Privacy Policy
How JobEmbed collects, uses, and protects your personal data.
Effective date: 22 May 2026 · Last updated: 22 May 2026
1. About this notice
This Privacy Policy explains what personal data JobEmbed collects, why we collect it, how long we keep it, who we share it with, and the rights you have over your data. It applies to everyone who visits jobembed.co or uses our service.
If you don't want to read the whole document, the short version is: we collect the email address you sign up with, the search profiles you create, and which jobs you save or view. We use this to match jobs to you and to send you account-related email. We don't sell your data. You can delete your account and all associated data at any time.
2. Data controller
The service is operated by:
Roman Kliukin, trading as JobEmbed, registered as a sole proprietor ("Преузетник") in the Republic of Serbia.
- Registered address: Kraljice Natalije 42, stan 5A, 11000 Beograd, Serbia
- Matični broj (registration number): 68164214
- ПИБ (tax ID): 115183888
For any matter related to your personal data or this Privacy Policy, contact: privacy@jobembed.co.
3. EU representative
JobEmbed is in the process of designating a representative within the European Union under Article 27 of the GDPR. The representative will be appointed within 30 days of public launch. We will update this section with the representative's name, address, and contact details once appointed.
In the meantime, data subjects in the EU can reach us directly at privacy@jobembed.co.
4. Personal data we collect
Provided by you
- Email address (when you sign up).
- Optional sign-in identity if you use Google OAuth (your Google email + name).
- Search profile content you create: free-text query (e.g. "Senior Product Manager"), selected countries, work-mode preferences (remote / hybrid / on-site), and language requirements.
- Action data: which jobs you view, save, or hide.
- Settings: timezone, language preference (en / ru).
- Payment data if you subscribe — handled directly by LemonSqueezy (see §7). We do not store full card numbers; we receive a billing record with the last four digits, customer ID, and subscription status.
Generated automatically
- Account metadata: account ID, trial-expiry timestamp, subscription status, email-deliverability status.
- Server logs: IP address, browser user-agent, and timestamps for sign-in events and security-relevant actions. Retained briefly for abuse prevention.
- Pipeline logs: when a scrape is triggered on your behalf, the system records a
pipeline_runsrow tying the scrape snapshot to your account.
Not collected
- We don't collect your CV, résumé, or job-application content. JobEmbed surfaces matches; you apply on LinkedIn or wherever the posting points.
- We don't track you across other websites.
- We don't use behavioural advertising cookies or third-party trackers.
5. Lawful bases for processing (GDPR Article 6)
| Activity | Lawful basis |
|---|---|
| Creating and operating your account | Contract (Article 6(1)(b)) |
| Sending account, security, and billing email | Contract / Legal obligation (Article 6(1)(b) / (c)) |
| Matching jobs to your search profile | Contract (Article 6(1)(b)) |
| Anti-fraud, security logs, account lockout | Legitimate interest (Article 6(1)(f)) |
| Analytics on aggregate traffic via Plausible (cookieless) | Legitimate interest (Article 6(1)(f)) |
| Optional product email (digests, re-engagement — not active in v1) | Consent (Article 6(1)(a)) |
6. How we use it
- Show you jobs that match your search profile.
- Send authentication, password-reset, and billing email.
- Detect and prevent abuse (rate-limited signups, bounced-email handling).
- Calculate aggregate operational metrics (active accounts, conversion funnel, cost per user) — no individual profiling for marketing.
We do not use your data to train AI models. The Anthropic LLM call described in §7 processes the language requirements of public job descriptions, not your personal data.
7. Third-party processors
The service relies on the providers below. Each processes specific data on our instructions under a Data Processing Agreement (or equivalent).
| Provider | Purpose | Data shared | Hosting region |
|---|---|---|---|
| Supabase | Database, authentication, file storage | Email, account metadata, search profiles, saved/viewed jobs, billing records | EU (Frankfurt) |
| Vercel | Hosting for the web app | IP address, user-agent (request logs) | EU (Frankfurt) primary |
| LemonSqueezy (Merchant of Record — issues invoices in its name, collects + remits VAT, processes refunds) | Payment processing, subscription, VAT compliance | Email, payment method, billing address, subscription history | EU / US (Stripe sub-processor) |
| Bright Data | LinkedIn job-listing data collection | Search queries (no personal data) sent as scrape inputs; webhook returns public job postings only | Global |
| Resend | Transactional email delivery | Email address, message body | EU / US |
| Plausible Cloud | Cookieless web analytics | Aggregated pageviews, no individual identifiers | EU (Germany) |
| Anthropic | Language-requirement extraction from public job descriptions | Public job-description text only — no JobEmbed user identifiers | US |
| Cloudflare | DNS, email forwarding, edge security | DNS queries, IP-level traffic patterns | Global |
| n8n (self-hosted) | Orchestrates scrape + processing pipeline | Search profile metadata, public job-listing payloads | EU (founder-controlled VPS) |
Sub-processors used by these providers are listed in their respective privacy policies, linked from their public sites.
8. International data transfers
JobEmbed's primary data store is in the EU. Some processors (Anthropic, parts of LemonSqueezy, Cloudflare) operate in the United States or have global infrastructure. Transfers outside the EEA rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission, where the provider has executed them with us; and / or
- Adequacy decisions where applicable to the destination country.
You can request a copy of the safeguards in place for any specific provider by emailing privacy@jobembed.co.
9. Data retention
| Data | Retained for |
|---|---|
| Account, search profiles, saved/viewed jobs | Until you delete your account (or until 12 months after subscription end if you don't return) |
| Billing records (invoices) | 10 years from issue date (tax / accounting obligation in Serbia and the EU) |
| Server logs (IP, user-agent) | 30 days |
| Backups | 30 days rolling window |
| Email deliverability status (e.g. bounced flag) | Until you re-verify or delete the account |
Account deletion triggers cascading removal across search profiles, viewed/saved-job records, pipeline-run rows, and authentication identities. Billing records are retained as required by tax law and are accessible to you on request.
10. Your rights
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, you have the following rights over your personal data:
- Access — get a copy of the personal data we hold about you.
- Rectification — correct inaccurate data.
- Erasure ("right to be forgotten") — delete your data; in JobEmbed you can do this yourself from the settings page.
- Restriction of processing — pause specific uses of your data.
- Data portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — for activities based on consent (e.g. optional product email), withdraw it at any time.
- Lodge a complaint with a supervisory authority (in Serbia: Повереник за информације од јавног значаја и заштиту података о личности; in the EU: your national data-protection authority).
To exercise any of these rights, email privacy@jobembed.co with enough detail for us to identify your account. We respond within 30 days, or sooner where the law requires.
11. Children
JobEmbed is for adults. We do not knowingly collect data from anyone under 16. If you believe a minor has signed up, email us and we will remove the account.
12. Cookies and local storage
JobEmbed uses the bare minimum of cookies and local storage:
- Authentication cookies set by Supabase to keep you signed in. Essential for the service ("strictly necessary" cookies under ePrivacy Article 5(3)); they are not subject to the consent banner and cannot be opted out without signing out.
jobembed_consent_v1inlocalStoragerecords that you have seen the transparency banner. The single stored value is"acknowledged". No personal data is stored alongside this flag. Clearing your browser's localStorage (or using private browsing) will make the banner appear again on your next visit.- No advertising cookies, no cross-site tracking, no fingerprinting libraries.
Plausible Cloud analytics is cookieless; it does not set any identifier on your device and runs as a server-side aggregate of pageviews with no individual identifiers. Because Plausible itself does not require consent under ePrivacy, the banner is a transparency notice rather than a consent prompt.
If JobEmbed introduces tracking cookies in a future release (v2), a new jobembed_consent_v2 banner will offer Accept / Reject choices, and a Manage cookie preferences link will be added to the site footer so you can change your selection at any time.
13. Security
- All traffic to and from jobembed.co is encrypted with TLS.
- Database access is restricted by Supabase Row-Level Security so each user only sees their own data; we audit RLS policies before every release.
- Passwords are hashed via Supabase Auth (industry-standard bcrypt-class function); we never see your plaintext password.
- Payment data never touches our servers — LemonSqueezy handles it directly.
- We don't claim to be unhackable. If you suspect a security issue, email privacy@jobembed.co; we'll respond and, where required, notify the supervisory authority within 72 hours per Article 33.
14. Changes to this notice
When we make material changes, we update the Effective date at the top and notify active account holders by email at least 30 days before the change takes effect (unless the change is required immediately by law). Minor edits — typos, clarifications, additional examples — update the Last updated date only.
A history of past versions is available on request.
15. Contact
For any question or request about this Privacy Policy or your personal data:
privacy@jobembed.co
Postal address (for formal correspondence): Roman Kliukin / JobEmbed, Kraljice Natalije 42, stan 5A, 11000 Beograd, Serbia.