JobOps — AI-Powered Career Platform

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

Crafting Codes, SAS

Phone: +33 9 54 66 84 33

Platform: https://jobops.crafting-codes.com

We have not yet appointed a formal Data Protection Officer (DPO), as we are a small company below the mandatory threshold. All data protection enquiries go to contact@crafting-codes.com.

2. Data We Collect and Why

Account Data

WhatFull name, email address, Clerk user ID, account creation date, plan tier.

WhyTo create and manage your account, authenticate you, and provide the service.

CV Data

WhatUploaded CV files (PDF/DOCX), AI-extracted structured data (work history, education, skills, languages, personal summary), AI-optimised CV versions.

WhyTo provide our core CV parsing, scoring, and optimisation services.

Job Application Data

WhatCompany names, job titles, application statuses, interview notes, salary information, locations, and deadlines you enter into your job tracker.

WhyTo power the Job Radar and application tracking features.

Usage Data

WhatNumber of CV optimisations performed per month, plan type, feature usage timestamps, AI match scores.

WhyTo enforce fair-use quotas, display your usage dashboard, and improve the service.

Contact Form Submissions

WhatName, email, subject, and message content submitted via the Contact page.

WhyTo respond to your enquiry and provide support.

Technical Data

WhatAuthentication session tokens (managed by Clerk), browser type where technically necessary.

WhyTo maintain secure authenticated sessions. We do not use analytics trackers or advertising pixels.

3. Legal Basis for Processing (Article 6 GDPR)

Art. 6(1)(b)

Contract Performance

Processing your account data, CV data, and job application data is necessary to provide the JobOps service.

Art. 6(1)(f)

Legitimate Interests

Usage statistics and service improvement data. We have assessed this does not override your fundamental rights.

Art. 6(1)(c)

Legal Obligation

Where required, we may retain certain data to comply with applicable legal or regulatory obligations.

Art. 6(1)(a)

Consent

For any future marketing communications. You may withdraw consent at any time without affecting prior processing.

4. How Long We Keep Your Data

Account dataDuration of account + 30 days after deletion

CV files (S3)Deleted immediately on CV or account deletion

AI-extracted & optimised CV dataDeleted with the associated CV record

Job application dataDeleted when you delete the record or account

Usage logs12 months, then automatically purged

Contact form messagesUp to 24 months for support continuity

5. Who We Share Your Data With

We do not sell your personal data. We share data only with carefully selected sub-processors, each bound by GDPR-compliant data processing agreements.

Processor	Purpose	Location	Transfer Mechanism
Clerk	Authentication & identity management	USA	SCCs
Neon	Database hosting (PostgreSQL)	Germany (EU)	No transfer outside EEA
Amazon Web Services S3	CV file storage	Germany EU (eu-central-1)	No transfer outside EEA
Affinda	AI-powered CV parsing	Australia	SCCs
Anthropic	CV optimisation AI (Claude)	USA	SCCs
Google (Gemini)	AI fallback service	USA	SCCs
SendGrid (Twilio)	Transactional email	USA	SCCs
Adzuna	Job listings data	UK	UK Adequacy Decision

6. Your Rights Under GDPR (Articles 15–22)

Art. 15Right of Access

Request a copy of all personal data we hold about you.

Art. 16Right to Rectification

Ask us to correct inaccurate or incomplete personal data.

Art. 17Right to Erasure

Request deletion of all your personal data including CVs, applications, and account information.

Art. 18Right to Restriction

Request that we restrict processing of your data in certain circumstances.

Art. 20Right to Portability

Request a machine-readable JSON export of your data.

Art. 21Right to Object

Object to processing based on legitimate interests. We will cease unless we can show compelling grounds.

7. How to Exercise Your Rights

Export your data (Art. 20)

Dashboard → Settings → Data & Privacy → "Export My Data"

Delete your account (Art. 17)

Dashboard → Settings → Data & Privacy → "Delete Account"

For all other requests (rectification, restriction, objection): email contact@crafting-codes.com. We respond within 30 calendar days as required by GDPR Art. 12(3).

You also have the right to lodge a complaint with CNIL (France) at www.cnil.fr or your national supervisory authority.

8. Cookies

JobOps uses only essential and functional cookies necessary for the platform to operate:

Clerk authentication session cookies

Set by our identity provider to maintain your authenticated session. Strictly necessary — cannot be disabled without breaking the service.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookie consent banner is required as we only set strictly necessary cookies.

9. Security

Encryption in transit

HTTPS enforced across all endpoints.

Encryption at rest

AWS S3 server-side encryption for all CV files.

Rate limiting

All API endpoints protected against abuse.

Input validation

All inputs validated and sanitised before processing.

Security headers

HTTP security headers including CSP, HSTS, and more.

Access control

Role-based access — only you can access your data.

10. Questions & Contact

For any privacy-related questions or to exercise your rights:

contact@crafting-codes.com

We respond within 30 days as required by GDPR.

Privacy Policy