Privacy Policy

Effective Date: 2024-05-01
Version: 1.0.0

At Get me the job, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

---

1. Information We Collect

1.1 Information You Provide

• Account Information: Username, email address, password (hashed), full name, preferred language
• Profile Information: Theme preferences, AI provider settings, API keys
• User Content: Resumes, cover letters, job applications, job postings you create
• Communications: Messages sent to support, feedback, survey responses

1.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the Service
• Device Information: Browser type, operating system, device type
• Log Data: IP address, access times, error logs
• Cookies: Session cookies, language preference cookies

1.3 Third-Party AI Service Data

If you configure third-party AI providers (OpenAI, Anthropic, etc.):

• Your prompts and generated content may be sent to third-party AI services
• We encrypt API keys you provide before storing them
• Third-party AI providers have their own privacy policies

2. How We Use Your Information

We use your information to:

• Provide the Service: Store and display your resumes, cover letters, and applications
• Improve the Service: Analyze usage patterns to enhance features and user experience
• Communicate with You: Send service updates, security alerts, and support responses
• Security: Detect fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service
• AI Features: Process your content with AI models to generate suggestions (with your consent)

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your data based on:

• Consent: You have given explicit consent (e.g., for marketing communications)
• Contract: Processing is necessary to provide the Service you requested
• Legitimate Interests: Improving our Service, security, and fraud prevention
• Legal Obligation: Compliance with applicable laws

4. Data Sharing and Disclosure

4.1 We DO NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

4.2 Service Providers

We may share data with trusted service providers who assist us:

• Hosting: Server infrastructure (e.g., AWS, DigitalOcean)
• AI Services: Third-party AI providers you configure (OpenAI, Anthropic, Groq, etc.)
• Analytics: Usage analytics (e.g., Logfire, Sentry)
• Email: Transactional email services

Service providers are contractually obligated to protect your data and use it only for providing services to us.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders, subpoenas, or legal processes
• Requests from law enforcement or government agencies
• Protection of our rights, property, or safety
• Investigation of fraud or security incidents

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

• Active Accounts: We retain your data for as long as your account is active
• Inactive Accounts: Accounts inactive for 2+ years may be deleted
• Deleted Accounts: 30-day grace period before permanent deletion
• Audit Logs: Retained for 365 days for security and compliance
• Backups: Deleted data may remain in backups for up to 90 days

6. Your Rights (GDPR & CCPA)

6.1 GDPR Rights (European Users)

If you are in the EEA, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("Right to be Forgotten")
• Data Portability: Export your data in JSON format
• Object: Object to processing based on legitimate interests
• Restrict Processing: Limit how we use your data
• Withdraw Consent: Revoke consent for marketing or AI processing
• Lodge a Complaint: File a complaint with your data protection authority

6.2 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

• Know: Request details about personal information we collect and use
• Delete: Request deletion of your personal information
• Opt-Out: Opt-out of the "sale" of personal information (we do not sell data)
• Non-Discrimination: Not be discriminated against for exercising your rights

6.3 Exercising Your Rights

To exercise any of these rights:

1. Data Export: Go to Settings → "Export Your Data"
2. Account Deletion: Go to Settings → "Delete Account"
3. Other Requests: Email us at privacy@getmethejob.com

We will respond to your request within 30 days.

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: HTTPS/TLS for data in transit, encrypted API keys at rest
• Authentication: JWT-based authentication, bcrypt password hashing
• Access Controls: Role-based access, principle of least privilege
• Security Headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options
• Rate Limiting: Protection against brute-force attacks
• Audit Logging: All sensitive actions are logged for security monitoring
• Regular Updates: Security patches and dependency updates

Note: No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Cookies and Tracking

8.1 Essential Cookies

• access_token: Session authentication (HttpOnly, Secure, SameSite=Strict)
• language: Language preference (1 year expiration)

8.2 Analytics Cookies

We may use analytics services (e.g., Logfire) to understand how users interact with our Service. You can opt-out of analytics tracking in your browser settings.

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality. See our Cookie Policy for more details.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including:

• United States (server hosting)
• European Union (if using EU servers)
• Countries where third-party AI providers operate

We ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

Get me the job is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

12. AI and Data Processing

12.1 AI Processing Consent

By using AI features, you consent to:

• Your resume and cover letter content being processed by AI models
• Data being sent to third-party AI providers you configure
• AI-generated suggestions being stored in our database

12.2 Third-Party AI Providers

If you use third-party AI providers, your data is subject to their privacy policies:

• OpenAI: https://openai.com/privacy
• Anthropic: https://www.anthropic.com/privacy
• Groq: https://groq.com/privacy-policy

12.3 Local AI Models

If you use local AI models (Ollama, LM Studio), your data is processed entirely on your local machine and not sent to third parties.

13. Marketing Communications

With your consent, we may send you:

• Product updates and new features
• Tips for job applications
• Surveys and feedback requests

You can opt-out of marketing emails at any time by:

• Clicking "Unsubscribe" in the email footer
• Updating preferences in your account settings
• Emailing us at privacy@getmethejob.com

Note: You cannot opt-out of essential service emails (e.g., security alerts, account notifications).

14. Data Breach Notification

In the event of a data breach that affects your personal information:

• We will notify you within 72 hours (as required by GDPR)
• Notification will be sent via email to your registered email address
• We will provide details about the breach and steps you should take
• We will report the breach to relevant authorities as required by law

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

• We will update the "Effective Date" at the top of this page
• We will notify you via email or in-app notification for material changes
• Your continued use of the Service after changes constitutes acceptance
• We will maintain a history of previous versions

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: privacy@getmethejob.com
• Data Protection Officer: dpo@getmethejob.com
• Address: [Your Company Address]

EU Representative

[EU Representative Details]

---

Last Updated: 2024-05-01
Version: 1.0.0