Privacy Policy

Last updated: March 2026

This Privacy Policy describes how the business YourJobRemote (hereinafter "we", "us", or "the Service"), based in Thessaloniki, Greece, collects, uses, stores, and protects your personal data when you use our website yourjobremote.com and our services. This policy complies with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and Greek data protection legislation (Law 4624/2019).

1. Data Controller

The controller of your personal data is Dimitris Chatzigeorgiou, owner of the sole proprietorship YourJobRemote, based in Thessaloniki, Greece. For any matter related to your data, you may contact us at legal@yourjobremote.com.

2. Data We Collect

We collect the following categories of personal data:

2.1 Registration & Identification Data

  • Full name, email address, profile photo (via Google or LinkedIn sign-in through Clerk)
  • Language preference (Greek or English)

2.2 CV Data (AI CV Builder)

  • Work experience, education, skills, and other information you enter into the CV builder tool
  • AI-generated CV content
  • CV PDF files that you create

2.3 Payment Data

  • Purchase history and transaction details (via Stripe). We do not store credit card numbers — these are managed exclusively by Stripe, which is PCI DSS Level 1 certified.
  • Invoicing details (via Stripe, for tax compliance)

2.4 Booking Data

  • Date, time, and contact details for coaching or career advisory session bookings (via Calendly)

2.5 Technical Data

  • IP address, browser type, operating system, pages visited, time spent
  • Application error and performance data (via Sentry)
  • Cookies and similar technologies (see Cookie Policy)

3. Purposes of Processing & Legal Basis

We process your data for the following purposes:

  • Performance of a contract (Article 6(1)(b) GDPR): Provision of our services (AI CV Builder, coaching, career advisory), account management, payment processing, sending receipts and booking confirmations.
  • Legal obligation (Article 6(1)(c) GDPR): Issuing invoices and receipts, submitting data to AADE via myDATA, maintaining tax records in accordance with Greek legislation.
  • Legitimate interest (Article 6(1)(f) GDPR): Service improvement, debugging, abuse prevention, system security.
  • Consent (Article 6(1)(a) GDPR): Analytics and third-party cookies (where required). You may withdraw your consent at any time.

4. Third Parties & Data Processors

We share data only with trusted service providers that are essential for the operation of our platform:

  • Clerk (clerk.com) — User authentication (sign-in via Google/LinkedIn). Stores identification data. Headquarters: USA, with Standard Contractual Clauses (SCCs) for data transfers outside the EU.
  • Stripe (stripe.com) — Payment processing. Manages card details with PCI DSS Level 1 certification. Headquarters: USA/Ireland, GDPR compliant.
  • Anthropic (anthropic.com) — AI provider (Claude API) for CV generation. The work experience data you enter is sent to the Claude API for processing. Anthropic does not use your data for model training via the API. Headquarters: USA, with SCCs.
  • Calendly (calendly.com) — Booking of coaching and career advisory sessions. Stores date, time, email. Headquarters: USA, with SCCs.
  • Sentry (sentry.io) — Application error monitoring. Collects technical data (IP, browser, stack traces). Headquarters: USA, with SCCs.
  • Neon (neon.tech) — PostgreSQL database. Stores account, purchase, and CV data. Headquarters: USA/EU, with SCCs.
  • Cloudflare (cloudflare.com) — Website hosting & CDN. Processes technical data (IP, headers). Headquarters: USA, with SCCs.
  • ZeptoMail (zeptomail.zoho.eu) — Transactional email delivery. Processes email addresses for sending receipts, booking confirmations, and notifications. Headquarters: EU (Zoho).

We do not sell, rent, or share your personal data with third parties for advertising purposes.

5. Data Transfers Outside the EU

Some of our providers are based in the USA. For data transfers outside the European Economic Area (EEA), we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-US Data Privacy Framework (where applicable)
  • Supplementary technical measures (encryption, pseudonymisation)

6. Data Retention Period

  • Account data: For as long as you maintain an active account. After deletion, data is removed within 30 days.
  • CV data: Stored for as long as you maintain an account. You may delete it at any time.
  • Payment data & invoices: Retained for 10 years in accordance with Greek tax legislation (Tax Procedure Code, Law 4987/2022).
  • Technical logs: Retained for a maximum of 90 days.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access: To request a copy of your data.
  • Right to rectification: To request correction of inaccurate data.
  • Right to erasure: To request deletion of your data ("right to be forgotten"), unless retention is required by law (e.g., tax records).
  • Right to restriction: To request restriction of processing.
  • Right to portability: To receive your data in a structured, machine-readable format.
  • Right to object: To object to processing based on legitimate interest.
  • Right to withdraw consent: To withdraw your consent at any time, without retroactive effect.

To exercise any of the above rights, contact us at legal@yourjobremote.com. We will respond within 30 days.

8. Cookies

We use cookies for the operation of our website. For detailed information, please refer to our Cookie Policy.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Data encryption in transit (TLS/HTTPS)
  • Data encryption at rest
  • Authentication through secure providers (Clerk)
  • Regular security audits and updates
  • Minimum access rights (principle of least privilege)

10. Minors' Data

Our services are intended exclusively for adults (over 18 years of age). We do not knowingly collect data from minors. If we become aware that we have collected a minor's data, we will delete it immediately.

11. Automated Decision-Making & Profiling

The AI CV Builder uses artificial intelligence to generate CV content based on the information you provide. This does not constitute automated decision-making with legal or similarly significant effects within the meaning of Article 22 of the GDPR. The generated content is a suggestion that you are free to edit before downloading.

12. Changes to the Privacy Policy

We reserve the right to update this policy. In the event of material changes, we will notify you by email or via a notice on the website. The date of the last update is indicated at the top of the text.

13. Complaint to the Data Protection Authority

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA):

  • Website: www.dpa.gr
  • Tel: +30 210 6475600
  • Email: contact@dpa.gr
  • Address: Kifisias 1-3, 115 23 Athens, Greece

14. Contact

For questions regarding this policy or your data:

  • Email: legal@yourjobremote.com
  • Business: YourJobRemote
  • Responsible person: Dimitris Chatzigeorgiou
  • Location: Thessaloniki, Greece