Your data stays
on your machine.

I. The short version

• Our server stores your email address, your license key, and your Stripe customer ID. That’s it.
• Everything generated by the app — résumés, applications, cover letters, Q&A library, analytics — lives in a SQLite database on your machine. We don’t have a copy.
• The app contacts our server once per day to verify your subscription. The request contains your license key and nothing else.
• No tracking pixels. No Google Analytics. No Facebook Pixel. No session replay. This marketing site ships ~5KB of JS total.

II. What we store, on our server

Account record

• Email address — for license delivery, refunds, and the rare critical update.
• License key — the string the app sends us each day for verification.
• Stripe customer ID — for refunds and tier changes.
• Tier & subscription status — what plan you’re on, when it renews.

License-ping log

When the app verifies your subscription, we log: the license key, an IP address (kept 30 days then dropped), and the timestamp. We use this only to detect license-sharing — if the same key pings from 14 cities in 14 hours, that’s a problem.

III. What stays on your machine

Everything else. The app stores a local SQLite database under your OS’s standard app-data directory:

• Your résumé(s).
• Every job application TimeBaQ has submitted on your behalf.
• The full text of every cover letter.
• Your Q&A library — every screening question and the answer you saved.
• Analytics — counts, timestamps, success/failure breakdowns.
• Per-platform login sessions (sandboxed and encrypted at rest; the encryption key is held in a permission-restricted directory only your user account can read).

We can’t see any of it. If your computer is offline, the app still works for everything except the daily license ping.

IV. Third parties we touch

The minimum set required to run a subscription business:

1. Stripe — payment processing. They see what they have to see (card, billing address). We don’t store card numbers.
2. Cloudflare — hosts our license server and this site, plus the Cloudflare AI Gateway proxy that fronts our AI calls (logging disabled). Standard CDN logs apply.
3. Resend — transactional email (license key delivery, refund confirmations, support replies). No marketing list.
4. Google AI Studio (Gemini), OpenAI, Anthropic — upstream AI providers reached through Cloudflare AI Gateway. Calls are on zero-retention contracts; the gateway has logging off. Gemini and OpenAI are used by the desktop app for cover letters and Q&A; Anthropic is used by the support-email handler.
5. CAPTCHA solver — the app sends image-only CAPTCHA challenges to a paid solver. The challenge image leaves your machine; none of your résumé or form data does.

No data is sold to any third party. Ever.

V. Tracking & analytics

None on this marketing site. No Google Analytics. No Facebook Pixel. No Hotjar. No session replay. No cookie banner because we don’t need consent — there’s nothing to consent to.

The desktop app: beta builds

While TimeBaQ is in beta, the desktop builds we hand to testers ship with usage telemetry and crash & error reporting turned ON by default. We use this short-lived data to find the bugs and rough edges a small beta can’t surface on its own — aggregate feature usage, error traces, and crash reports. The app discloses this on first run and on the Settings → Privacy page, and you can switch both off there at any time. With them off, the only outbound network call is the daily license ping. We never collect the contents of your résumé, applications, cover letters, or Q&A library — telemetry is about how the app behaves, not what you put into it.

The desktop app: stable builds

Once TimeBaQ leaves beta, the stable release reverts to no telemetry by default: usage telemetry and the crash & error reporter are opt-in, off until you turn them on in Settings, and turn themselves back off the moment you uncheck them.

VI. Your rights

Under GDPR, CCPA, and basic decency, you have the right to:

• Ask for a copy of what we store (it’s a 4-line JSON file, we’ll email it).
• Ask for it to be deleted. Once you cancel, your account row is auto-deleted after 30 days unless you ask sooner.
• Object to processing. If you don’t want the daily license ping, cancel; the app stops contacting us.

Email support@timebaq.app with “Privacy” in the subject. A real person responds within ~24h on weekdays.

VII. Contact

TimeBaQ is a solo-developer project. The data controller is one person. Email support@timebaq.app for any privacy question; we’ll add a postal address before EU rollout.