Last Updated: 25-06-25
1. Data We Collect
From Job Seekers:
- Required: Name, email, phone, resume, work history.
- Optional: LinkedIn profile, salary expectations.
From Employers:
- Company name, tax ID (for invoicing), job descriptions.
Automatically:
- IP address, device type, cookies (see Section 4).
2. How We Use Data
| Purpose | Examples | Legal Basis |
| Service Delivery | Matching candidates to jobs | Contractual |
| Fraud Prevention | Detecting fake job posts | Legitimate Interest |
| Marketing | “Top Jobs” emails (opt-out anytime) | Consent |
3. Data Sharing
- Employers: Your profile/resume only when you apply.
- Vendors: Stripe (payments), Google Cloud (hosting), analytics tools.
- Legal Compliance: If required by law (e.g., subpoenas).
4. Cookies & Tracking
- Necessary: Login sessions, payment processing.
- Analytical: Google Analytics (anonymized IPs).
- Opt-Out: Browser settings or GDPR banner.
5. Your Rights
- Access/Delete: Request via support@jobflow24.com.
- Correction: Edit profile anytime in account settings.
- Portability: Export your data as JSON/PDF.
6. Security Measures
- Encryption (SSL/TLS) for all data transfers.
- Regular audits for vulnerabilities.
- Employee training on GDPR/CCPA.
Data Protection Officer: support@jobflow24.com
Data Collection
- Provided by You:
| Data Type | Examples | Retention Period |
| Account Profile | Name, email, phone, resume | Until account deletion + 30 days (backup) |
| Job Applications | Cover letters, responses to employers | 3 years (or per employer’s request) |
| Payment Data | Stripe transaction records | 7 years (tax compliance) |
- Collected Automatically:
| Data Type | Purpose | Retention |
| IP/Device Info | Fraud prevention | 12 months |
| Cookies | Session management | 6 months (opt-out anytime) |
| Analytics (Google) | Traffic trends | 26 months (anonymized) |
2. Data Use & Legal Bases
| Purpose | Legal Basis | Example |
| Match candidates/jobs | Contractual | Sharing resume with employers you apply to |
| Send marketing emails | Consent | “Top Jobs” newsletters (opt-out link in every email) |
| Improve algorithms | Legitimate Interest | Analyzing application rates to refine AI suggestions |
3. Data Sharing
- With Employers:
- Only when you apply—employers see your full profile, resume, and responses.
- Employers may retain your data per their policies (we require compliance with GDPR/CCPA).
- With Service Providers:
| Vendor | Purpose | Data Shared |
| Stripe | Payments | Billing address, last 4 digits of card |
| AWS (Hosting) | Data storage | Encrypted user profiles |
| Zendesk | Support tickets | Email + issue description |
- Legal Disclosures:
- We’ll notify users before sharing data for legal requests (unless prohibited by law).
4. Data Retention & Deletion
- Active Accounts: Data retained until deletion request.
- Inactive Accounts: Deleted after 24 months of inactivity (emails will warn you first).
- Backups: Encrypted and purged every 30 days.
How to Request Deletion:
- Email privacy@jobflow24.com with subject “Data Deletion Request.”
- We’ll verify your identity (e.g., confirm via account email).
- Process within 30 days (excluding legal retention requirements).
5. Security & Compliance
- Encryption: TLS 1.2+ for all data transfers; AES-256 for storage.
- Audits: Annual penetration testing + SOC 2 compliance roadmap.
- Employee Access: Strict role-based permissions; training every 6 months.
6. Your Rights
| Right | How to Exercise | Timeline |
| Access | Download data in Settings > Privacy | Instant (CSV/PDF) |
| Correction | Edit profile anytime | Instant |
| Portability | Email request to privacy@jobflow24.com | 30 days |
| Opt-Out of Marketing | Unsubscribe link or Settings > Preferences | 48 hours |
CCPA/GDPR Requests:
- California/EU users may designate an authorized agent (submit via privacy@jobflow24.com).
7. Policy Updates
- Material changes require 30 days’ notice (email + banner on site).
- Archive of past versions available [here].
Contact:
- DPO: dpo@jobflow24.com
- EU Representative: [If applicable, name/address of GDPR rep]