Jobico

Privacy Policy

Last updated: May 9, 2026

This is a working draft. The final version will be reviewed by counsel before public launch.

This Privacy Policy explains what personal data Jobico collects, why we collect it, and how we protect it. We are committed to handling your data responsibly and in accordance with Ukrainian law.

Data We Collect

Account Data

  • Name and email address provided at registration.
  • OAuth identity from Google, GitHub, or LinkedIn if you sign in via those providers.
  • Hashed password (we never store plain-text passwords).

Profile and Activity Data

  • Candidate: work experience, skills, location preferences, salary expectations, CV uploads.
  • Employer: company name, description, logo, vacancies, screening questions, private candidate notes.
  • Applications submitted and their statuses.
  • Saved jobs and saved candidate profiles.
  • In-app messages between candidates and employers.

Technical Data

  • IP address and browser/device information collected automatically.
  • Session tokens and cookies necessary for platform operation.
  • Usage logs (pages visited, features used) for security and improvement.

How We Use Your Data and Who We Share It With

We use your data to operate the platform, match candidates with relevant vacancies, process payments, send transactional emails (notifications, confirmations), and improve our services. We do not sell your data.

We share data only with service providers who process it on our behalf under data processing agreements:

  • Resend - transactional email delivery.
  • MongoDB Atlas - database hosting.
  • Vercel - application hosting and infrastructure.
  • Google, GitHub, LinkedIn - OAuth authentication (only when you choose this login method).
  • Anthropic, OpenAI - AI-powered match scoring and recommendations (anonymized or pseudonymized inputs where feasible).

We may disclose data if required by Ukrainian law or a valid court order. We will notify affected users where legally permitted.

Data Retention

We retain your personal data for as long as your account is active. After account deletion we remove your personal data within 30 days, subject to the exceptions below.

  • Financial records related to hire fees are retained for 7 years as required by Ukrainian tax law.
  • In-app messages are anonymized within 6 months after both parties have deleted their accounts.
  • Aggregated, non-identifiable analytics data may be retained indefinitely.

If you delete your account and later re-register, prior retained records are not re-linked to your new account.

Your Rights

Under Ukrainian personal data protection law you have the following rights regarding your personal data:

  • Access - request a copy of the data we hold about you.
  • Correction - ask us to correct inaccurate or incomplete data.
  • Deletion - request erasure of your data, subject to retention obligations.
  • Portability - receive your data in a machine-readable format.
  • Objection - object to processing based on legitimate interests.

To exercise any of these rights, email privacy@jobico.app. We will respond within 30 days. If you believe your rights have been violated you may lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights (Ombudsman).

Security and Contact

We take reasonable technical and organizational measures to protect your data, including:

  • HTTPS encryption for all data in transit.
  • bcrypt hashing for passwords.
  • Automatic account lockout after repeated failed login attempts.
  • Access controls limiting staff access to personal data.

No system is completely secure. If you discover a security vulnerability, please report it responsibly to security@jobico.app. For general privacy questions contact privacy@jobico.app.