1. About This Policy
Sirra ("we", "us", or "our") is an AI-powered job application assistant designed for the Australian market. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application and website (collectively, the "Service").
We are committed to complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
2. Information We Collect
We collect the following categories of information:
- Account information — your name, email address, and profile photo, provided when you sign in with Google or Apple.
- Resume content — the text of any resumes you upload to the Service. This is used to power the tools you ask Sirra to run, such as tailored resumes, cover letters, resume review and editing, pitches, and interview preparation.
- Job listing data — URLs or text you paste for job listings you analyse. This may include publicly available job descriptions from third-party platforms (e.g. SEEK, LinkedIn, Indeed).
- Application tracking data — status, notes, and dates you record within the Job Tracker feature.
- Usage data — analytics events (e.g. features used, session frequency) collected via Firebase Analytics to help us improve the Service. These events use a device/browser identifier and approximate location derived from your IP address, but never include the content of your resumes, jobs, or generated documents. You can turn analytics off at any time in Settings → Data & Privacy.
- Device information — device type and push notification token (Android only), used to deliver job-ready notifications.
3. How We Use Your Information
We use your information to:
- Provide, operate, and improve the Service.
- Generate AI-tailored resumes, cover letters, and interview preparation materials.
- Send push notifications when your job analysis is complete.
- Process your credit purchases and payments (via Stripe).
- Respond to your support enquiries.
- Comply with legal obligations.
We do not sell your personal information to third parties. We do not use your resume content to train AI models beyond what is necessary to fulfil your request.
4. AI Processing
Sirra uses Google Gemini (via Google Cloud) to process your resume and job description content and generate AI outputs. Your data is sent to Google's servers for this purpose and is subject to Google's Privacy Policy. We use Google's API under terms that prohibit Google from using your data to train their models without your consent.
5. Data Storage & Security
Your core account and job data is stored in Google Firebase (Firestore) in the australia-southeast1 (Sydney) region. Some of the third-party services listed above (including authentication, file storage, AI processing, payments, job-listing retrieval, analytics, and error monitoring) may process or store data in other regions. We apply industry-standard security controls including:
- Authentication required to access all personal data.
- Firestore Security Rules restricting access to your own data only.
- All data in transit encrypted via HTTPS/TLS.
- Saved job records are scheduled for deletion 120 days after the job is created — the same period for every account. You can export your data at any time before then.
- When a job record is automatically deleted by our retention schedule, an operational recovery copy is kept in a restricted administrator-only recovery store. It is scheduled for permanent deletion 14 days after the job is deleted. If you delete your account or a specific job yourself, the deletion is immediate and no recovery copy is kept.
No security system is completely impenetrable. If you believe your account has been compromised, please contact us immediately at privacy@sirra.au.
6. Third-Party Services
We use the following third-party services that may process your data:
- Google Firebase — authentication, database, cloud functions, analytics, and push notifications.
- Google Gemini (AI) — AI outputs such as resume tailoring, cover letters, scoring, and interview preparation.
- Stripe — processes your credit purchases and payments. We do not store your payment card details; these are handled entirely by Stripe.
- ScraperAPI — retrieval of publicly available job listing content from URLs you provide.
- Sentry — error and performance monitoring. Collects diagnostic data when something goes wrong (error reports, stack traces, performance traces, and technical identifiers such as browser, device, and IP address) so we can detect and fix problems. It is not used for advertising.
7. Your Rights
Under the Australian Privacy Act, you have the right to access, correct, or request deletion of your personal information. You can:
- Delete your account — use the "Delete Account" option in Settings. This permanently removes your account and content from our active systems. We retain limited records for fraud and abuse prevention, security, audit, and legal compliance purposes. These may include: a deletion record containing your user ID, email address, and deletion timestamp; an anti-abuse record linked to your sign-in provider that records whether that provider has already claimed a welcome credit, along with associated account, device, and network identifiers (such as email address, device fingerprints, and IP addresses); payment and credit records we are required to keep for financial, tax, and dispute-resolution purposes (such as Stripe purchase and event references and credit purchase, reconciliation, and refund records, including amounts and session identifiers, but never your payment card details); and security and abuse-monitoring logs that may contain your user ID and IP address. We delete each of these when it is no longer needed for those purposes, and security logs automatically expire after a limited period.
- Export your data — contact us at privacy@sirra.au to request a copy of your data.
- Opt out of analytics — turn off usage analytics any time in Settings → Data & Privacy. If it is off before analytics starts, nothing is loaded; if you turn it off during a session, further collection on that device is disabled.
8. Children's Privacy
Sirra is not intended for use by persons under the age of 15. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us so we can delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, notify you via the app. Continued use of the Service after changes constitutes acceptance of the updated policy.