Privacy Policy

Effective date: 1 May 2026

This Privacy Policy explains what personal data JYRY AI collects, why we collect it, how we store it, and what rights you have. We aim to keep this policy short and honest.

1. Who we are

The data controller for the JYRY AI service is Hadi Saleh, based in Kuwait, operating the JYRY AI Telegram bot. Contact: jyrygroup@gmail.com.

2. What we collect

When you use the Service, we store the following data in our database, all of which you provide directly:

• Your Telegram user ID — a numeric identifier issued by Telegram. We use it to recognise you across sessions.
• Your full name — used as the "From" name in the application emails the bot sends through your Gmail account.
• Your Gmail address — the account from which application emails will be sent.
• Your Google App Password — stored encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256). We need it to authenticate to Gmail's SMTP server on your behalf. We never log or display it after you submit it.
• Your preferences — selected professions, German states, application templates and CV/cover letter content that you provide.
• Your application history — which employers were contacted, when, and the delivery outcome (sent / failed / bounced). Each employer is deduplicated so you never apply twice to the same posting.
• Billing identifiers — your subscription ID and customer ID from Paddle. We do not store your full card number; only Paddle does.

3. What we do NOT collect

• This website (the page you are reading) does not set any cookies, does not load any third-party scripts, fonts or analytics, and does not log visitor IPs beyond what your server connection requires to deliver the page.
• We do not read the contents of your Gmail inbox, sent folder, or replies from employers. Our SMTP connection is one-way: we authenticate to send, then disconnect.
• We do not sell, rent or share your personal data with advertisers or data brokers.

4. Why we collect each item (legal basis)

All data above is processed on the basis of performance of a contract (Art. 6(1)(b) GDPR) — we cannot deliver the Service you subscribed to without it. The encrypted App Password is additionally subject to a confidentiality obligation we impose on ourselves.

5. Who receives your data

• The employer you chose to apply to — receives your application email, name, Gmail address, and any attached documents (CV, certificates). This is the whole point of the Service.
• Paddle.com Market Limited — receives the data necessary to charge your payment method, issue receipts and remit applicable taxes. See Paddle's Privacy Policy.
• Telegram — receives the messages you exchange with the bot, as part of operating Telegram itself. See Telegram's Privacy Policy.
• Google — receives your SMTP authentication and the outbound emails routed through your own Gmail account. See Google's Privacy Policy.
• Our hosting provider (Oracle Cloud) — operates the servers where the bot and database run.

6. Where your data is stored

Our application database runs on a server hosted by Oracle Cloud. The server may be physically located outside the European Union. Where data is transferred outside the EU/EEA, we rely on the appropriate safeguards (standard contractual clauses with our processors). Paddle processes payments in the United Kingdom and the European Union.

7. How long we keep it

We keep your data for as long as your subscription (free or paid) is active, plus six months after your last activity, to deal with any billing disputes or support questions. After that, the bot deletes your profile, encrypted password, and application history. You can request earlier deletion at any time.

8. Your rights under the GDPR

If your data falls under EU/UK data-protection law, you have the right to:

• Access the data we hold about you;
• Have inaccurate data corrected;
• Have your data deleted ("right to be forgotten");
• Receive your data in a portable format;
• Object to processing or request its restriction;
• Lodge a complaint with a supervisory authority in your EU country of residence.

To exercise these rights, email jyrygroup@gmail.com. We will respond within 30 days.

9. Security

Your Gmail App Password is encrypted at rest with Fernet. Database backups are encrypted. All traffic between your browser/bot and our servers uses HTTPS / TLS 1.2+. Access to the production database is restricted to the operator (Hadi Saleh) and requires SSH key authentication. We will notify you and the appropriate supervisory authority within 72 hours of becoming aware of any breach that is likely to affect your rights.

10. Changes to this policy

If we change this policy in a way that meaningfully affects your rights, we will announce the change inside the Telegram bot at least 30 days in advance and update the effective date at the top of this page.

11. Contact

Privacy questions or data requests: jyrygroup@gmail.com.