Privacy Policy

Kyrolane ("Kyrolane," "we," "us," or "our") operates https://www.kyrolane.com and related services. This Privacy Policy explains how we collect, use, store, and protect information when you use our job search and application workspace.

Privacy is a core product principle—not an afterthought. Kyrolane is built to consolidate job search workflows in one place. We are not a data broker, we do not sell private user lists, and we do not operate a bulk email relay.

By using Kyrolane, you agree to this policy. If you do not agree, please do not use the service.

Kyrolane is an AI-assisted workspace that helps job seekers discover roles, draft applications, find apply-to contacts, and track outreach—all with you in control of every send.

• A job application workspace that consolidates listings, drafts, contacts, and tracking in one account.
• A reader of publicly available job catalog data ingested from licensed job data providers and public feeds. Kyrolane does not write to those shared catalog collections from the web app.
• A productivity tool where you review, edit, and approve every email before it leaves your inbox.
• Not a data marketplace. We do not sell, rent, or license your personal information or your private contact lists to third parties.
• Not an auto-apply bot. We do not mass-submit applications, bypass employer application flows, or scrape private social profiles.
• Not an anonymous sending pool. Messages send from mail you control (Gmail, Outlook, or your SMTP).

We collect information you provide directly and data generated when you use the product. We minimize collection to what is needed to run the workspace.

• Account details: name, email address, password (hashed), and subscription status.
• Profile and resume data: work history, skills, preferences, and files you upload.
• Job and application data: saved jobs, generated cover letters, send history, and tracking events such as email opens (when you enable tracking).
• Email connection data: when you connect Gmail or Outlook, we store OAuth tokens needed to send mail from your inbox on your instruction, plus the connected email address.
• SMTP credentials (optional): if you use advanced SMTP settings, we store your mail server configuration and encrypted app password.
• API keys you add: optional third-party keys for AI or email lookup services you choose to connect, stored encrypted in your workspace—we never expose them to other users.
• Usage and analytics: pages visited, feature usage, and cookie preferences when you accept analytics cookies.
• Payment data: processed by Stripe; we receive subscription status and customer identifiers, not full card numbers.

Kyrolane consolidates job postings from public and licensed sources into a shared catalog so you can search, filter, and apply from one workspace instead of juggling multiple job boards.

Our job-ingestion pipeline fetches listings that employers and job boards have already published publicly. We classify and deduplicate them for search relevance. The web app reads this catalog; it does not scrape private profiles, connection graphs, or non-public account data.

Job listing text, company names, locations, and apply URLs are stored in our database as catalog metadata—not as personal data about you unless you save or interact with a specific role in your account.

• Sources include licensed job search APIs and public remote-job feeds—not private user databases.
• We store job metadata to power search, match scoring, and your saved-job pipeline.
• We do not claim ownership of third-party job postings; rights remain with the original publishers.

When you ask Kyrolane to suggest an apply-to email for a job, we use Kyrolane’s own email-intelligence pipeline first—not a hidden broker of private records.

Our email-intelligence service resolves company domains and discovers professional contact signals from public sources: job description text, careers pages, publicly indexed recruiter names, and DNS/SMTP validation checks. We do not send email during discovery—we only verify that an address is plausibly reachable.

Discovery runs in this order: (1) explicit apply-to addresses on the job posting, (2) results from our email-intelligence pipeline, (3) our Kyrolane hiring-contact directory—a cache of previously verified professional contacts built from public sources and our pipeline, (4) your manual override, (5) optional third-party email lookup only when you or Kyrolane have configured a lookup service and earlier steps fail.

When a contact is shown, we indicate the source (posting, intelligence pipeline, directory, manual entry, or optional third-party lookup) so you can judge whether to use it.

Email delivery is separate from contact discovery. Outbound messages always send from mail you control (Gmail, Outlook, or your SMTP)—never from the contact directory.

• Business and professional addresses only—we block personal consumer domains (such as @gmail.com, @yahoo.com, @hotmail.com) from automated discovery.
• We reuse verified hiring contacts in our directory across the workspace to improve suggestions and reduce repeat lookups—not to build a sellable contact database.
• Optional third-party lookup services are user-configurable where supported. If configured, lookup requests are sent to that provider under its terms; Kyrolane does not resell lookup results.
• You are always responsible for reviewing a suggested contact before sending.

• We do not sell, rent, or trade your personal information, resume, application history, or private contact lists.
• We do not sell or license our user directory to recruiters, marketers, or data brokers.
• We do not read your personal inbox for unrelated purposes or use mailbox contents to serve ads.
• We do not train generalized AI models on the contents of your private email.
• We do not harvest LinkedIn connection graphs, private social profiles, or credentials from third-party accounts without your explicit authorization.
• We do not auto-send job applications or cold outreach without your review and explicit action.
• We do not store full payment card numbers—Stripe handles card data.
• We do not collect information from children under 16.

If you choose Connect Gmail or Connect Outlook, you authorize Kyrolane to send job applications and related messages from your mailbox only on your explicit instruction.

Kyrolane's use of information received from Google APIs and Microsoft Graph adheres to each provider's applicable policies, including Google's Limited Use requirements.

We do not use your mailbox data to serve advertisements, sell personal information, or train generalized AI models on the contents of your email.

• We request only the permissions needed to send email you approve.
• We do not read your inbox for unrelated purposes.
• You can disconnect your email account at any time in Settings.

• Provide and improve the Kyrolane workspace.
• Generate tailored application drafts based on your resume and job context.
• Send emails only when you review and trigger a send.
• Track application status, opens, and replies you choose to monitor.
• Authenticate your account and keep the service secure.
• Process subscriptions and send service-related notices.
• Maintain the shared job catalog and Kyrolane hiring-contact directory.
• Comply with law and prevent abuse.

We do not sell your personal information. We share data only in these limited cases:

• Service providers that help us run the product (hosting, database, storage, email delivery infrastructure, analytics if enabled, and payment processing)—bound by confidentiality and data-processing terms.
• AI providers when you generate content, limited to the prompt and context needed for that request.
• Optional third-party lookup or AI providers when you connect an API key or trigger a feature that uses a configured service—limited to the data needed for that request.
• Legal requirements when required by law, valid legal process, or to protect rights, safety, and security.

Kyrolane helps you find publicly available professional contact information and draft messages—but legal responsibility for how you use that information rests with you, not with Kyrolane.

Finding a publicly visible business email is different from having permission to send unsolicited messages. Anti-spam and privacy laws vary by region. You must comply with applicable law before contacting anyone.

• United States (CAN-SPAM): B2B cold email is generally permitted under an opt-out model if you include a clear unsubscribe mechanism and a valid physical address, and honor opt-outs promptly.
• European Union (GDPR): Cold email to individuals in the EU is highly restricted. Prior consent or a narrowly scoped legitimate business interest is typically required. When in doubt, seek legal advice before contacting EU recipients.
• Canada (CASL / PIPEDA): Sending is permitted only with express consent, or implied consent where the recipient conspicuously published their business email for commercial contact without stating they do not want unsolicited messages.
• Always include accurate sender identification, a truthful subject line, and an easy opt-out when required.
• Do not use Kyrolane to send deceptive, harassing, or high-volume unsolicited mail.

Our Kyrolane hiring-contact directory stores verified professional hiring contacts discovered through public job postings, careers pages, and our email-intelligence pipeline—not private consumer inboxes.

If you are a professional whose business email appears in Kyrolane’s directory and you want it removed, submit a request at kyrolane.com/privacy-request (select “Remove my business email from the contact directory”) or at kyrolane.com/opt-out. We will process verified opt-out requests promptly and stop surfacing that address in our directory.

We keep your account data while your account is active. You may delete your account in Settings or submit a deletion request at kyrolane.com/privacy-request.

OAuth tokens and SMTP credentials are removed when you disconnect email or delete your account. Shared job catalog and directory entries that are not tied to your personal account may persist where they represent public professional contact information.

Backup retention may apply for a limited period where required for security, disaster recovery, or legal compliance.

We use industry-standard measures including encrypted connections (HTTPS), hashed passwords, and encrypted storage for sensitive credentials such as API keys, SMTP passwords, and email OAuth tokens.

No method of transmission or storage is 100% secure. You are responsible for keeping your login credentials safe.

We use essential cookies for authentication and session management. With your consent, we may use analytics cookies to understand product usage.

You can accept or reject non-essential cookies in the banner shown on first visit.

Depending on where you live, you may have additional rights under laws such as the GDPR (EU/EEA/UK), CCPA/CPRA (California), and similar regulations.

Submit access, export, correction, deletion, or concern requests at kyrolane.com/privacy-request. We aim to respond within 30 days (or the timeframe required by applicable law). We may need to verify your identity before fulfilling a request.

• Access and update profile information in your account settings.
• Delete your account permanently in Settings — we remove your profile, resume, applications, and workspace data.
• Disconnect Gmail, Outlook, or SMTP at any time.
• Submit a privacy request at kyrolane.com/privacy-request for export, correction, deletion help, or to report a concern.
• Withdraw analytics consent via browser storage or by clearing site data.
• Object to or restrict certain processing where applicable law provides that right.
• Lodge a complaint with your local data protection authority if you believe we have handled your data unlawfully.

Kyrolane may process data in the United States and other countries where our service providers operate. When we transfer personal data internationally, we use appropriate safeguards such as standard contractual clauses where required by law.

Kyrolane is not directed to children under 16, and we do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the effective date above. Material changes may also be communicated by email or in-product notice where appropriate.

Questions about this policy or your data? Email info@kyrolane.com or use our privacy request form at kyrolane.com/privacy-request.