Privacy Policy
Last updated: 22 April 2026
This Privacy Policy explains how JobJam.io collects, uses, stores, and protects your personal data. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable EU data protection law.
Important: JobJam.io is operated from Berlin, Germany. All user data is stored on Supabase infrastructure within the European Union (Ireland).
1. Who We Are
- Operator: JobJam.io
- Contact: hello@jobjam.io
- Website: jobjam.io
- Location: Berlin, Germany
JobJam.io is an independent project operated from Berlin, Germany. For the purposes of GDPR, the operator of JobJam.io is the Data Controller of your personal data.
2. What Data We Collect
We collect only the data necessary to provide the JobJam.io service.
2.1 Account Data
- Email address - used for authentication and communication
- Password (hashed and stored securely via Supabase Auth - we never see your plain-text password)
2.2 Resume & Career Data
- Resume content you upload (PDF, DOCX, or TXT format)
- Parsed resume data stored in structured JSON format
- Job descriptions you paste into the platform
- AI-generated evaluations, match analyses, and recommendations
- Cover letters and optimized resume versions you generate
- Application records including company, role, status, notes, and dates
- Outcome data you voluntarily provide (interview, offer, rejection)
2.3 Payment Data
- JobJam.io uses Stripe to process payments. We do not store your card details.
- We receive confirmation of payment, the plan purchased, and the transaction amount from Stripe.
- Stripe's privacy policy applies to payment processing: stripe.com/privacy
2.4 Usage Data
We use two analytics providers with very different privacy profiles:
Vercel Analytics - cookieless, privacy-friendly analytics that runs on every visit. Does not use tracking cookies, does not fingerprint users, and does not track individuals across sessions. Used for aggregate traffic metrics. No consent required.
Google Analytics 4 - loads only after you provide explicit consent via our cookie banner. If you click “Reject” or do not consent, Google Analytics does not load and no Google cookies are set. Google Analytics uses cookies to measure how visitors interact with JobJam.io (pages visited, session duration, referral source). Data is processed by Google LLC in the United States under Standard Contractual Clauses. IP addresses are anonymized. You can withdraw your consent at any time via the “Cookie Preferences” link in our footer.
IP addresses - collected for security, rate limiting, and abuse prevention on public endpoints (e.g. the free demo). Logged server-side and not linked to your account.
We do not use advertising trackers or third-party marketing pixels.
3. How We Use Your Data
We use your data solely to provide and improve the JobJam.io service:
- To create and manage your account
- To run AI evaluations of your resume against job descriptions
- To generate tailored resumes, cover letters, and recommendations
- To store your application history and provide application memory features
- To process payments via Stripe
- To send transactional emails (account confirmation, receipts)
- To improve evaluation quality using anonymised, aggregated data
We do not sell your data. We do not use your data for advertising. We do not share your resume or career data with employers or third parties.
4. Legal Basis for Processing (GDPR)
Under GDPR, we process your data on the following legal bases:
- Contract performance - processing necessary to deliver the service you signed up for
- Legitimate interests - improving platform quality using anonymised aggregate data, and cookieless analytics (Vercel Analytics) for basic traffic measurement
- Legal obligation - maintaining records required by law
- Consent - for optional communications, Google Analytics tracking, and any non-essential cookies. You can withdraw consent at any time via the “Cookie Preferences” link in our footer.
5. Data Storage, Security & AI Processing
5.1 Storage & Security
- All data is stored on Supabase infrastructure within the European Union (Ireland region)
- Data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Authentication is handled by Supabase Auth with bcrypt password hashing
- Access to production systems is restricted to the operator and logged
- No production data is downloaded to local devices
- We review security practices regularly
5.2 AI Processing
Resume content and job descriptions you provide are sent to AI providers (Anthropic, OpenAI, Google) for processing. This content may include personal information contained in your resume (such as name, contact details, and employment history). We do not send your account email, account ID, payment information, or usage data to AI providers.
5.3 AI Training
Your resume content, job descriptions, and generated outputs are never used to train AI models.
This applies to both JobJam.io and our AI provider agreements. Your data is used solely to generate the evaluations, cover letters, and recommendations you request.
5.4 Breach Notification
In the event of a personal data breach, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
6. Data Retention
- Account data - retained until you delete your account
- Resume and application data - retained until you delete it or your account
- Payment records - retained for 7 years as required by German tax law
- Anonymised usage data - retained indefinitely for product improvement
- Consent records - retained for 2 years to evidence compliance
7. Your Rights Under GDPR
As an EU resident, you have the following rights:
- Right of access - request a copy of all data we hold about you
- Right to rectification - correct inaccurate or incomplete data
- Right to erasure - request deletion of your data (right to be forgotten)
- Right to portability - receive your data in a machine-readable format
- Right to restrict processing - limit how we use your data
- Right to object - object to processing based on legitimate interests
- Right to withdraw consent - for any consent-based processing, including analytics
Self-service deletion: You can delete your account at any time from the Account page using the "Delete my account" option. Deletion is immediate and irreversible. Payment records are retained in anonymized form for 7 years as required by German tax law (§ 147 AO); all other personal data is permanently removed.
To exercise any of these rights, email: hello@jobjam.io. We will respond within 30 days.
You also have the right to lodge a complaint with the Berlin data protection authority: Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI).
8. Subprocessors
The following third parties process your data on our behalf. All operate under data processing agreements (DPAs) compliant with GDPR Article 28.
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase (AWS EU) | Database & authentication | Account data, resumes, application data | EU (Ireland) |
| Vercel | Hosting & delivery | Request logs, usage data | EU / Global CDN |
| Stripe | Payment processing | Email, payment details | EU / US (DPA + SCCs) |
| Anthropic | AI processing (Claude) | Resume & JD content for evaluation | US (DPA + SCCs) |
| OpenAI | AI processing | JD parsing, AI assistant | US (DPA + SCCs) |
| Google (Gemini) | Resume parsing | Resume content | US (DPA + SCCs) |
| Google LLC (Google Analytics) | Web analytics (consent-based) | Anonymized usage data, anonymized IP | US (DPA + SCCs) |
SCCs refer to the EU Standard Contractual Clauses, the legal mechanism for compliant EU→US data transfer. We will notify users of changes to this subprocessor list at least 30 days before taking effect.
9. Cookies
We use two categories of cookies on JobJam.io.
Essential cookies
Required for you to log in and use the service. These cannot be disabled.
| Cookie | Purpose | Duration |
|---|---|---|
sb-access-token | Authentication (Supabase) | Session |
sb-refresh-token | Session persistence (Supabase) | 7 days |
cookie-consent | Stores your cookie preferences | 1 year |
Analytics cookies (consent required)
These cookies only load after you click “Accept” on our cookie banner. You can change your preferences anytime via the “Cookie Preferences” link in the footer.
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
_ga | Distinguish unique users | 2 years | Google Analytics |
_ga_99C0R57SYC | Persist session state | 2 years | Google Analytics |
We do not use advertising cookies, marketing trackers, or session replay tools.
Vercel Analytics is cookieless and runs on every visit for aggregate traffic measurement without identifying individual users. No consent is required because Vercel Analytics sets no cookies and does not track individuals.
10. Children's Privacy
JobJam.io is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact hello@jobjam.io and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on jobjam.io. The date at the top of this document reflects the most recent update.
12. Contact
- Email: hello@jobjam.io
- Website: jobjam.io
- Address: Berlin, Germany