Skip to content
Back to Home

Privacy Policy

Last updated: May 19, 2026

1. Data Controller

The data controller responsible for your personal data is:

Yoann Abriel (sole proprietor)
Operating as Job Swiper
Switzerland
Email: hello@jobswiper.ai

The competent supervisory authority is the Swiss Federal Data Protection and Information Commissioner (FDPIC). For EU residents, you may also contact your local data protection authority.

2. Introduction

Job Swiper ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our job search automation service, including our website (jobswiper.ai) and our Chrome browser extension ("Save to JobSwiper").

3. Information We Collect

3.1 Information You Provide

  • Account information (email address, password)
  • Profile data (name, phone number, location)
  • Professional information (work experience, education, skills, certifications)
  • Job search preferences (keywords, locations, job types)
  • CV content you create or import
  • Payment information: billing details processed by Stripe (we do not store credit card numbers directly)

3.2 Information from Third Parties

When you choose to import data from LinkedIn, we receive:

  • Profile information (name, headline, summary)
  • Work history (positions, companies, dates)
  • Education history (schools, degrees, dates)
  • Skills and endorsements
  • Certifications and languages

We access LinkedIn profile data using a third-party scraping service (Apify). When you provide a LinkedIn profile URL, we extract publicly visible information including work history, education, skills, and certifications. No LinkedIn login credentials are required or collected.

3.3 Automatically Collected Information

  • Device and browser information
  • IP address and approximate location
  • Usage data (features used, pages visited)

4. How We Use Your Information

We use your information to:

  • Provide and maintain our service
  • Generate personalized CVs for job applications
  • Match you with relevant job opportunities
  • Improve and personalize your experience
  • Communicate with you about your account
  • Ensure security and prevent fraud

5. Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Contractual necessity: Providing the service, generating CVs, cover letters, and interview preparation materials, matching you with jobs
  • Consent: Analytics cookies, marketing emails
  • Legitimate interest: Security monitoring, fraud prevention, service improvement

6. AI-Powered Features

We use AI services to generate personalized CVs, cover letters, and interview preparation materials based on your profile and job descriptions. Your profile data is sent to these AI services solely for content generation purposes. We do not use your data to train AI models. For each request we ask the AI gateway not to store or train on your data (data collection set to deny).

6.1 Match Scoring and Profiling

When you save or view a job, Job Swiper computes a job-match score (0 to 100) by comparing your profile against the job description. This is a form of automated profiling within the meaning of Article 4(4) GDPR.

The score is calculated by a heuristic, keyword-based algorithm that weights the following factors:

  • Skills: 35%
  • Experience: 30%
  • Contract type: 15%
  • Location: 8%
  • Industry: 8%
  • Company size: 4%

The score is advisory only. It helps you decide which jobs to pursue and is not an automated decision that produces legal or similarly significant effects for you (Article 22 GDPR). The score is stored against the jobs you save, so you can see it again later. You can disregard scoring at any time by not using the browser extension. To object to this profiling, or to request a human review of any score, contact us at hello@jobswiper.ai. Because the score is non-binding, you remain free to act on it however you wish.

6.2 Scientific Research

We may use pseudonymised match-score predictions for academic research (for example, the founder's master's thesis on AI-assisted job search) under Article 89 GDPR, which allows processing for scientific research purposes subject to appropriate safeguards. Research data is pseudonymised and minimised so that it cannot be linked back to you without separate information held securely. This research data is covered by your right to export and your right to deletion: deleting your account removes it.

6.3 Artificial Intelligence Act

The AI match scoring is decision-support for you, the job seeker, about your own fit for a job. You are the data subject scoring yourself; the result is private to your account and is not shared with employers, and there is no recruiter-facing feature or score-exposing interface. On that basis we consider that this system is not a high-risk AI system within the meaning of Annex III of the EU Artificial Intelligence Act (employment, worker management and access to self-employment). We will re-assess this classification if we ever introduce a recruiter-facing feature or any interface that exposes one person's scores to a third party.

6.4 AI Is Essential to the Service

AI processing is intrinsic to Job Swiper: generating CVs, cover letters and interview notes, and scoring job matches, all rely on AI. We process this data because it is necessary to perform our contract with you (Article 6(1)(b) GDPR). There is no separate opt-out for AI today, because declining AI would mean not using the core features of the service. You can choose not to invoke a given AI feature (for example, by editing a document manually rather than generating it).

7. Data Sharing

We do not sell your personal data. We may share data with:

  • Sub-processors:

We engage the following sub-processors to operate the service. Where a processor is based in or transfers data to the United States, transfers are covered by Standard Contractual Clauses (see Cross-Border Data Transfers below). Items marked "region to be confirmed" are pending confirmation by our legal and operations team.

  • Supabase (database, authentication and storage, Postgres with row-level security). Hosting region: to be confirmed.
  • Vercel (hosting, serverless and edge functions). Hosting region: to be confirmed.
  • OpenRouter (AI gateway, United States): routes your prompts to downstream model providers. We send a per-request instruction not to collect or train on your data (data collection set to deny). An account-level no-training setting and an Article 28 data processing agreement are to be confirmed.
  • Google (Gemini models, accessed through OpenRouter, United States): downstream AI model provider.
  • OpenAI (text embeddings, accessed through OpenRouter, United States): downstream AI provider used to compute semantic search vectors.
  • Stripe (billing and payments, Swiss entity, operates globally): we do not store card numbers directly.
  • Resend (transactional and lifecycle email). EU sending endpoint: to be confirmed.
  • Apify (LinkedIn profile import via scraping, when you provide a profile URL). Run residency: to be confirmed.
  • Tavily (company research search, United States).
  • Amazon Web Services (Textract and S3) (CV optical character recognition; temporary bucket in the eu-west-3 region). This service receives your uploaded CV, which may contain special-category data (Article 9 GDPR). Storage expiry rule: to be confirmed.
  • Amazon Web Services (Lambda) (job-search orchestration, eu-west-3 region, European Union).
  • Jina AI (job-description fetching via r.jina.ai): receives the job posting URL.
  • Mapbox (client-side location autocomplete, United States): your IP address and the location query are sent to Mapbox.
  • Sentry (error monitoring and consent-gated session replay, EU-routed).
  • Google Fonts CDN (United States): a few pages (such as the signature page) may load fonts directly from Google, sending your IP address to Google. Most fonts are self-hosted.
  • Job platforms: Only when you explicitly choose to apply for a job
  • Legal requirements: When required by law or to protect our rights

7.1 Third-Party Contact Data You Enter

When you use the outreach and networking features, you may enter limited contact data about other people (a recipient's name, role and company). You provide this data and decide how it is used, so for that data you act as the controller and Job Swiper acts as your processor. We process it on the basis of your legitimate interest in professional networking (Article 6(1)(f) GDPR). We do not use it for any purpose other than helping you reach out, and we delete it when you delete your account.

8. Data Security

We implement appropriate security measures to protect your data, including encryption in transit and at rest, secure authentication, and regular security audits. However, no method of transmission over the Internet is 100% secure.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. We will also notify the relevant supervisory authority as required by law.

9. Cross-Border Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area, including the United States. The following sub-processors are based in or transfer data to the United States: OpenRouter, Google (Gemini models), OpenAI (embeddings), Tavily, Mapbox and the Google Fonts CDN. Stripe is a Swiss entity that operates globally. These transfers rely on the European Commission's Standard Contractual Clauses (SCCs). A transfer impact assessment (TIA) for these transfers is to be completed. Where additional safeguards apply (for example, our per-request instruction to the AI gateway not to store or train on your data), we describe them in the relevant section above.

10. Data Retention

We keep your data only for as long as we need it for the purpose it was collected, and we apply the following retention periods by category:

  • Account and profile data: kept for as long as your account is active.
  • AI usage logs: 12 months.
  • Email and contact-form logs: 12 months.
  • Billing records: 7 years, to meet our legal and accounting obligations.
  • Browser-extension and job-search telemetry: 90 days.
  • Uploaded-CV import diagnostics: 14 days. When you import a CV file, we keep a short-lived copy of the file and of the text we extracted from it so we can diagnose and improve the accuracy of the import (legitimate interest, Article 6(1)(f) GDPR). It is deleted automatically after 14 days.
  • Inactive accounts: if you do not use your account for 24 months, we send you a warning email and delete the account 60 days later unless you reactivate it.
  • Third-party contact data you enter (outreach recipients): kept while your account is active and deleted when you delete your account.

You can request deletion of your account and associated data at any time. When you do, we delete your data and the deletion cascades to the sub-processors that hold it.

11. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data
  • Withdraw consent for data processing
  • Object to certain processing activities
  • Restrict processing of your data in certain circumstances

You can object to the automated profiling described in the AI-Powered Features section, including the job-match score. Email us at hello@jobswiper.ai and we will review your request. The score is advisory and non-binding, so objecting does not affect your ability to use the rest of the service.

For EU/EEA residents: You have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

12. Cookies

We use essential cookies for authentication and session management. We also use analytics cookies (Vercel Analytics and Speed Insights) to measure site performance and usage patterns. These are only activated after you consent via our cookie banner. We do not use advertising or third-party tracking cookies. For more details, see our Cookie Policy.

13. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect data from children.

14. Chrome Extension

The Job Swiper Chrome extension ("Save to JobSwiper") allows you to save job postings from supported job boards directly to your Job Swiper account. This section describes how data is handled by the extension.

14.1 Data Collected by the Extension

  • Job posting data: When you click "Save to JobSwiper", the extension reads the job title, company name, location, description, and other publicly visible information from the current page. This data is sent to our servers to create the job listing in your account.
  • Authentication token: Your login session token is stored locally in your browser (via chrome.storage.local) so the extension can communicate with your Job Swiper account. This token is never shared with third parties.
  • Match score: When viewing a job, the extension may send the job details to our API to calculate a match score against your profile. This uses the same data processing as our web application.

14.2 Data NOT Collected

  • The extension does not track your browsing history or activity.
  • The extension does not collect data from pages where you do not interact with it.
  • The extension does not run in the background or send data when you are not actively using it.
  • The extension does not sell, share, or transfer your data to third parties for advertising or any unrelated purpose.

14.3 Permissions

  • activeTab: To read job posting content from the current page when you click Save.
  • storage: To store your authentication token locally in your browser.
  • tabs: To detect if Job Swiper is open for automatic login.
  • notifications: To send optional job application reminders.

14.4 Data Transmission

All data transmitted between the extension and our servers is sent over HTTPS (encrypted). Job data is only sent when you explicitly click "Save to JobSwiper" or when a match score is calculated. No data is transmitted passively.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

16. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

Email: privacy@jobswiper.ai

EU Representative (Article 27 GDPR)

[Placeholder] We are assessing whether we are required to appoint a representative in the European Union under Article 27 GDPR. No representative has been appointed yet. If one is appointed, their name and contact details will be published here.

© 2026 Job Swiper. All rights reserved.