Privacy Policy

When you register, we collect your name, email address, and a hashed password. If you sign up via Google or LinkedIn OAuth, we receive your name and email from those providers.

You may upload CV documents (DOCX format) to the platform. These files are processed by our AI systems to extract skills, experience, and other professional data. Your original and optimised CV versions are stored securely in AWS S3.

We collect job search parameters you configure, including job titles, locations, experience levels, and scheduling preferences. This data is used to run automated searches on your behalf.

When you track job applications, we store information about the roles, companies, application status, and any notes you add.

We collect standard server logs including IP address, browser type, pages visited, and timestamps. This data helps us diagnose issues and improve the platform.

Payment processing is handled entirely by Stripe. We do not store your credit card details. We receive limited billing metadata (subscription tier, payment status) from Stripe.

Your CV and job search preferences are used to run job discovery searches, generate ATS-optimised CV versions, and power the application tracking dashboard.

CV content and job descriptions are sent to OpenAI's API (GPT-4) for analysis, keyword extraction, and content generation. This processing is governed by OpenAI's data processing agreements. We do not use your data to train third-party AI models.

To surface relevant job listings, we use an automated job data service that retrieves publicly available job postings from LinkedIn based on your configured search parameters. This process runs on our behalf using the Apify platform, which scrapes publicly visible LinkedIn job listings. We do not access your personal LinkedIn account.

We use your email for authentication, password resets, and service-critical notifications. We do not send marketing emails without your explicit consent.

Aggregated, anonymised usage data helps us understand how the product is used and where we can improve it.

We never sell, rent, or trade your personal information to third parties for their marketing purposes.

We share data with trusted third-party service providers strictly to operate the platform:

CV content and job descriptions are sent to OpenAI's API for AI-powered optimisation. Data is processed per OpenAI's API data usage policies.

CV files are stored in AWS S3 buckets with encrypted access URLs. AWS processes data per their SOC 2 and ISO 27001 certifications.

All billing and payment processing is handled by Stripe. We share only what Stripe requires to manage your subscription.

We use the Apify platform to run automated job discovery tasks that retrieve publicly available job listings from LinkedIn. Your personal login credentials are never shared with Apify.

Background job queues are managed using Redis (via Upstash). Temporary job task data may pass through these systems.

We may disclose your information if required by law, court order, or to protect the rights and safety of our users or the public.

We retain your account data for as long as your account remains active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or billing purposes.

Original and optimised CV files are retained in AWS S3 for the duration of your account. You may delete individual files from your dashboard at any time.

Transaction records may be retained for up to 7 years to comply with financial regulations.

You may request a copy of your personal data at any time by contacting us at privacy@jobvian.com.

You can update your account information directly from your dashboard settings.

You may request deletion of your account and associated personal data by contacting privacy@jobvian.com. We will process deletion requests within 30 days.

If you believe we are processing your data unlawfully or wish to restrict processing for legitimate reasons, please contact us.

If you are located in the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including the right to lodge a complaint with your local supervisory authority.

All data in transit is encrypted via HTTPS/TLS. CV files in AWS S3 use server-side encryption. Authentication tokens are signed using industry-standard JWT with RS256.

Access to production systems is restricted to authorised personnel. Passwords are stored as bcrypt hashes and are never stored in plaintext.

While we implement industry-standard security practices, no system is 100% secure. In the event of a data breach affecting your information, we will notify you as required by applicable law.

We use a single HTTP-only cookie to maintain your authenticated session (JWT token). This is strictly necessary for the service to function.

We do not use third-party tracking cookies, advertising pixels, or analytics cookies such as Google Analytics.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page and, for material changes, notify you by email. Your continued use of JOBVIAN after changes are posted constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

privacy@jobvian.com

hello@jobvian.com