TL;DR: WorkKept is read-only. We never store your files or emails. Everything stays in your browser session and is deleted when you close it. We don't sell, share, or train AI on your data.
Information We Access
When you sign in with Google or Microsoft, we request read-only access to:
- Google Drive — files you created or have access to
- Gmail — emails in your inbox
- OneDrive — files and documents
- Outlook Mail — emails and attachments
- Basic profile — your name and email address
How We Use This Access
The sole purpose is to analyze your files and emails during an active session to reconstruct your career history. The analysis:
- Happens entirely in memory during your session
- Uses AI to identify projects, skills, achievements, and timelines
- Produces a downloadable portfolio and CV — which you control
What We Store
- Nothing. We do not store your files, emails, or the analysis output on our servers.
- Your session token (encrypted) is stored in a cookie. It contains only your email, name, and temporary OAuth tokens.
- OAuth refresh tokens may be retained temporarily to complete an export — they are deleted when the session ends.
AI Analysis
Career reconstruction is powered by AI via OpenRouter. During an active export session:
- File contents and email text are sent to the AI model for analysis
- We explicitly instruct providers not to train on your data
- No data is retained after analysis — it's used once and discarded
- You can cancel an export at any time; partial analysis is discarded
Data Retention
Session cookies expire after 24 hours of inactivity (or sooner if you sign out). Export analysis is discarded immediately after your session ends or the export completes. We do not maintain backups, caches, or archives of your career data.
Third Parties
We use the following third-party services — none of them receive your career data:
- PayPal — payment processing (no file/email data shared)
- OpenRouter — AI model API (used only during active export, no data retained)
- Google & Microsoft — OAuth providers (we only receive what you authorize)
- Hetzner — server hosting (EU-based)
Your Rights (GDPR)
As an EU-based service, we comply with the General Data Protection Regulation. You have the right to:
- Access — What data do we hold? (Answer: almost none beyond your email in a session cookie)
- Delete — Sign out to clear your session. For any residual data, contact us.
- Object — You can stop using the service at any time. No data is retained.
Contact
Questions about this policy? Get in touch.