreSQL database
• Resend — transactional email (verification, password reset, digest notifications)
• Google APIs — OAuth sign-in; Gmail send and Calendar (only when you connect)
• Groq — AI inference for draft suggestions and prep questions (processes the text you submit to AI features)

Your rights

Under GDPR, CCPA, and equivalent privacy laws, you have the right to:

• Access + portability — download a copy of all your data in machine-readable JSON via Settings → Danger zone → Download my data.
• Rectification — correct your profile in Settings; edit job and contact data directly inside the app.
• Erasure — delete your account and all associated data from Settings → Danger zone → Delete account. Deletion is immediate and permanent: every job, contact, task, interaction, feedback submission, notification, and connected Google token is removed.
• Restriction + objection — email the privacy contact below to restrict specific processing or object to processing under legitimate interest.
• Complaint — you have the right to lodge a complaint with your local supervisory authority (in the EU, your national data protection authority).

If you can't sign in for any reason, email aguvaitkus@gmail.com and we'll exercise the right on your behalf within 30 days (GDPR requires "without undue delay, within one month").

Data retention

Active account data is retained while your account is active. Completed tasks are automatically purged 5 days after they're marked done. When you delete your account, personal data is removed immediately. Database backups follow Neon's standard retention (typically 7–14 days) and are then permanently destroyed.

Children

Nulera is not intended for users under the age of 16. We do not knowingly collect data from anyone under 16. If you believe we have, email the privacy contact below and we will delete the data.