NextOrbit logo
Data Protection

Privacy Policy

Last Updated: June 24, 2026 - Version 1.0.0

1. Foundation and Global Compliance

KinetosLabs NextOrbit ("we", "us", or "our") operates a recruiting and job application tracking platform. We prioritize data isolation, security, and transparency. We comply with applicable privacy obligations, including the Australian Privacy Act 1988 (Cth), the California Consumer Privacy Act/CPRA and other applicable US state privacy laws, and other data protection laws where they apply.

2. The Data We Process

  • Authentication context: Identity tokens, encrypted passwords, name, and email used to secure your account.
  • Application workflow data: Resumes, cover letters, job records, uploaded PDFs, notes, and tracking metadata created or saved by you.
  • AI output processing: Data sent to and returned from approved AI subprocessors when you use AI-powered features.
  • Diagnostic telemetry: Analytics, crash information, and interaction metadata used to improve reliability and product quality.

2A. Browser Extension Job Capture

If you use the NextOrbit Job Capture browser extension, capture is user-initiated. The extension only reads job listing details from supported pages after you choose to capture a job, and it presents the captured details for review before saving.

Captured job data may include job title, company, location, salary information if visible, workplace type, employment type, job description, and the original listing URL. This data is used to create or update job records in your own NextOrbit account.

The extension does not bypass authentication walls, paywalls, CAPTCHAs, bot protections, or private content. It does not perform hidden bulk capture. Extension permissions are used to display the side panel, identify supported job tabs, sync your NextOrbit sign-in state, and save reviewed job information to your account.

Data read by the extension — the content of the job listing you choose to capture and the URL of the supported job tab it captures from — is transmitted solely to NextOrbit servers to populate your own job tracker. It is not sold, and is not shared or used for advertising. It is disclosed only to the service providers (such as our hosting and database providers) necessary to operate the capture feature, and is not used for any purpose unrelated to capturing the job into your account. The extension's data handling complies with the Chrome Web Store Limited Use policy.

The extension does not access your browser history database or continuously monitor your browsing. A packaged content script may load on the supported job sites (LinkedIn, Seek, and Indeed), but it does not extract or transmit any page content unless you initiate a capture. To capture, the extension identifies a supported job tab — it uses your active tab when that is a supported job page, and otherwise selects from your open supported job-site tabs. It does not read or transmit pages other than the supported job sites.

Captured job data is stored only in your own NextOrbit account, alongside jobs you add manually. You can review, edit, or delete it in the app at any time. See Section 5A for how to make a privacy request.

3. Generative AI Subprocessors

We do not train our own foundation models. When you use AI features, we may pass the required inputs through approved large language model providers such as Google Cloud, OpenAI, or similar providers.

Your private resumes, job records, and application materials are not used by us to train public foundation models. Provider handling is governed by the relevant API, enterprise, privacy, and retention terms available to us.

4. Persistent Data Residency and Security

Our primary application database is hosted through Supabase in the AWS ap-southeast-2 region in Sydney, Australia. Data is encrypted in transit using TLS and protected at rest by the infrastructure controls provided by our hosting and database providers. We use PostgreSQL Row Level Security (RLS) and user-scoped access controls to help prevent one user's records from being accessed by another user.

5. User Agency and Rights

Subject to applicable law, you may have the right to:

  • Access: Request access to personal data associated with your account.
  • Correction: Correct inaccurate profile, job, resume, or account information.
  • Deletion: Request closure or deletion of your account and associated records by contacting us.

5A. Privacy Requests & Data Retention

You may request access to, correction of, or deletion of your personal information by contacting us at support@kinetoslabs.com. We verify and action requests as required by applicable law.

We retain personal information for as long as your account is active or as needed to provide the service, and we may retain limited records where required by law or reasonably necessary for accounting, security, fraud-prevention, or dispute-resolution purposes — for example, financial and invoice records for tax and accounting. Retained records are restricted to those purposes and are not used for marketing.

6. Payments

Payment and subscription processing is handled by Stripe. We do not store complete payment card numbers on our own systems.

7. Bot Protection

We use Cloudflare Turnstile to protect our website from spam and abuse. The Turnstile widget may run invisibly to check whether you are a human or a bot. Your use of this site is subject to the Cloudflare Turnstile Privacy Addendum.

8. Contact

For privacy, compliance, or data protection questions, contact us at support@kinetoslabs.com.

Back
Terms of Service