Privacy Policy
Last updated: 4/2/2026
1. Data Controller
Jobs Europe AB ("we", "us", "our") operates the Jobs Europe application and website.
Company: Jobs Europe AB
Organization number: 559370-9347
Country: Sweden
Contact: privacy@jobseurope.io
We act as data controller for user accounts and platform operation under the EU General Data Protection Regulation (GDPR).
2. Scope
This policy applies to users who browse the service, create an account, apply for jobs, upload documents, receive alerts, or authenticate using Google OAuth.
3. Personal Data We Collect
We collect only data necessary to operate a job platform.
3.1 Account & Authentication Data
Collected when registering or updating your profile:
- Email address
- First and last name
- Phone number (optional)
- Nationality (optional)
- Country of residence (optional)
- Gender (optional)
- Language skills (optional)
- Job-seeking status (optional)
- Internal user identifier
- Account creation date
Google OAuth provides:
- Email address
- First and last name
- Profile picture
- Unique Google account identifier
3.2 Candidate Application Data
When applying for jobs inside the platform:
- CV files
- Cover letters
- Application responses and screening question answers (including any attached files)
- Application history and status
By submitting an application, users explicitly accept the Terms of Service and Privacy Policy at the time of submission.
Employers can only access this data when you apply to their job posting. There is no in-platform messaging between employers and candidates; communication occurs outside the service.
3.3 Employer Account Data
For employer customers:
- First and last name
- Email address
- Phone number (optional)
3.4 Usage & Technical Data
Automatically collected for security and operation:
- IP address (used temporarily for security logging and rate limiting)
- Device/browser information
- Timestamps
IP addresses are processed ephemerally for rate limiting and for up to 7 days in security logs.
3.5 Preferences & Interactions
- Job alert preferences
- Saved jobs
- Followed companies
- Liked content (articles, jobs)
- Cookie preferences and consent history
- Job views and apply-click events (tracked with job and company identifiers via analytics — see Section 8)
4. Legal Basis (GDPR Art. 6)
| Purpose | Legal Basis |
|---|---|
| Account creation & login | Contract performance |
| Job applications | Contract performance |
| Job alerts and email marketing | Consent |
| Security & fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation |
5. Roles in Recruitment Processing
For user accounts and platform operation: Jobs Europe AB is the data controller.
For job applications submitted to employers via our platform: the employer becomes the data controller for recruitment decisions. Jobs Europe AB acts as a data processor storing and transmitting applicant data on behalf of the employer.
Where an employer uses an external ATS (applicant tracking software) connected via our integration layer, application data is routed through Kombo (our ATS middleware sub-processor) before being delivered to the employer's system. At the point of delivery, the external employer/ATS becomes an independent data controller. Jobs Europe AB and Kombo act as data processors in this flow.
6. How We Use Data
We process personal data to:
- Operate accounts
- Authenticate users
- Deliver job alerts via email
- Send employer campaign emails to users who have consented to receive marketing (contact details are synced to our email provider for this purpose)
- Enable applications
- Provide employer access to applicants
- Maintain security and prevent abuse
- Fulfil billing and subscription management obligations
We do not sell personal data.
7. Data Sharing & Sub-Processors
We share data only with necessary service providers:
| Provider | Purpose |
|---|---|
| Supabase (AWS Frankfurt) | Database, authentication, storage, and system logs |
| Vercel | Hosting & infrastructure |
| SendGrid | Transactional and marketing email; user contact details synced for segmentation |
| Authentication (OAuth) | |
| Plausible Analytics | Privacy-focused analytics |
| Twilio | SMS notifications |
| Axiom | Application logging and operational monitoring |
| Upstash Redis | Rate limiting (ephemeral IP address processing) |
| Kombo | ATS integration middleware for routing applications to external systems |
| Fortnox | Accounting and invoicing for employer subscriptions |
| Pipedrive | CRM for managing employer relationships |
8. Cookies & Analytics
We use two categories of cookies:
- Necessary cookies: required for login, security, and core website functionality. These cannot be disabled.
- Functional cookies (optional): enhance the experience by remembering your preferences, including saved jobs, followed companies, liked content, and hidden recommendations.
You can manage your cookie preferences at any time via the cookie settings panel. When functional cookies are declined or consent is withdrawn, these cookies are removed. All consent decisions are recorded with a timestamp.
Analytics: We use Plausible Analytics, a privacy-focused tool that does not use cookies, does not track cross-site behaviour, and does not build advertising profiles. In addition to pageviews, we track job views and apply-click events, which include a job identifier and company identifier. No personal data is sent to Plausible.
9. International Transfers
Some providers operate outside the EU/EEA. Transfers rely on EU Standard Contractual Clauses or adequacy decisions.
10. Data Retention
| Data | Retention |
|---|---|
| Unconfirmed accounts | 24 hours |
| Security logs | 7 days |
| Rate-limiting data | Ephemeral (seconds to minutes) |
| Candidate accounts | Until deletion or 24 months of inactivity |
| Job applications | 12 months after position closes, or upon account deletion |
| Employer accounts | While customer relationship is active |
| Cookie consent audit records | 12 months |
| Backups | Up to 7 days |
Users may request deletion at any time. Account deletion permanently removes profile data, CVs, and applications unless legal obligations require retention.
11. Your Rights
You have the right to:
- Access your data
- Correct inaccurate data
- Request deletion
- Restrict processing
- Object to legitimate interest processing
- Data portability
- Withdraw consent at any time (without affecting the lawfulness of prior processing)
- Complain to the Swedish Authority for Privacy Protection (IMY)
Contact: privacy@jobseurope.io
12. Security
We use appropriate safeguards including encrypted connections, access controls, and minimal data storage.
13. Children
The service is intended for individuals aged 16 or older. We do not knowingly collect personal data from anyone under 16. If we become aware that we have inadvertently collected data from a person under 16, we will delete it promptly.
14. Changes
We may update this policy when required by legal or technical changes. Material changes are communicated in the application.