Privacy & security model
FOX3 is local-first. This page lists exactly what stays on your machine and every place data goes when it leaves — so you can verify the claims rather than trust them.
What stays on your device
All of your data lives in a single folder on your computer (Windows:
%LOCALAPPDATA%\JobScout, or a location you choose during setup):
- Your interviewed profile (
profile.json) - The scored-listings database and run history (
jobs.db) - Generated digest reports (HTML)
- Your settings and preference history
Your API key is stored in the operating system's secure credential store (Windows Credential Manager / macOS Keychain) — not in a plain file, and never in our code, logs, or anything that leaves your machine.
Everywhere data leaves the device — the complete list
FOX3 makes outbound network connections to exactly these destinations, and nowhere else:
| Destination | What is sent | When |
|---|---|---|
| Austrian job boards default AMS, StepStone.at, willhaben, karriere.at |
Your search keywords and region (as URL queries). Not your profile. | Each scheduled run, to fetch listings. |
Anthropic API (api.anthropic.com) |
Your profile + the job listings, to interview you and score/research roles. | During the interview and each run. |
| Discord webhook optional | Your digest, only if you configured Discord delivery. | After a run, if enabled. |
| Your email provider (SMTP) optional | Your digest, only if you configured email delivery. | After a run, if enabled. |
| FOX3 version manifest (this site) | Nothing about you. A plain unauthenticated GET to check for updates — no identifier, no version-in-URL. | On start and before each run. |
That's the whole list for the default configuration. There is no FOX3 server, no analytics, no account, and nothing is collected about you anywhere on our side.
Optional sources you can turn on (off by default)
FOX3 ships with three additional sources disabled. If you enable one, it adds that destination to the list above — your choice, your control:
- Indeed (at.indeed.com) — an extra job board, off by default.
- LinkedIn — experimental, requires an explicit double confirmation (see below).
- Company career pages — only the specific employer pages you add yourself.
The local support bundle (fox3 diagnose) writes a scrubbed zip to your disk for
you to share if you ask for help — it is never uploaded automatically, and it strips secrets and
webhook URLs.
The AI key & your data with Anthropic
FOX3 talks to Claude (Anthropic's /v1/messages API, model Claude Sonnet 4.6)
using your own key (BYOK) or a sponsored key we issue to you.
Either way:
- No model memory. The API is stateless — the model retains nothing between calls. There is no cross-session or cross-user memory; nothing you send "sticks".
- Not used for training. Under Anthropic's commercial API terms, your inputs and outputs are not used to train models.
- Short retention. Anthropic auto-deletes API inputs/outputs within ~30 days (for trust & safety only). Your data transits Anthropic only to produce each response.
- Sponsored keys are isolated per tester — each lives in its own Anthropic workspace with its own spend cap; keys (and Anthropic's prompt cache) do not cross between testers.
With a sponsored key, FOX3's operator funds and administers the key but never sees your profile or listings — those go directly from your machine to Anthropic. With your own BYOK key, your account's data-handling settings are entirely yours.
The LinkedIn adapter experimental, off by default
An optional LinkedIn source exists but is disabled unless you explicitly turn it on with a double confirmation. Scraping LinkedIn may violate its terms; enabling it is your choice and your risk. Leave it off and FOX3 uses only the public Austrian boards above.
Updates are signed
FOX3 checks for updates by fetching a small signed file from this site. The file is cryptographically signed (Ed25519) and your app verifies the signature against a key built into it — so a tampered or forged "update" is rejected. FOX3 never auto-installs; it only tells you an update exists and you re-run the installer yourself. Your data survives every update.
Draft for the closed beta. A formal Terms of Service and Privacy Policy accompany the public release; this page is the plain-language version of the same commitments. Privacy questions: [email protected].