Privacy & Security
High-trust job search workflows need explicit access boundaries.
Email, LinkedIn context, applications, AI processing, WhatsApp, and candidate identity data require careful disclosure, logging, approval, and offboarding.
Email access
We strongly recommend that customers create a dedicated job-search email address before onboarding. This allows Orkestr Career Desk to operate without requiring access to the customer’s main personal inbox.
It limits unnecessary exposure, keeps recruiter and alert traffic separate, and makes account access easier to audit.
If Gmail or Google APIs are used, access must be limited to the scopes needed for the service. Restricted Gmail scopes can require OAuth verification and security assessment when restricted data is stored or transmitted.
For early pilots, we prefer dedicated Gmail accounts, user-controlled login, forwarded job alerts, and browser-based workflows over broad restricted Gmail API access.
LinkedIn workspace support
We may help organize LinkedIn-related job-search workflows in a user-controlled browser environment. Important LinkedIn actions should remain reviewed and approved by you.
LinkedIn states that third-party software that scrapes or automates activity on LinkedIn's website is not permitted. Orkestr Career Desk should not be used for uncontrolled scraping, spam, or platform-violating behavior.
OpenAI usage
For AI processing, Orkestr Career Desk uses OpenAI. We do not use customer data to train our own models. OpenAI states that business data is not used to train models by default, unless the customer explicitly opts in. OpenAI also states that API abuse-monitoring logs may be retained for up to 30 days by default, unless different retention terms apply.
AI output may be incomplete, inaccurate, outdated, biased, unsuitable, or misleading. Human review remains required for important decisions.
Password and access handling
Customers should not send passwords through WhatsApp, email, or chat. Where possible, access should be granted through OAuth, screen-share login, dedicated accounts, or user-controlled browser sessions.
Access logs
Every sensitive action should create an operational record.
Offboarding and deletion
If a trial does not continue or a paid service ends, active access is removed where technically possible. Users receive instructions to revoke remaining sessions, OAuth grants, shared credentials, and browser sessions.
Data is deleted or returned according to the Privacy Policy and legal retention requirements. Operational logs may be retained for security, troubleshooting, legal, or dispute reasons.