Privacy Policy

1. The data controller is Software Development BŁAŻEJ SUSZKA, located at ul. Spacerowa 17, 62-404 Ciążeń, Poland, NIP (Tax ID): 9721298000 (hereinafter: "Controller").

2. Contact for data protection inquiries: info@jobbify.me.

1. When using the Jobbify Service, we process the following data:

a) Registration data: email address, encrypted password.

b) Profile data: first name, last name, phone number, professional summary, experience, skills, education — provided voluntarily by the User for CV generation.

c) Generated data: content of generated CVs, generation history.

d) Payment data: processed exclusively by Stripe (we do not store card numbers).

e) Technical data: IP address, browser type, session ID, cookies — collected automatically.

1. We process data for the following purposes:

a) Service provision (Art. 6(1)(b) GDPR) — contract performance, i.e., CV generation, account and profile management.

b) Transaction processing (Art. 6(1)(b) and (c) GDPR) — payment handling and tax obligations.

c) Communication (Art. 6(1)(f) GDPR) — responding to inquiries, handling complaints.

d) Service improvement (Art. 6(1)(f) GDPR) — analyzing Service usage to improve quality.

e) Consent (Art. 6(1)(a) GDPR) — analytics and optional cookies, only with consent.

1. To provide our services, we use the following data processors:

a) OpenAI (OpenAI, L.L.C., USA) — processing profile data for AI-powered CV generation. Data may be transferred to the USA based on Standard Contractual Clauses (SCCs).

b) Stripe (Stripe, Inc., USA) — payment processing. Stripe is PCI DSS compliant. Data transferred based on SCCs.

c) Railway (Railway Corp., USA) — server infrastructure hosting. Data transferred based on SCCs.

d) Vercel (Vercel, Inc., USA) — frontend application hosting. Data transferred based on SCCs.

2. Data may also be disclosed to government authorities under applicable law.

3. We do not sell User personal data to third parties.

1. Due to using services from US-based providers (OpenAI, Stripe, Railway, Vercel), personal data may be transferred outside the European Economic Area.

2. Transfers are based on Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

3. Users may obtain a copy of the safeguards in place by contacting the Controller.

1. We retain data for the following periods:

a) Account and profile data — until the User deletes their account.

b) Transaction data — for 5 years from the end of the tax year in which the transaction took place (legal obligation).

c) Technical data (logs) — maximum 90 days.

2. Upon account deletion, all personal data is permanently removed from our systems, except data required to be retained by law.

1. Under the GDPR, Users have the following rights:

a) Right of access (Art. 15 GDPR).

b) Right to rectification (Art. 16 GDPR).

c) Right to erasure — "right to be forgotten" (Art. 17 GDPR).

d) Right to restriction of processing (Art. 18 GDPR).

e) Right to data portability (Art. 20 GDPR).

f) Right to object (Art. 21 GDPR).

g) Right to withdraw consent at any time (Art. 7(3) GDPR).

2. To exercise these rights, contact the Controller at info@jobbify.me.

3. Users have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

1. The Service uses cookies for:

a) Essential cookies — maintaining login sessions, remembering language preferences. Basis: legitimate interest (no consent required).

b) Analytical cookies — analyzing Service usage. Basis: User consent.

2. Users can manage cookies through browser settings or the consent banner displayed in the Service.

3. Disabling essential cookies may prevent proper use of the Service.

1. We implement appropriate technical and organizational measures to protect data, including:

a) Data transmission encryption (SSL/TLS).

b) Password encryption (Argon2 algorithm).

c) Restricted data access — authorized personnel only.

d) Regular backups.

2. In case of a personal data breach, the Controller will notify affected Users and the relevant supervisory authority in accordance with Art. 33 and 34 GDPR.

1. For CV generation, User profile data is processed by a language model provided by OpenAI.

2. Data sent to OpenAI includes only information necessary for CV generation (work experience, skills, education) and job offer content.

3. We do not send identifying data (email, full name) to OpenAI unless the User included it in their profile content.

4. According to OpenAI's policy, data submitted via the API is not used for model training.

1. The Controller reserves the right to change this Privacy Policy.

2. Users will be notified of changes by email or through a notice in the Service.

3. The current version of the Privacy Policy is always available at jobbify.me/polityka-prywatnosci.