Privacy Policy

1. Controller

Responsible within the meaning of the General Data Protection Regulation (GDPR) is: baito UG (haftungsbeschränkt) Silbersteinstraße 124 12051 Berlin

Germany E-Mail: max@getbaito.de

2. Scope of the Service

JobScouts.io is an account-based job scout service. Registered users can subscribe to career pages of individual companies and receive e-mail notifications about new job offers. The use of the service is only possible with a user account.

3. User Account and Registration

To use JobScouts.io, the creation of a user account is required. In doing so, we process in particular:

• Email address
• Login and account information
• Subscription data
• Time of relevant actions (e.g. registration, confirmation, unsubscription)

Legal basis:

Art. 6 (1) (b) GDPR (Performance of a contract)

4. Registration via Single-Sign-On (SSO)

As an alternative to classic registration, registration via third-party providers is possible.

4.1 Google SSO

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Transmitted data (depending on approval):

• Email address
• Name
• Unique user ID

Privacy policy: https://policies.google.com/privacy Data transfer to third countries based on Standard Contractual Clauses (Art. 46 GDPR).

4.2 LinkedIn SSO

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland Transmitted data:

• Email address
• Name
• Unique user ID

Privacy policy: https://www.linkedin.com/legal/privacy-policy Safeguards also through Standard Contractual Clauses.

4.3 Legal Basis

Art. 6 (1) (b) GDPR (Performance of a contract) The use of SSO is voluntary.

5. Job Subscriptions & Double-Opt-in

Job notifications are sent exclusively after Double-Opt-in:

• Selection of a subscription while logged in
• Sending of a confirmation email
• Activation only after clicking the confirmation link

For proof, we store:

• Email address
• Time of registration
• Time of confirmation
• IP address at the time of confirmation

Legal basis:

Art. 6 (1) (a) GDPR (Consent) Revocation possible at any time via the unsubscribe link.

6. Processed Personal Data

• Email address
• Account and subscription information
• Login data (incl. SSO)
• Technical metadata (IP address, timestamps)

7. Purposes of Data Processing

• Provision and operation of the service
• Sending job notifications
• Administration of user accounts
• Proof of consents
• IT security and fraud prevention
• Product improvement through pseudonymized analysis

8. Used Services & Data Processors

Hosting

Vercel Inc. Hosting of the web application. Data processing possibly outside the EU based on Standard Contractual Clauses.

Database

Neon (Neon.tech) PostgreSQL database for storage of user and subscription data.

Email Sending

Resend, Inc. Sending of confirmation and job notification emails. Data processing according to Art. 28 GDPR.

Caching & Performance

Redis Temporary caching of technical data. No permanent content processing.

Web Analysis (without Cookies)

Plausible Analytics Privacy-friendly reach measurement without cookies and without personal data. Legal basis: Art. 6 (1) (f) GDPR

Product Analysis & Session Recordings

PostHog PostHog is used for:

• Analysis of user behavior
• Improvement of user guidance
• Detection of technical problems

In doing so, so-called session recordings can also be created, which make user interactions (e.g. clicks, scrolling, page changes) comprehensible. Important safeguards:

• Content of form fields (e.g. email addresses) is masked or not recorded
• No targeted recording of sensitive content takes place
• Processing is pseudonymized
• IP addresses are not permanently stored

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the improvement and stability of the service)

9. Data Transfer

Personal data is not passed on to third parties, except:

• to the named data processors
• in case of legal obligation

In particular, no data is passed on to subscribed companies.

10. Storage Duration

• Subscription data: until unsubscription
• Account data: until account deletion
• Double-Opt-in proofs: according to statutory limitation periods
• Analysis and session data: limited in time and purpose-bound

11. Rights of Data Subjects

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Right to lodge a complaint with a data protection supervisory authority exists.

12. Data Security

We use appropriate technical and organizational measures to protect personal data.

13. Changes to this Privacy Policy

This privacy policy can be adapted if legal requirements or the service change.