Privacy Policy — GoGet-a-Job (GGJ)

Last updated: 2026-01-21

This Privacy Policy explains how GoGet-a-Job ("GGJ", "we", "us") processes personal data when you use our service.

1) Controller (who is responsible)

Data Controller: Valle Vaalanti
Contact email: [email protected]

GGJ is currently in an early development phase. The data controller is the individual developer named above.

2) Personal data we process

We process personal data you provide, data created when you use the service, and data required to handle subscriptions.

A) Account and authentication

  • Email address
  • Password hash (we do not store your password in plaintext)
  • Authentication/session identifiers needed to keep you signed in (e.g., refresh-token related identifiers)

B) Profile information (optional)

If you choose to fill these in:

  • First name, last name
  • Phone number
  • Location
  • Headline and summary
  • Profile picture (file) and its URL/reference
  • Social links (LinkedIn, GitHub, personal website)

C) Job search and CV content (user-generated content)

  • Job applications: company, position, link, notes, dates
  • CV documents and content (including summaries and structured CV state)
  • Experience/library items (e.g., work, education, skills, projects) and inclusion selections

Important: CVs and application notes can contain sensitive information depending on what you write. Please avoid adding unnecessary sensitive data.

D) Feedback

  • Feedback message (free text)
  • Page path where feedback was submitted (if provided)
  • User agent (technical browser/device identifier) (if provided)

E) In-app usage analytics (internal)

When you are logged in, GGJ may record limited usage analytics to understand and improve the service:

  • Session start time, last-seen time, and (when available) session end time
  • Page paths viewed inside the app (pageviews)
  • User agent (technical browser/device identifier)

If we introduce consent-based analytics controls, we will reflect that clearly in the app and update this policy accordingly.

F) Subscriptions and billing

Payments and subscription management are handled by Stripe. In our own database we store:

  • Stripe customer ID and subscription ID
  • Subscription status (e.g., active/canceled), current period end date, and cancellation settings

We do not store payment card details. Those are processed by Stripe.

G) AI features (when you use them)

If you use AI features (e.g., chat or CV suggestions/optimization), GGJ sends request content to our AI provider (OpenAI). Depending on the feature, this may include:

  • CV content and job posting text
  • Profile fields and experience/library content
  • Recent application notes you have saved

This is necessary to generate the AI output you requested.

3) Why we process data (purposes) and legal bases

We process personal data for the following purposes:

Providing and operating the service

  • Creating and maintaining your account
  • Enabling core features (CVs, applications, profile, library) Legal basis: Contract (GDPR Art. 6(1)(b))

Improving reliability, security, and performance

  • Preventing abuse and diagnosing errors
  • Improving UX and feature quality
  • Internal analytics for logged-in usage (when enabled) Legal basis: Legitimate interests (GDPR Art. 6(1)(f)), and/or Consent where required by applicable ePrivacy rules

Support and communication

  • Handling feedback and responding to questions (if you contact us) Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) and/or Contract (GDPR Art. 6(1)(b))

Subscription and billing administration

  • Enabling subscription access, managing renewals/cancellations, and billing-related support Legal basis: Contract (GDPR Art. 6(1)(b))
    Additionally: Legal obligation may apply for accounting/tax records where relevant (GDPR Art. 6(1)(c))

Delivering AI functionality you request

  • Producing AI-generated suggestions/responses based on your inputs Legal basis: Contract (GDPR Art. 6(1)(b))

4) Who we share data with (processors)

We use trusted service providers (“processors”) to deliver the service:

Stripe (payments and subscriptions)

Stripe processes payment and subscription information to complete purchases and manage billing. GGJ stores only the identifiers and subscription state needed to provide access.

OpenAI (AI features)

When you use AI features, request content is sent to OpenAI to generate the output.

Infrastructure providers

GGJ is hosted using third-party infrastructure providers (hosting, database, and related operational services). We only use providers necessary to run the service and apply appropriate security measures.

We do not sell your personal data.

5) International data transfers

Some service providers may process data outside the EU/EEA. Where applicable, we rely on appropriate safeguards (such as Standard Contractual Clauses) and other legal mechanisms required for such transfers.

6) How long we keep data (retention)

We keep personal data only as long as necessary for the purposes described above:

  • Account, profile, CVs, applications, library content: kept until you delete your account or request deletion (subject to legal requirements).
  • Feedback: kept as long as needed to handle support and improve the service, or until account deletion.
  • Usage analytics: kept for service improvement purposes; retention periods may be refined as the product matures.
  • Subscription records: kept as needed to manage your subscription and meet applicable legal obligations.

7) Security

We apply reasonable technical and organizational safeguards, including:

  • Passwords stored as hashes (not plaintext)
  • Secure handling of authentication tokens/identifiers
  • Encryption-at-rest for stored OpenAI API keys
  • Access controls to limit access to production data

No method of transmission or storage is 100% secure, but we work to protect your data appropriately.

8) Your rights

Depending on your location (including the EU/EEA), you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (“right to be forgotten”) in certain cases
  • Restrict processing in certain cases
  • Object to processing based on legitimate interests
  • Receive your data in a portable format (data portability) where applicable
  • Withdraw consent where processing is based on consent

You can manage many details in your account settings.
To exercise rights or ask questions, contact: [email protected]

If you are in the EU/EEA, you also have the right to lodge a complaint with your local supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.

9) Cookies and similar technologies

GGJ may use browser local storage (e.g., localStorage) for essential functionality such as keeping you signed in and maintaining your in-app session state.

If we use non-essential tracking, we will request consent where required and provide a way to manage your preferences.

10) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date and may provide additional notice for significant changes.

11) Contact

Data Controller: Valle Vaalanti
Email: [email protected]