Skip to content
JobRemotely

Legal · Privacy

Privacy Policy

How we collect, use, and protect your personal data. Candidate-first, GDPR-compliant, and easy to read.

Last updated

1. Who we are

JobRemotely ("we", "our", "us") operates https://jobremotely.io (the "Service"), a remote job board that connects candidates with vetted hiring teams. We are the data controller responsible for personal data processed through the Service.

If you have questions about this policy or want to exercise your rights, contact us at privacy@jobboard.app.

2. What we collect

We collect the minimum data needed to run the Service and only the categories below:

  • Account data: name, email, password hash, optional avatar, OAuth identifier when you sign in with Google.
  • Profile data: CV/résumé file, work experience, skills, location, languages, and any optional self-reported demographics.
  • Application data: jobs you apply to, test answers and scores, interview status, communications with hiring teams.
  • Billing data: subscription tier, Stripe customer ID, invoice metadata. We never see or store full card numbers — Stripe handles this directly.
  • Usage data: device type, browser, IP address, pages viewed, referrer, and approximate location derived from your IP.
  • Cookies & similar tech: required cookies for sign-in and security; optional analytics cookies only with your consent.

3. How we use your data

We process your data on the following lawful bases under the GDPR:

  • Contract: to create your account, process applications, manage subscriptions, and deliver support.
  • Legitimate interests: to keep the Service secure, prevent fraud, debug issues, and improve quality.
  • Consent: for non-essential analytics, marketing emails, and optional AI features. You can withdraw consent at any time.
  • Legal obligation: to keep records required by tax, accounting, and compliance regulations.

4. Who we share data with

We do not sell personal data. We share specific data with the following processors strictly to deliver the Service:

  • Hiring teams — only the data you submit when you apply to one of their roles.
  • Stripe (payments) — billing information; processed in the EU/US under Stripe Data Processing Addendum.
  • Resend / Brevo (transactional email) — your email address to deliver account, application, and security messages.
  • Cloudflare R2 / MinIO (storage) — uploaded CVs, avatars, and cover images. Encrypted at rest.
  • PostgreSQL (Railway) — primary application database, hosted in the EU.
  • Google Analytics 4 (optional) — only after you accept analytics in our cookie banner. We enable IP anonymisation and Consent Mode v2.
  • Plausible Analytics (optional, cookieless) — aggregated traffic statistics without personal identifiers.

A processor list with the country of processing for each vendor is available on request at privacy@jobboard.app.

5. How long we keep your data

We retain personal data only as long as needed for the purpose it was collected:

  • Account data — until you delete your account, plus 30 days for backups.
  • Application data — for the duration of the hiring pipeline, then 24 months for dispute and audit purposes.
  • Billing data — 10 years, as required by EU tax law.
  • Security and access logs — 90 days.

6. Your rights

Under the GDPR and similar laws, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — limit how we process your data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — at any time, for any consent-based processing.
  • Lodge a complaint — with your local data protection authority.

To exercise any right, email privacy@jobboard.app. We respond within 30 days. Most rights can also be exercised from your account at https://jobremotely.io/profile.

7. How we protect your data

Security is a first-class engineering concern. Concretely we apply:

  • TLS 1.3 everywhere — all traffic encrypted in transit.
  • Passwords hashed with bcrypt (work factor 12+); never stored in plaintext.
  • Stripe Elements for payments — your card data never reaches our servers.
  • Rate-limited authentication and applications to block credential stuffing and spam.
  • Encrypted off-site database backups, retained 30 days.
  • Principle of least privilege for staff access, audited quarterly.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the relevant supervisory authority within 72 hours, as required by Article 33 of the GDPR.

8. International data transfers

Our infrastructure is hosted in the European Union. When a processor (e.g., Stripe, Google Analytics) requires transfers outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission and additional safeguards where appropriate.

9. Cookies

We use the minimum set of cookies required to operate the Service plus optional analytics cookies that fire only after you opt in. The full cookie inventory and instructions to manage your preferences are available on the Cookies page.

10. Children

The Service is not directed at children under 16. We do not knowingly collect data from minors. If you believe a child has signed up, please contact us at privacy@jobboard.app and we will remove the account.

11. Changes to this policy

We may update this Privacy Policy from time to time. When changes are material we will notify you by email or in-product banner at least 30 days before the new terms take effect.

Current effective date: 2026-05-01. Last updated: 2026-05-01.

12. Contact us

Privacy inquiries — privacy@jobboard.app

General support — support@jobremotely.io

Postal address available on request.