Privacy Policy

How JobEmbed collects, uses, and protects your personal data.

Effective date: 22 May 2026 · Last updated: 22 May 2026

1. About this notice

This Privacy Policy explains what personal data JobEmbed collects, why we collect it, how long we keep it, who we share it with, and the rights you have over your data. It applies to everyone who visits jobembed.co or uses our service.

If you don't want to read the whole document, the short version is: we collect the email address you sign up with, the search profiles you create, and which jobs you save or view. We use this to match jobs to you and to send you account-related email. We don't sell your data. You can delete your account and all associated data at any time.

2. Data controller

The service is operated by:

Roman Kliukin, trading as JobEmbed, registered as a sole proprietor ("Преузетник") in the Republic of Serbia.

  • Registered address: Kraljice Natalije 42, stan 5A, 11000 Beograd, Serbia
  • Matični broj (registration number): 68164214
  • ПИБ (tax ID): 115183888

For any matter related to your personal data or this Privacy Policy, contact: privacy@jobembed.co.

3. EU representative

JobEmbed is in the process of designating a representative within the European Union under Article 27 of the GDPR. The representative will be appointed within 30 days of public launch. We will update this section with the representative's name, address, and contact details once appointed.

In the meantime, data subjects in the EU can reach us directly at privacy@jobembed.co.

4. Personal data we collect

Provided by you

  • Email address (when you sign up).
  • Optional sign-in identity if you use Google OAuth (your Google email + name).
  • Search profile content you create: free-text query (e.g. "Senior Product Manager"), selected countries, work-mode preferences (remote / hybrid / on-site), and language requirements.
  • Action data: which jobs you view, save, or hide.
  • Settings: timezone, language preference (en / ru).
  • Payment data if you subscribe — handled directly by LemonSqueezy (see §7). We do not store full card numbers; we receive a billing record with the last four digits, customer ID, and subscription status.

Generated automatically

  • Account metadata: account ID, trial-expiry timestamp, subscription status, email-deliverability status.
  • Server logs: IP address, browser user-agent, and timestamps for sign-in events and security-relevant actions. Retained briefly for abuse prevention.
  • Pipeline logs: when a scrape is triggered on your behalf, the system records a pipeline_runs row tying the scrape snapshot to your account.

Not collected

  • We don't collect your CV, résumé, or job-application content. JobEmbed surfaces matches; you apply on LinkedIn or wherever the posting points.
  • We don't track you across other websites.
  • We don't use behavioural advertising cookies or third-party trackers.

5. Lawful bases for processing (GDPR Article 6)

ActivityLawful basis
Creating and operating your accountContract (Article 6(1)(b))
Sending account, security, and billing emailContract / Legal obligation (Article 6(1)(b) / (c))
Matching jobs to your search profileContract (Article 6(1)(b))
Anti-fraud, security logs, account lockoutLegitimate interest (Article 6(1)(f))
Analytics on aggregate traffic via Plausible (cookieless)Legitimate interest (Article 6(1)(f))
Optional product email (digests, re-engagement — not active in v1)Consent (Article 6(1)(a))

6. How we use it

  • Show you jobs that match your search profile.
  • Send authentication, password-reset, and billing email.
  • Detect and prevent abuse (rate-limited signups, bounced-email handling).
  • Calculate aggregate operational metrics (active accounts, conversion funnel, cost per user) — no individual profiling for marketing.

We do not use your data to train AI models. The Anthropic LLM call described in §7 processes the language requirements of public job descriptions, not your personal data.

7. Third-party processors

The service relies on the providers below. Each processes specific data on our instructions under a Data Processing Agreement (or equivalent).

ProviderPurposeData sharedHosting region
SupabaseDatabase, authentication, file storageEmail, account metadata, search profiles, saved/viewed jobs, billing recordsEU (Frankfurt)
VercelHosting for the web appIP address, user-agent (request logs)EU (Frankfurt) primary
LemonSqueezy (Merchant of Record — issues invoices in its name, collects + remits VAT, processes refunds)Payment processing, subscription, VAT complianceEmail, payment method, billing address, subscription historyEU / US (Stripe sub-processor)
Bright DataLinkedIn job-listing data collectionSearch queries (no personal data) sent as scrape inputs; webhook returns public job postings onlyGlobal
ResendTransactional email deliveryEmail address, message bodyEU / US
Plausible CloudCookieless web analyticsAggregated pageviews, no individual identifiersEU (Germany)
AnthropicLanguage-requirement extraction from public job descriptionsPublic job-description text only — no JobEmbed user identifiersUS
CloudflareDNS, email forwarding, edge securityDNS queries, IP-level traffic patternsGlobal
n8n (self-hosted)Orchestrates scrape + processing pipelineSearch profile metadata, public job-listing payloadsEU (founder-controlled VPS)

Sub-processors used by these providers are listed in their respective privacy policies, linked from their public sites.

8. International data transfers

JobEmbed's primary data store is in the EU. Some processors (Anthropic, parts of LemonSqueezy, Cloudflare) operate in the United States or have global infrastructure. Transfers outside the EEA rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, where the provider has executed them with us; and / or
  • Adequacy decisions where applicable to the destination country.

You can request a copy of the safeguards in place for any specific provider by emailing privacy@jobembed.co.

9. Data retention

DataRetained for
Account, search profiles, saved/viewed jobsUntil you delete your account (or until 12 months after subscription end if you don't return)
Billing records (invoices)10 years from issue date (tax / accounting obligation in Serbia and the EU)
Server logs (IP, user-agent)30 days
Backups30 days rolling window
Email deliverability status (e.g. bounced flag)Until you re-verify or delete the account

Account deletion triggers cascading removal across search profiles, viewed/saved-job records, pipeline-run rows, and authentication identities. Billing records are retained as required by tax law and are accessible to you on request.

10. Your rights

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, you have the following rights over your personal data:

  • Access — get a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure ("right to be forgotten") — delete your data; in JobEmbed you can do this yourself from the settings page.
  • Restriction of processing — pause specific uses of your data.
  • Data portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — for activities based on consent (e.g. optional product email), withdraw it at any time.
  • Lodge a complaint with a supervisory authority (in Serbia: Повереник за информације од јавног значаја и заштиту података о личности; in the EU: your national data-protection authority).

To exercise any of these rights, email privacy@jobembed.co with enough detail for us to identify your account. We respond within 30 days, or sooner where the law requires.

11. Children

JobEmbed is for adults. We do not knowingly collect data from anyone under 16. If you believe a minor has signed up, email us and we will remove the account.

12. Cookies and local storage

JobEmbed uses the bare minimum of cookies and local storage:

  • Authentication cookies set by Supabase to keep you signed in. Essential for the service ("strictly necessary" cookies under ePrivacy Article 5(3)); they are not subject to the consent banner and cannot be opted out without signing out.
  • jobembed_consent_v1 in localStorage records that you have seen the transparency banner. The single stored value is "acknowledged". No personal data is stored alongside this flag. Clearing your browser's localStorage (or using private browsing) will make the banner appear again on your next visit.
  • No advertising cookies, no cross-site tracking, no fingerprinting libraries.

Plausible Cloud analytics is cookieless; it does not set any identifier on your device and runs as a server-side aggregate of pageviews with no individual identifiers. Because Plausible itself does not require consent under ePrivacy, the banner is a transparency notice rather than a consent prompt.

If JobEmbed introduces tracking cookies in a future release (v2), a new jobembed_consent_v2 banner will offer Accept / Reject choices, and a Manage cookie preferences link will be added to the site footer so you can change your selection at any time.

13. Security

  • All traffic to and from jobembed.co is encrypted with TLS.
  • Database access is restricted by Supabase Row-Level Security so each user only sees their own data; we audit RLS policies before every release.
  • Passwords are hashed via Supabase Auth (industry-standard bcrypt-class function); we never see your plaintext password.
  • Payment data never touches our servers — LemonSqueezy handles it directly.
  • We don't claim to be unhackable. If you suspect a security issue, email privacy@jobembed.co; we'll respond and, where required, notify the supervisory authority within 72 hours per Article 33.

14. Changes to this notice

When we make material changes, we update the Effective date at the top and notify active account holders by email at least 30 days before the change takes effect (unless the change is required immediately by law). Minor edits — typos, clarifications, additional examples — update the Last updated date only.

A history of past versions is available on request.

15. Contact

For any question or request about this Privacy Policy or your personal data:

privacy@jobembed.co

Postal address (for formal correspondence): Roman Kliukin / JobEmbed, Kraljice Natalije 42, stan 5A, 11000 Beograd, Serbia.