Privacy Policy

Last updated: March 2026

This Privacy Policy explains how YourJobRemote ("we", "us", or "the Service"), based in Thessaloniki, Greece, collects, uses, stores, and protects your personal data when you use our website yourjobremote.com and our services. This policy complies with the General Data Protection Regulation (EU Regulation 2016/679, "GDPR") and Greek data protection law (Law 4624/2019).

1. Data Controller

The controller of your personal data is Dimitris Chatzigeorgiou, owner of the sole proprietorship YourJobRemote, based in Thessaloniki, Greece. For any matter related to your data, you can reach us at legal@yourjobremote.com.

2. Data We Collect

We collect the following categories of personal data.

2.1 Registration & Identification Data

  • Full name, email address, profile photo (via Google or LinkedIn sign-in through Clerk)
  • Language preference (Greek or English)

2.2 CV Data (AI CV Builder)

  • Work experience, education, skills, and other information you enter into the CV builder tool
  • AI-generated CV content
  • CV PDF files that you create

2.3 Payment Data

  • Purchase history and transaction details (via Stripe). We do not store card numbers. These are handled exclusively by Stripe, which is PCI DSS Level 1 certified.
  • Invoicing details (via Stripe) for tax compliance.

2.4 Booking Data

  • Date, time, and contact details for AI Working Sessions or Career Advisory bookings (via Calendly).

2.5 Technical Data

  • IP address, browser type, operating system, pages visited, time spent on the site
  • Application error and performance data
  • Cookies and similar technologies (see our Cookie Policy)

3. Purposes of Processing & Legal Basis

We process your data for the following purposes.

  • To perform our contract with you: delivering the AI CV Builder, AI Working Sessions, and Career Advisory; managing your account; processing payments; sending receipts and booking confirmations.
  • To meet a legal obligation: issuing invoices and receipts, submitting data to AADE via myDATA, and keeping tax records as required by Greek law.
  • For our legitimate interests: improving the service, debugging, preventing abuse, and keeping the system secure.
  • With your consent: analytics and third-party cookies where required. You can withdraw your consent at any time.

4. Third Parties & Data Processors

We share data only with trusted service providers that are essential to operating our platform.

  • Clerk (clerk.com): identity provider (Google/LinkedIn sign-in). Headquartered in the USA, with Standard Contractual Clauses (SCCs) in place.
  • Stripe (stripe.com): payment processing, PCI DSS Level 1 certified. Headquartered in the USA and Ireland.
  • Calendly (calendly.com): booking platform for AI Working Sessions and Career Advisory. Headquartered in the USA, with SCCs in place.
  • Hetzner Online GmbH (Germany, EU): website hosting. Handles technical data such as IP addresses and request headers.
  • Umami (self-hosted on our Hetzner server, Germany, EU): cookieless website analytics. Stores no personal identifiers; unique visitors counted via a daily-rotating IP+browser hash.
  • Anthropic (USA, with SCCs): AI provider for CV content generation via API. Anthropic does not train its models on your data.
  • PostgreSQL database provider (EU, with SCCs where applicable): storage of account, purchase, and CV data.
  • Error monitoring provider (EU): collects technical performance and error data (IP, browser, stack traces).
  • Transactional email provider (EU): delivers receipts, booking confirmations, and service notifications.

We do not sell, rent, or share your personal data with third parties for advertising. A full list of subprocessors, including commercial names, is available on request at legal@yourjobremote.com.

5. Data Transfers Outside the EU

Some providers are based outside the European Economic Area (EEA). For those transfers we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • the EU-US Data Privacy Framework, where applicable
  • supplementary technical measures such as encryption and pseudonymisation

6. Data Retention Period

  • Account data: kept for as long as your account is active. After deletion, data is removed within 30 days.
  • CV data: stored while your account is active. You can delete it at any time.
  • Payment data and invoices: retained for 10 years, as required by Greek tax law (Tax Procedure Code, Law 4987/2022).
  • Technical logs: retained for a maximum of 90 days.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access: request a copy of the data we hold about you.
  • Right to rectification: ask us to correct inaccurate data.
  • Right to erasure: ask us to delete your data (the "right to be forgotten"), unless we are required by law to keep it (for example, tax records).
  • Right to restriction: ask us to pause processing in certain cases.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing we rely on legitimate interest for.
  • Right to withdraw consent: withdraw any consent you have given, at any time, without affecting past processing.

To exercise any of these rights, email us at legal@yourjobremote.com. We will respond within 30 days.

8. Cookies

We use cookies to operate the website. For details, see our Cookie Policy.

9. Data Security

We apply appropriate technical and organisational measures to protect your data, including:

  • encryption of data in transit (TLS/HTTPS)
  • encryption of data at rest
  • authentication through a secure identity provider (Clerk)
  • regular security audits and updates
  • minimum access rights (principle of least privilege)

10. Minors' Data

Our services are intended for adults (18 or over). We do not knowingly collect data from minors. If we learn that we have collected a minor's data, we will delete it without delay.

11. Automated Decision-Making & Profiling

The AI CV Builder uses AI to generate CV content based on the information you provide. This is not automated decision-making that produces legal or similarly significant effects for you under Article 22 of the GDPR. The generated content is a suggestion. You can edit it before downloading, and we expect you to.

12. Changes to the Privacy Policy

We may update this policy from time to time. For material changes, we will notify you by email or with a notice on the website. The date of the most recent update is shown at the top of this page.

13. Complaint to the Data Protection Authority

If you believe our processing of your data breaches the GDPR, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA):

  • Website: www.dpa.gr
  • Tel: +30 210 6475600
  • Email: contact@dpa.gr
  • Address: Kifisias 1-3, 115 23 Athens, Greece

14. Contact

For questions regarding this policy or your data:

  • Email: legal@yourjobremote.com
  • Business: YourJobRemote
  • Responsible person: Dimitris Chatzigeorgiou
  • Location: Thessaloniki, Greece