Privacy Policy

This Privacy Policy explains what personal data we collect when you use jobswfa.com (the “Service”), how we use it, and the choices you have. By using the Service you agree to the practices described here.

1. Who we are

Work from Anywhere Jobs (“jobswfa”, “we”, “us”) is the controller of the personal data we collect through the Service. Contact details are at the end of this policy.

2. Information we collect

• Account information. When you sign up, we collect your email address. If you sign in with Google, we receive the email and basic profile information that Google shares with our app (we do not access your Gmail or contacts).
• Activity in the product. We store the jobs you save, your filter preferences, and dashboard activity so we can show them back to you on subsequent visits.
• Billing data. If you subscribe, our payment processor (Lemon Squeezy) collects and processes your payment details. We do not store full card numbers; we receive a customer reference, subscription status, and the plan you purchased.
• Technical data. Like most websites, we receive standard request metadata (IP address, user-agent, timestamps) and use cookies / local storage to keep you signed in and to remember UI preferences.
• Public job content. Job listings and company profiles displayed on the Service are aggregated from public sources (e.g. Greenhouse, Lever, Ashby, public careers pages). These are not personal data about you.

3. How we use your data

• To create and operate your account and authenticate you.
• To save jobs and personalize what you see in your dashboard.
• To process subscriptions and unlock paid features.
• To protect the Service against abuse, fraud, and security incidents.
• To comply with legal obligations and enforce our Terms of Service.
• To send transactional messages (e.g., billing receipts, account notices) and, only with your opt-in, occasional product updates.

We do not sell your personal data, and we do not run third-party advertising or behavioural tracking pixels on the Service.

4. Legal bases (GDPR)

Where the GDPR applies, we rely on the following legal bases: performance of a contract (operating your account, providing paid features), legitimate interests (security, abuse prevention, basic product analytics), consent (optional communications, optional cookies), and legal obligation (tax, accounting, responding to lawful requests).

5. Service providers (processors)

We rely on the following third parties to operate the Service:

• Supabase — database, authentication, file storage.
• Vercel — hosting and request delivery for the website.
• Google — optional OAuth-based sign-in.
• Lemon Squeezy — payment processing and subscription billing.
• Public ATS APIs (Greenhouse, Lever, Ashby) — source of job content; we read from these and do not send your personal data to them.

These providers are contractually required to process personal data only on our instructions and in line with applicable law.

6. International transfers

Our providers may process your data outside your country of residence, including in the United States and the European Union. Where required, transfers are protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

7. Data retention

We keep account data while your account is active and for a short period thereafter to handle disputes and meet legal obligations. Billing records are retained for the period required by applicable tax and accounting law (typically up to 7 years). You can delete your account from the dashboard at any time, which removes your profile and saved-job data from our active systems within 30 days, subject to legal retention.

8. Your rights

Depending on where you live, you may have the right to:

• access the personal data we hold about you;
• correct inaccurate information;
• delete your data (subject to legal retention);
• port your data to another service;
• object to or restrict certain processing;
• withdraw consent at any time where processing is based on consent;
• lodge a complaint with your local data-protection authority.

To exercise these rights, use the contact details below.

9. Cookies and local storage

We use strictly necessary cookies / local storage to keep you signed in, remember UI preferences, and protect against CSRF and other security risks. We do not use third-party advertising cookies. If we ever add analytics that go beyond aggregate, privacy-preserving counts, we will surface a clear consent banner first.

10. Security

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit, hashed credentials, scoped service tokens, and least-privilege access. No service is perfectly secure; if a breach occurs that affects your data, we will notify you and the relevant authorities as required by law.

11. Children

The Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date and, for material changes, provide reasonable notice (for example, by email or an in-product banner). Continued use of the Service after the changes take effect constitutes acceptance of the updated policy.

13. Contact

Privacy questions or data-rights requests? Contact the site owner via the email address listed in the website footer. We aim to respond within 30 days.