Privacy Policy
Effective date: 1 February 2026 · Last updated: 8 February 2026
Jobfu (“we”, “us”, or “our”) operates the Jobfu platform at jobfu.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller
Jobfu is the data controller responsible for your personal data. If you have questions about this policy or your data, contact us at support@jobfu.app.
2. Data We Collect
2.1 Account Information
When you create an account, we collect your email address, name, and authentication credentials. If you sign up via a third-party provider (e.g. Google), we receive the profile information you authorize.
2.2 Job Search Data
Information you provide while using the Service, including job applications, company notes, pipeline stages, tasks, and campaign details. This data is stored within your workspace and scoped to your account.
2.3 Documents
Resumes, cover letters, notes, and other documents you upload or generate through the Service. These are stored in your Vault and may be processed by our AI to provide tailored suggestions.
2.4 Usage Data
We automatically collect technical data such as IP address, browser type, device information, pages visited, and interaction patterns. This data helps us improve the Service and diagnose issues.
2.5 AI Interaction Data
Messages you send to the AI assistant and the responses generated. These are stored as part of your chat history and used solely to provide the Service.
3. How We Use Your Data
We process your personal data for the following purposes:
- Providing the Service — managing your account, displaying your job pipeline, generating documents, and powering the AI assistant.
- Improving the Service — analysing usage patterns to enhance features and fix bugs.
- Communication — sending transactional emails (e.g. password resets, billing receipts) and, with your consent, product updates.
- Security — detecting and preventing fraud, abuse, and unauthorized access.
- Legal compliance — fulfilling legal obligations and responding to lawful requests.
4. Legal Bases for Processing (GDPR)
We rely on the following legal bases under Article 6 of the GDPR:
- Contract (Art. 6(1)(b)) — processing necessary to provide the Service you signed up for.
- Consent (Art. 6(1)(a)) — for optional communications and analytics cookies. You may withdraw consent at any time.
- Legitimate interest (Art. 6(1)(f)) — for security, fraud prevention, and Service improvement, balanced against your rights.
- Legal obligation (Art. 6(1)(c)) — where required by law (e.g. tax records for payments).
5. Third-Party Processors
We share your data with the following third-party processors, each bound by data processing agreements:
| Processor | Purpose | Data Location |
|---|---|---|
| Supabase | Database, authentication, and file storage | EU (Frankfurt, eu-central-1) |
| Anthropic (Claude AI) | AI assistant, document generation, and semantic search | United States |
| Resend | Transactional email delivery | United States |
| Lemon Squeezy | Payment processing and subscription management | United States |
| Vercel | Application hosting and edge network | Global (nearest edge) |
| Third-party job APIs | Job listing aggregation and discovery | Various |
For transfers to processors outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) or the processor's participation in recognized data transfer mechanisms.
6. Data Retention
- Account data — retained while your account is active, then deleted within 30 days of account deletion.
- Job search and application data — retained while your account is active.
- Documents — retained until you delete them or close your account.
- Usage/analytics data — retained for up to 24 months, then anonymized or deleted.
- Payment records — retained for 7 years as required by tax law.
7. Your Rights Under GDPR
As a data subject, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure (“Right to be Forgotten”) — request deletion of your personal data.
- Restriction — request that we limit processing of your data in certain circumstances.
- Data portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — withdraw consent for processing at any time, without affecting prior processing.
To exercise any of these rights, email us at support@jobfu.app. We will respond within 30 days.
8. Cookies
We use the following types of cookies:
- Essential cookies — required for authentication and core functionality. These cannot be disabled.
- Analytics cookies — help us understand how you use the Service. You can opt out via your browser settings or our cookie banner.
We do not use advertising or tracking cookies.
9. Security
We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, Row-Level Security (RLS) policies in our database, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
10. Children's Privacy
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through an in-app notice. The “Last updated” date at the top reflects the most recent revision.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: support@jobfu.app
You also have the right to lodge a complaint with your local data protection supervisory authority.