Privacy Policy

We collect the following categories of personal data:

• Account data: Your name, email address, and password (or Google OAuth identity) when you register.
• Profile data: Work history, qualifications, professional registrations, skills, and professional summary that you enter to build your candidate profile.
• Application data: Job descriptions, person specifications, and other vacancy information you paste into the Service.
• Generated documents: Supporting statements, CVs, and behaviour examples created by the AI using your data.
• Billing data: Subscription plan and payment history. Card details are held by Stripe — we do not store card numbers.
• Usage data: Pages visited, features used, and browser/device information collected via analytics tools (with your consent).

• Contract performance: Account data, profile data, application data, and generated documents are processed to provide the Service you signed up for.
• Legitimate interests: Fraud prevention, security monitoring, and product improvement.
• Legal obligation: Financial records and tax compliance.
• Consent: Analytics cookies (PostHog). You may withdraw consent at any time via the cookie settings.

• To generate tailored application documents using AI
• To run gap analysis between your profile and job specifications
• To manage your subscription and process payments
• To send transactional emails (account verification, payment receipts, subscription notices)
• To improve the Service through aggregated, anonymised analytics

We do not use your personal profile or application data to train AI models, and we do not sell your data to third parties.

We share data with the following processors, each under a data processing agreement:

Where data is transferred outside the UK/EEA, appropriate safeguards (Standard Contractual Clauses or adequacy decisions) are in place.

• Your account and profile data is retained while your account is active.
• When you delete your account, all personal data is permanently deleted within 30 days.
• Financial records required for tax compliance are retained for 7 years.
• Analytics data (PostHog) is retained for 12 months and is anonymised.

You have the following rights regarding your personal data:

• Access: Request a copy of the data we hold about you.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your personal data. You can do this instantly from Settings → Delete account.
• Portability: Receive your data in a machine-readable format.
• Restriction: Ask us to stop processing your data in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw analytics consent at any time via cookie settings.

To exercise any right, email hello@jobspecmatch.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We use two categories of cookies:

• Essential cookies: Authentication session cookies necessary for the Service to function. No consent required.
• Analytics cookies: PostHog collects anonymised usage data to help us improve the Service. These are only set with your explicit consent.

You can change your cookie preferences at any time using the cookie settings button in the page footer.

We use industry-standard measures including TLS encryption in transit, encrypted database storage, row-level security, and regular access reviews. No system is perfectly secure — please use a strong, unique password for your account.

We may update this policy from time to time. Material changes will be communicated by email at least 14 days before they take effect.

Data controller: SpecMatch AI
Email: hello@jobspecmatch.com