Privacy & Security

High-trust job search workflows need explicit access boundaries.

Email, LinkedIn context, applications, AI processing, WhatsApp, and candidate identity data require careful disclosure, logging, approval, and offboarding.

Email access

We strongly recommend that customers create a dedicated job-search email address before onboarding. This allows Orkestr Career Desk to operate without requiring access to the customer’s main personal inbox.

It limits unnecessary exposure, keeps recruiter and alert traffic separate, and makes account access easier to audit.

If Gmail or Google APIs are used, access must be limited to the scopes needed for the service. Restricted Gmail scopes can require OAuth verification and security assessment when restricted data is stored or transmitted.

For early pilots, we prefer dedicated Gmail accounts, user-controlled login, forwarded job alerts, and browser-based workflows over broad restricted Gmail API access.

LinkedIn workspace support

We may help organize LinkedIn-related job-search workflows in a user-controlled browser environment. Important LinkedIn actions should remain reviewed and approved by you.

LinkedIn states that third-party software that scrapes or automates activity on LinkedIn's website is not permitted. Orkestr Career Desk should not be used for uncontrolled scraping, spam, or platform-violating behavior.

OpenAI usage

For AI processing, Orkestr Career Desk uses OpenAI. We do not use customer data to train our own models. OpenAI states that business data is not used to train models by default, unless the customer explicitly opts in. OpenAI also states that API abuse-monitoring logs may be retained for up to 30 days by default, unless different retention terms apply.

AI output may be incomplete, inaccurate, outdated, biased, unsuitable, or misleading. Human review remains required for important decisions.

Password and access handling

Customers should not send passwords through WhatsApp, email, or chat. Where possible, access should be granted through OAuth, screen-share login, dedicated accounts, or user-controlled browser sessions.

Access logs

Every sensitive action should create an operational record.

user IDtimestampsource accesseddata categorypurposeactor type: human, automation, AIaction performedexternal action: yes/nouser approval required: yes/nouser approval received: yes/noerror statusnotes

Offboarding and deletion

If a trial does not continue or a paid service ends, active access is removed where technically possible. Users receive instructions to revoke remaining sessions, OAuth grants, shared credentials, and browser sessions.

Data is deleted or returned according to the Privacy Policy and legal retention requirements. Operational logs may be retained for security, troubleshooting, legal, or dispute reasons.