Tosona

Privacy Policy

Last updated: April 2026

Overview

Tosona is a job-application workflow product. This Privacy Policy describes what information we collect when you use Tosona, how we use it, and who we share it with.

By using Tosona you agree to the practices described in this policy. If you have questions, email us at support@tosona.ai.

Information we collect

We collect the following categories of information:

• Account information — profile information provided to us by your sign-in provider (which may include your name, email address, and other profile details).
• Resume content — the text of any resume you upload or save to your account.
• Job context — job descriptions, target role information, and notes you enter when using application workflows.
• Generated outputs — resume drafts, cover letters, outreach emails, and mock-interview sessions created for your account.
• Usage data — information about how you interact with the service, such as pages visited and features used.
• Billing information — subscription and transaction status information provided by our payment processor.

How we use your information

We use the information above to:

• Authenticate you and maintain your account.
• Generate tailored resume drafts, cover letters, outreach emails, and interview practice sessions using your resume and target role context.
• Deliver and improve the Tosona product workflows.
• Process subscription payments and manage your plan.
• Respond to support requests.
• Measure product usage in aggregate to understand which features are working.

Google user data

Tosona uses Google OAuth solely to authenticate users. When you sign in with Google, we receive your name and email address from Google. We do not access any other Google account data — including Gmail, Google Drive, Google Contacts, Google Calendar, or any other Google service.

Your Google account data is used only to create and maintain your Tosona account and to identify you when you sign in. It is not used for advertising, profiling, or any purpose unrelated to operating your account.

We do not sell, rent, or share your Google account data with third parties except as necessary to operate the service (for example, storing your account information in our cloud infrastructure). Your Google data is never used to train AI models.

To request deletion of your Google-derived account data, email support@tosona.ai with the subject line "Delete my account". We will remove your data within 30 days.

AI processing

Tosona uses third-party AI service providers to generate application materials and run mock interviews. When you trigger a generation workflow, the relevant resume text and job context are sent to our AI providers for processing.

Our AI providers' data handling is governed by their own privacy policies and data usage terms. We do not use your resume or job data to train our own models, and we contract with AI providers whose terms prohibit using your inputs to train theirs.

Data sharing

We do not sell your personal data. We share data only as necessary to operate the service, as described below:

• Cloud infrastructure providers — store your account data, resumes, and generated outputs on our behalf, under confidentiality obligations.
• AI service providers — receive resume and job context you submit in order to generate outputs. They are prohibited from using this data to train models.
• Payment processors — handle subscription and transaction data. We do not share personal data with payment processors beyond what is required to process your payment.
• Sign-in providers (Google / Apple) — provide your name and email when you authenticate. No personal data is sent back to them by Tosona.
• Legal or safety requirements — we may disclose data if required by law or to protect the rights, property, or safety of Tosona, our users, or the public.

Data security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include storing data on access-controlled cloud infrastructure, using encrypted connections (HTTPS/TLS) for data in transit, and limiting access to personal data to personnel and systems that require it to operate the service.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at support@tosona.ai.

Data retention and deletion

We retain your account data, resumes, and generated outputs for as long as your account is active and as reasonably necessary to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements.

To request deletion of your data, email support@tosona.ai with the subject line "Delete my account". We will take commercially reasonable steps to delete or de-identify your information within 30 days of a verified request, subject to legal, security, fraud-prevention, and recordkeeping requirements.

Your rights

You can request access to, correction of, or deletion of your personal data at any time by emailing support@tosona.ai.

Depending on where you live, you may have additional privacy rights under applicable law. Contact us to exercise them.

Cookies and tracking

Tosona may use cookies or similar technologies to keep you signed in, operate the service, and understand usage. We do not use the service to serve third-party advertising.

Changes to this policy

We may update this policy from time to time. If we make material changes we will update the date at the top of this page. Continued use of Tosona after a change constitutes acceptance of the updated policy.

Contact

For privacy questions or data requests, email support@tosona.ai.