JobTrackr.win

Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

Tim Vogel
Trooststraße 8
45468 Mülheim an der Ruhr
Email: impressum@jobtrackr.win

2. Server access, security and sessions

When using the portal, technically required access data is processed, including IP address, timestamp, requested URL, HTTP method, status code, browser/device information and technical error or performance data. The portal uses security headers, rate limits, session checks and CSRF protection.

For signed-in users, a server-side session cookie is set (jobtrackr.sid, httpOnly, SameSite=Lax). The session is stored in PostgreSQL and may include user ID, creation time, last activity, hashed user agent, CSRF token and login/notification state. A readable csrfToken cookie is also set for form and API protection. These cookies are strictly necessary.

3. Login and user account

Sign-in uses Google OAuth and/or LinkedIn OAuth where configured. Authentication data is processed, including provider ID, name, email address and possibly profile image. LinkedIn profile data may also be requested from the LinkedIn userinfo endpoint. This data is used to create or link an account and enable future logins.

4. Portal, profile and application data

The portal processes data you enter or data required for application workflows: profile and contact data, LinkedIn URL, search preferences, target roles, priority and blocked companies, languages, skills, tools, education and work experience, hobbies, profile images, CV and cover-letter templates, application status, interview data, favorites, notes, generated documents, job URLs, job texts, company information and support messages.

Profile images are stored as files in the upload area. CV files uploaded during onboarding are processed in memory, sent to the AI service for extraction and then stored as structured profile data if you use or confirm the function.

5. AI features and OpenAI

When you use AI features, the necessary content is sent to the OpenAI API. This may include profile information, CV contents, cover letters, job texts, company context, target language, prompts and existing document text. Processing supports CV data extraction, fit checks, CV and cover-letter optimization and document/template assistance. Personal OpenAI API keys may be stored encrypted; alternatively a server-configured API key may be used.

6. Support, notifications and email

Support messages are stored with user ID, sender role, message text, read timestamps and creation time. If email notifications or company requests are used, the required data may be sent through a configured SMTP service.

7. Job import, application runners and PDF rendering

For job imports, analysis, direct application workflows or PDF rendering, job URLs, job and company data, application data, document HTML/PDF content and technical status data may be sent to configured internal or external runner or PDF rendering services. These services are only used where enabled in the server configuration.

8. Cookies, consent and optional services

Strictly necessary cookies and session data are required for login, security and operation. Your cookie selection is stored in browser storage and remains valid for this browser until you clear browser data. Optional services are loaded only after selection in the cookie dialog: Google Fonts for external fonts and Google Analytics for usage analytics with IP anonymization. OAuth providers are contacted only when you start the relevant login. Cloudflare Turnstile may be used on waitlist or protection forms where anti-abuse protection is configured.

9. Purposes and legal bases

Processing is carried out to provide the portal, authenticate users, manage application workflows, create and optimize documents, provide support, maintain security and prevent abuse under Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR. Optional analytics and font services are loaded based on your consent under Art. 6(1)(a) GDPR. Legal retention or documentation obligations may be based on Art. 6(1)(c) GDPR.

10. Recipients and third-party providers

Depending on use and configuration, data may be transferred to the following recipients: Google and LinkedIn for OAuth, OpenAI for AI features, Google for Analytics and Fonts after consent, Cloudflare Turnstile for bot protection, SMTP/email providers for notifications, hosting/database providers for operation and storage, and PDF rendering or application runner services for document and application workflows. International transfers may occur depending on the provider.

11. Retention period

Personal data is retained only as long as required for service provision, selected features, security, traceability or legal obligations. Sessions expire after inactivity or an absolute lifetime. Support, profile, application and document data is deleted or restricted when no longer needed or when you validly request deletion, unless conflicting obligations apply.

12. Your rights

Depending on applicable law, you may have rights of access, rectification, erasure, restriction, portability and objection regarding your personal data. You may withdraw consent with future effect.

13. Complaint right

You have the right to lodge a complaint with a data protection supervisory authority.

Privacy Policy Terms of Service Imprint Back to login
Privacy Policy | Terms of Service | Imprint | Post a job as a company | Back to login