Last updated: February 2026
Purecraft (“we”, “us”, “our”) operates the Orbit Job Search CRM application at orbitjobs.ai. This Privacy Policy describes how we collect, use, and protect your information.
Account information: When you create an account, we collect your email address and an encrypted password. If you use passkey authentication, we store public key credentials associated with your device.
Application data: Data you enter into Orbit — jobs, contacts, activities, calendar events, resume content, wellness entries, financial runway data, and preferences — is stored in your browser's localStorage for instant access and synchronized to our cloud backend (Supabase) for persistence and cross-device sync.
Profile images: Uploaded profile and contact images are stored in Supabase Storage, scoped to your user account.
Usage analytics: We use Vercel Analytics to collect anonymized, aggregated usage data (page views, Web Vitals). This data does not include personally identifiable information.
Orbit offers optional AI-powered features (resume tailoring, job description parsing, Scout chat assistant, contact parsing). These features require you to provide your own API keys for OpenAI and/or Anthropic.
Your API keys are stored exclusively in your browser's localStorage and are never transmitted to or stored on our servers. They are stripped from any data synced to the cloud. When you use AI features, your API key is sent directly from your browser to the AI provider's API via our server-side proxy (to protect the key from exposure in client-side network traffic), and is not retained after the request completes.
We use your data to:
We do not sell your data, use it for advertising, or share it with third parties except as described in this policy.
Your data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) enforced — your data is only accessible to your authenticated account. Supabase infrastructure is hosted on AWS.
All data in transit is encrypted via TLS. Supabase encrypts data at rest. Our application enforces comprehensive security headers including Content Security Policy, HSTS, and X-Frame-Options.
We use cookies solely for authentication (Supabase session cookies prefixed sb-). We do not use advertising, tracking, or third-party cookies.
Your data is retained as long as your account is active. You may export all your data at any time from Settings → Your Data. You may delete your account from Settings → Account, which permanently removes all cloud-stored data, including database records and uploaded images. localStorage data remains on your device until you clear it.
You have the right to access, export, correct, and delete your data at any time through the application's built-in tools. For additional requests, contact us at the email below.
We may update this policy from time to time. We will notify users of material changes via the application. The “Last updated” date at the top reflects the most recent revision.
If you have questions about this Privacy Policy, please contact us at privacy@orbitjobs.ai.