Privacy policy

Last updated [TBD operator: effective date]. Plain English. If anything’s unclear, write us — we’ll fix the wording.

1. What we collect

  • Account basics — display name, email, password hash, avatar, location text.
  • Profile data — bio, profile links, categories, mentor topics, “looking for” notes.
  • Invite data — who invited you, who you invited, invite tokens, personal notes.
  • Messages — 1:1 chat messages stored in plain text until you delete the conversation or your account.
  • Job posts — title, body, compensation, region restrictions, apply link, expiry.
  • Activity metadata — last-login, last-active, read receipts.
  • Server logs — IP address, user-agent, timestamps, rate-limit counters. Rotated after 30 days.

2. Why we collect it

To run the product, prevent abuse, and send transactional email. We do not track you for advertising. We do not sell, rent, or share your data.

3. Who sees it

Your profile is visible to logged-in members of RemoteJobs.team, not the public web. Your messages are visible only to you and the other party. Your email address is visible only to you.

4. How long we keep it

Active account data is retained indefinitely; server logs for 30 days. Soft-deleted accounts have their identity fields cleared but keep their graph rows. Hard-purged accounts are removed entirely. See Data protection for the full breakdown.

5. Auto-import details

At signup we fetch one URL you give us and extract structured fields (name, bio, avatar, location, links) from Open Graph, schema.org JSON-LD, microformats, or platform APIs. We never store the full HTML, never auto-refresh on a schedule, and harden the fetch against SSRF.

6. Third parties

  • Pusher Channels (or self-hosted Soketi) — real-time message transport.
  • Email delivery — the operator’s choice of Postmark / Resend / Mailgun / Google Workspace / raw SMTP via standard wp_mail().
  • Gravatar — only if you opt into the Gravatar avatar fallback.
  • Hosting — operator-owned server, encrypted at rest, backed up daily.

We do not use Google Analytics, Meta Pixel, or any other analytics or advertising tracker.

7. Your GDPR rights

You have the right to access, correct, export, restrict, object to, and erase your personal data. All of these are self-serve from the Data protection page. The Czech supervisory authority is the ÚOOÚ.

8. Get in touch

Privacy-specific questions: privacy@remotejobs.team. Anything else: the contact form. Operator and data controller: [TBD operator: name], [TBD operator: address].