How Vector protects your data

Job searching is deeply personal. Vector is built around the principle that your career data should never leave your control unless you explicitly choose to share it.

Local-first architecture

Your data lives on your machine.Vector stores all user data — resumes, job listings, scores, memory entries, interview debriefs, offer details, and application history — in a local SQLite database on your device. There is no LoadstarLab server receiving, processing, or storing your information.

This is not a design shortcut. It is a deliberate architectural decision. If our servers were compromised, your data would not be affected — because it was never there.

What leaves your device

Only two categories of data leave your machine, both under your direct control:

• AI provider API calls.When Vector scores a job, tailors a resume, or generates interview prep, it sends a prompt to the AI provider you configured (Anthropic, Google, or OpenAI). These calls go directly from your machine to the provider — LoadstarLab does not proxy, log, or intercept them.
• OAuth handshakes.When you connect Gmail or Google Calendar, standard OAuth authentication flows communicate with Google’s servers. These are handled by Google’s SDKs and follow their published security practices.

Email integration boundaries

Scoped access, not full access.Vector only reads email threads linked to your tracked job applications — matched by company name, role title, and recruiter email address. It does not scan, index, or process unrelated mail. This boundary is enforced in application code, not just in policy.

No auto-send. Vector drafts messages for your review. Every outbound email requires your explicit approval before sending. There is no background sending, no scheduled sends, no automated replies.

Revocable at any time. Disconnecting email integration in Settings immediately stops all email access and deletes stored OAuth tokens locally.

Calendar integration

Read-only. Vector requests calendar.readonly access to detect scheduling conflicts and blocked periods. It never creates, modifies, or deletes calendar events. Calendar data is queried in real time and is not stored locally.

LinkedIn integration

Vector uses browser automation to search LinkedIn for job listings. It stores a session cookie locally to maintain your login. It does not store your LinkedIn password. Easy Apply submissions happen only when you explicitly approve them.

Local storage security

• All data is stored with standard operating system file permissions in the App’s data directory.
• OAuth tokens are stored locally alongside your application data.
• The database file can be inspected, exported, or deleted by you at any time.

No telemetry

Vector does not include analytics SDKs, tracking pixels, crash reporters, or telemetry of any kind. We do not know how many users we have, how often the app is opened, or which features are used. We chose this deliberately.

Reporting a vulnerability

If you discover a security issue in Vector, please email us at security@loadstarlab.com. We take every report seriously and will respond within 48 hours.