GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data privacy law that applies to organizations processing personal data of individuals in the European Economic Area (EEA). JobFix.ai is committed to full GDPR compliance. This page explains your rights under GDPR and how we process your data in accordance with its principles. If you are located in the EEA or UK, this page applies directly to you.

JobFix.ai acts as the Data Controller for the personal data of our users. This means we determine the purposes and means of processing your personal data. As a Data Controller, we are responsible for ensuring your data is processed lawfully, fairly, and transparently.

Data Controller: JobFix.ai | Contact: jobfix.ai@gmail.com

We process your personal data under the following legal bases as defined by GDPR Article 6:

• Consent (Article 6(1)(a)): Where you have given clear consent, such as subscribing to our newsletter or accepting optional analytics cookies
• Contract (Article 6(1)(b)): Processing necessary to provide the services you have signed up for — e.g., generating your resume or checking ATS scores
• Legal Obligation (Article 6(1)(c)): Where we are required to process data to comply with law, such as fraud prevention or tax records
• Legitimate Interests (Article 6(1)(f)): For essential security, fraud prevention, and service improvement where our interests don't override your rights

As a data subject in the EEA or UK, you have the following rights:

• Right of Access (Article 15): Request a copy of the personal data we hold about you
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your data — the "right to be forgotten"
• Right to Restriction (Article 18): Request that we restrict processing of your data in certain circumstances
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making (Article 22): Not to be subject to solely automated decisions that significantly affect you

To exercise any of these rights, email jobfix.ai@gmail.com. We will respond within 30 days as required by GDPR.

All personal data we process adheres to these GDPR principles (Article 5):

• Lawfulness, Fairness & Transparency: We process data only with a valid legal basis and are open about how we use it
• Purpose Limitation: Data collected for one purpose is not used for a different, incompatible purpose
• Data Minimization: We only collect data that is necessary for the stated purpose
• Accuracy: We take steps to ensure personal data is accurate and up to date
• Storage Limitation: We retain data only as long as necessary for its original purpose
• Integrity & Confidentiality: We implement appropriate security to protect data against unauthorized access

We retain personal data for the following periods:

• Account data (name, email): Retained while your account is active + 30 days after deletion
• Resume and career data: Retained while active; deleted within 30 days of account deletion request
• Analytics data: Aggregated, anonymized data retained for up to 26 months (Google Analytics default)
• Support communications: Retained for up to 2 years for quality and legal purposes
• Legal/compliance records: Retained for up to 7 years as required by applicable law

JobFix.ai is a US-based service. When data is transferred outside the EEA, we ensure appropriate safeguards are in place. Our key processors (Neon database, Vercel hosting, Google Analytics) participate in the EU-US Data Privacy Framework or provide Standard Contractual Clauses (SCCs) to ensure adequate protection of your data.

For GDPR-related inquiries, to exercise your rights, or to raise a concern about our data processing practices, please contact us directly. We aim to respond within 30 calendar days.

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). For EU residents, contact your national supervisory authority as listed on the European Data Protection Board website (edpb.europa.eu).

For any GDPR-related queries or to exercise your rights, please reach us at: