EFFECTIVE JULY 10, 2026
Overview
Controllables is a private career platform built for one purpose: to help you, the job seeker, run your own search. It is not a tool for employers or recruiters, and it never advertises you or broadcasts that you are looking. This policy explains what data the app holds, how it is used, and the controls you have. Plain terms, no surprises.
Data you provide
When you use Controllables you build a profile: your experience, goals, the roles and companies you are tracking, and notes you choose to add. You may also submit your email to the waitlist before an account exists. This information is yours. It is stored against your account and is never sold, rented, or shared with employers.
Google account data
Connecting your Google account is optional, and you can disconnect it at any time. When you connect it, Controllables requests the narrowest access that makes each feature work, and only ever reads, never sends, modifies, or deletes:
(gmail.readonly)(calendar.readonly)(drive.file)Suggestions built from this data are always presented to you for review. The app proposes; you decide. Nothing is acted on automatically.
Google Limited Use disclosure
How your data is used
Your data is used to operate the features you see: matching roles, explaining the reasoning, preparing you for conversations, and keeping your pipeline current. To do this the app uses artificial intelligence to reason over your information on your behalf. Your data, including any Google account data, is never used to train third-party AI models, never used for advertising, and never shared with employers or recruiters.
Who processes your data
Controllables relies on a small set of infrastructure providers who process data only to run the service, under their own security and confidentiality terms:
Each account’s data is isolated from every other account. One user can never see another user’s data.
Security
Data is encrypted in transit with TLS and encrypted at rest by our hosting providers. Access credentials for connected accounts, including Google OAuth tokens, are additionally encrypted by the application with AES-256-GCM before they are stored, and decrypted only in memory at the moment they are used. They are held only to operate the connection and are removed when you disconnect. Access to production systems is restricted.
Retention and deletion
You stay in control of your data:
Your controls
You can review and edit your profile at any time, connect or disconnect Google whenever you like, and manage the Google permissions you have granted from your Google Account permissions page.
Contact
Questions about this policy, or requests to access or delete your data, can be sent to privacy@controllables.ai.
Changes
If this policy changes in a meaningful way, the effective date above will be updated. Continued use of the app after a change means you accept the revised policy.