Privacy Policy

• Account data: email address and password hash (Supabase Auth).
• Saved jobs: the listings you choose to track, their status, and any notes you add.
• Search history: keywords, locations, and filters you have used.
• Resume text: only if you paste a CV into the matcher and explicitly save it. CV records stored in our database are encrypted at rest with field-level Fernet encryption. A local copy may also be cached in your browser’s localStorage (key jobzyl_resume) so the in-browser keyword match can run offline.
• Search analytics: per-search metadata for admin troubleshooting (keywords, location, IP-masked source, referrer source, user agent). The IP address is truncated before storage so the lower octets are not retained.
• Usage analytics: with your consent, a privacy-respecting Plausible visit ping and PostHog product-behaviour events. Autocapture and session recording are disabled; PostHog person profiles are identified-only. No third-party advertising trackers.
• Performance + error telemetry: Sentry captures backend exceptions (with PII suppression). Vercel Analytics and Speed Insights are loaded with your consent and capture aggregated page-view and Web Vitals data without setting cookies.

We use this data only to operate Jobzyl: showing you relevant jobs, syncing across your devices, scoring CV-to-JD matches, generating tailored cover letters and interview prep, and improving the service. We do not sell or share personal data with advertisers.

We rely on the following lawful bases under Art 6 GDPR:

• Contract performance (Art 6(1)(b)): account creation, authentication, syncing tracked jobs, search, AI-powered CV scoring and cover-letter generation, email verification, OTP login.
• Consent (Art 6(1)(a)): Plausible analytics, PostHog product analytics, Vercel Analytics, Vercel Speed Insights. All analytics are loaded only after you click “Accept all” on the cookie banner. You can withdraw consent at any time from the Cookies Policy.
• Legitimate interest (Art 6(1)(f)): Sentry error tracking (security and reliability), and admin audit logging. Balancing tests are documented in our internal Records of Processing register, available on request.
• Legal obligation (Art 6(1)(c)): retention of admin audit log entries to demonstrate accountability under Art 32.

Account data, tracked jobs, search history, encrypted CV records, OTP codes, and email-verification tokens live in our Supabase (PostgreSQL) project, hosted in the EU. The backend application is served from AWS App Runner (Frankfurt, eu-central-1). The static frontend is served from AWS S3 with CloudFront (origin in eu-central-1; the CloudFront edge that delivers the page may be anywhere in the world).

Some processing happens outside the EU. AI features (cover letters, CV scoring, interview prep, CV tips) send your job-description text and the relevant section of your CV to Anthropic in the United States; the data is processed transiently and not used to train models, per the Anthropic API terms. Backend exceptions and performance traces are sent to Sentry in the United States with PII suppression enabled. With your consent, Vercel Analytics and Vercel Speed Insightscapture aggregated page-view and Web Vitals telemetry from US edges. All US transfers rely on the European Commission’s Standard Contractual Clauses and, for UK data, the UK International Data Transfer Addendum (IDTA). See “International transfers” below.

• Supabase (EU): Primary database (PostgreSQL) and authentication.
• AWS App Runner (EU, eu-central-1): Backend application hosting (Frankfurt, eu-central-1).
• AWS S3 + CloudFront (EU, S3 origin EU, edges global): Static frontend hosting (origin in eu-central-1; CloudFront edges global).
• Resend (EU): Transactional email (account verification, OTP, password reset, support replies).
• Plausible (EU, plausible.io, consent-gated): Anonymous, aggregated traffic analytics. No cookies.
• PostHog (EU, eu.i.posthog.com, consent-gated): Product behaviour analytics (feature usage, funnels). Autocapture and session recording disabled; identified-only profiles.
• Anthropic (US; EU SCCs Module 2 + UK IDTA addendum): AI-powered CV scoring, cover-letter generation, interview prep, and CV-tailoring tips. Data is processed transiently; per Anthropic API terms, content is not used to train models.
• Sentry (US; EU SCCs Module 2 (verify EU-US DPF certification at sub-processor renewal)): Backend error tracking and performance monitoring. send_default_pii is disabled; URL paths and exception traces are captured.
• Vercel Analytics (US, va.vercel-scripts.com, consent-gated; EU SCCs (verify EU-US DPF certification at sub-processor renewal)): Aggregated page-view counts. No cookies set.
• Vercel Speed Insights (US, vitals.vercel-insights.com, consent-gated; EU SCCs (verify EU-US DPF certification at sub-processor renewal)): Web Vitals (LCP, INP, CLS) for performance monitoring. No cookies set.

Job listings are aggregated from public job-board APIs and feeds; those upstream providers receive only the search keywords and location you choose, never personal data. The full list of upstream sources is on the Help page.

We rely on the following safeguards for personal data transferred outside the EU/UK:

• Anthropic — United States. EU SCCs Module 2 + UK IDTA addendum
• Sentry — United States. EU SCCs Module 2 (verify EU-US DPF certification at sub-processor renewal)
• Vercel Analytics — United States. EU SCCs (verify EU-US DPF certification at sub-processor renewal)
• Vercel Speed Insights — United States. EU SCCs (verify EU-US DPF certification at sub-processor renewal)

We do not transfer personal data to any country without an adequacy decision unless an SCC- or IDTA-equivalent safeguard is in place. A current copy of the relevant transfer agreement is available on request to privacy@jobzyl.com.

Some of our features use Anthropic Claude (Haiku) to produce automated outputs:

• CV-to-JD match scoring — the model receives the JD and the relevant section of your CV (truncated to 4000 characters) and returns a numeric match score with reasoning.
• Cover-letter generation, interview prep, CV-tailoring tips — the model receives the JD and your CV and returns drafted text.

These outputs are advisory. They do not gate your access to any feature, are not shared with third parties, and are not used to make legal or similarly significant decisions about you. If you disagree with a score or want a human to review one, email privacy@jobzyl.com and we will manually review within 30 days. You can also contest a score in the same email.

We use localStorage to remember your search preferences and tracked jobs offline. Supabase Auth uses a secure session token in localStorage. We do not set any third-party advertising cookies. The full list of keys (including the jobzyl_resume key, which may temporarily contain your CV text on your device for local match-scoring) is on the Cookies Policy page.

• Access & export: use the “Export my data” button on your account page to download everything we hold about you in JSON.
• Deletion (right to erasure): use the “Delete account” button on the same page. This wipes all your data immediately and irreversibly.
• Correction: edit your profile from the account page or contact us.
• Restriction & objection: contact us to restrict processing or object to a specific use of your data.
• Portability: the JSON export is machine-readable and can be imported elsewhere.
• Withdraw consent: change your cookie preference at any time from the Cookies Policy.
• Right to human review of automated outputs: see the “Automated decision-making” section above.
• Complaint: you may lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk), the European Data Protection Board (edpb.europa.eu), your EU member state’s data-protection authority, or any equivalent supervisory authority. See the dedicated GDPR & Data Requests page for response timelines and contact details.

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) grants you these rights, in addition to those above:

• Right to know: what personal information we collect, the sources, the purposes, and the categories shared.
• Right to delete: request deletion of personal information we hold about you (use the account page or email us).
• Right to correct: ask us to correct inaccurate personal information.
• Right to opt-out of sale or sharing: we do not sell or share your personal information for cross-context behavioural advertising. There is nothing to opt out of.
• Right to limit use of sensitive personal information: we collect no sensitive PI in the CCPA sense (no SSN, no payment info, no precise geolocation, no biometrics). CV text you upload is treated by us as confidential and is encrypted at rest, but it is not “sensitive personal information” under CCPA per se.
• Non-discrimination: we will not deny service, charge different prices, or provide a different level of service if you exercise these rights.

To exercise any of these rights, email privacy@jobzyl.com or use the self-serve actions on your account page. We respond within 45 days as required by California law.

Scraped public job listings are kept for up to 60 days then automatically deleted. Search analytics rows are kept for 90 days. Email open/click events are kept for 180 days. Admin audit-log entries are retained for 365 days for forensic accountability under Art 32 GDPR. Your account data is kept for as long as your account exists; deletion is immediate and irreversible from the account page.

For general privacy questions, email privacy@jobzyl.com. For data subject requests, see our GDPR & Data Requests page. For general support questions, use support@jobzyl.com. For enterprise DPA / SCC requests, use enterprise@jobzyl.com.