Privacy Policy / Datenschutzerklärung
Last updated: February 2026
1. Controller Information
The controller responsible for data processing on this website is:
Fodoj GmbH Prinzregentenstrasse 54 80538 München, Germany
Email: team@misujob.com Phone: +49 89 54197048
2. Overview of Data Processing
2.1 What Data We Collect
When you use MisuJob, we collect and process the following data:
Account Data:
- Email address
- Full name
- Password (encrypted with bcrypt)
Profile Data:
- CV/Resume content (skills, work experience, education)
- Job preferences (desired roles, salary expectations, locations)
- Contact information you provide
Usage Data:
- IP address
- Browser type and version
- Device information
- Pages visited and actions taken (only with your cookie consent)
- Timestamps of activities
Job Application Data:
- Jobs you apply to
- Application status and history
- Connected job site credentials (encrypted with AES-256-GCM)
2.2 Purpose of Data Processing
We process your data for the following purposes:
- Providing our AI-powered job matching and auto-apply services
- Extracting career information from your CV using AI (see Section 3.4)
- Creating and managing your user account
- Generating personalised match scores and job recommendations
- Sending you relevant job alerts and notifications
- Improving our AI matching algorithms
- Ensuring security and preventing fraud
- Complying with legal obligations
2.3 Legal Basis (GDPR Article 6)
- Contract performance (Art. 6(1)(b)): Processing necessary for providing our services (matching, auto-apply)
- Legitimate interests (Art. 6(1)(f)): Security, fraud prevention, service improvement
- Consent (Art. 6(1)(a)): Analytics cookies (TTDSG §25), marketing communications
- Legal obligation (Art. 6(1)(c)): Tax and accounting requirements
3. Data Storage and Security
3.1 Where We Store Your Data
Your data is stored on secure servers within the European Union (Google Cloud Platform, Frankfurt region). We use industry-standard encryption for data at rest and in transit.
3.2 How Long We Keep Your Data
- Account data: Until you delete your account
- Profile data: Until you delete your account
- Usage logs: 7 days (system logs), 12 months (AI decision logs)
- Application history: 24 months after last activity
- Inactive jobs: Archived after 30 days
- Payment data: 10 years (legal requirement)
3.3 Security Measures
- SSL/TLS encryption for all data transfers
- AES-256-GCM encryption for sensitive data at rest (credentials)
- Secure password hashing (bcrypt)
- Access controls and authentication (JWT)
- Regular security audits
3.4 AI Data Processing and PII Protection
MisuJob uses AI services to process your CV and match you with jobs. We take the following measures to protect your personal data:
AI Service Providers:
- OpenAI (GPT-5-nano): CV parsing, cover letter generation, job matching explanations, translation, anonymisation
- Cloudflare Workers AI (Llama, Granite, BGE models): Job data extraction, skill extraction, embedding generation
PII Redaction (GDPR Art. 25 - Data Protection by Design):
Before your CV text is sent to any AI service, we automatically:
- Extract personal identifiers locally (name, email, phone, URLs)
- Redact all identifiers with placeholders (e.g.,
[REDACTED_EMAIL]) - Filter GDPR Art. 9 special category data (health conditions, religion, trade union membership, political affiliation)
Only career-relevant information (skills, work experience, education, job titles) is sent to AI providers. Your name, email, phone number, and personal URLs are never sent to external AI services.
AI Decision Logging:
We log metadata about every AI processing operation (which service was used, processing time, success/failure) for transparency and compliance. These logs do not contain your personal data - only aggregate statistics like “extracted 35 skills” or “match score: 85%”. AI decision logs are retained for 12 months.
3.5 Connected Job Site Accounts
When you connect job site accounts (e.g., freelance.de, freelancermap), you authorise MisuJob to act as your authorised representative (Bevollmächtigter) to search for and apply to jobs on your behalf. Your credentials are encrypted with AES-256-GCM and are never shared with third parties.
3.6 Job Listing Data from Aggregator Sources
MisuJob aggregates job listings from third-party platforms (e.g., freelance.de, freelancermap). For these sources:
- Full job descriptions are not stored. We extract career-relevant data (skills, location, salary) using AI, then replace the original description with a short AI-generated summary.
- Source attribution is always displayed, including the original platform name and a link to the original listing.
- Companies or platforms can request removal of their listings at any time via our opt-out page.
4. Your Rights (GDPR)
As a data subject, you have the following rights:
4.1 Right of Access (Art. 15)
You can request information about the personal data we hold about you.
4.2 Right to Rectification (Art. 16)
You can request correction of inaccurate personal data.
4.3 Right to Erasure (Art. 17)
You can request deletion of your personal data (“right to be forgotten”). You can also delete your account directly from your profile settings, which permanently removes all associated data.
4.4 Right to Restrict Processing (Art. 18)
You can request restriction of processing under certain circumstances.
4.5 Right to Data Portability (Art. 20)
You can export all your data in a machine-readable JSON format via your account settings or by calling GET /api/user/export with your authentication token. The export includes your profile, applications, saved jobs, preferences, and connected sites.
4.6 Right to Object (Art. 21)
You can object to processing based on legitimate interests.
4.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time. For cookie consent, click “Cookie Settings” in the footer.
4.8 Right Regarding Automated Decisions (Art. 22)
Our AI matching system uses automated processing to score and rank job matches. You can review match explanations (8-factor breakdown) for every recommendation. You have the right to request human review of any automated decision that significantly affects you.
To exercise these rights, contact us at: team@misujob.com
5. Cookies and Tracking
5.1 Essential Cookies (No Consent Required)
We use essential cookies/localStorage for authentication and core functionality. These cannot be disabled.
| Storage | Purpose | Duration |
|---|---|---|
token | JWT authentication | Session |
user | User profile data | Session |
cookie_consent | Your cookie preferences | Persistent |
onboardingCompleted | Onboarding state | Persistent |
5.2 Analytics Cookies (Consent Required - TTDSG §25)
Analytics cookies are only loaded after you give explicit consent via our cookie banner.
| Service | Purpose |
|---|---|
| Google Analytics 4 | Page views, feature usage |
| PostHog | Event tracking, session recording (new users on profile page only) |
No personal data is shared with third parties for advertising purposes. You can withdraw consent at any time by clicking “Cookie Settings” in the footer.
5.3 Managing Cookies
You can manage cookie preferences through our cookie banner or your browser settings.
6. Third-Party Services
6.1 AI Services
- OpenAI (USA): CV parsing, matching, cover letters. DPA in place. Only redacted career data is sent (see Section 3.4).
- Cloudflare Workers AI (EU): Job extraction, skill extraction, embeddings. Data processed within the EU.
6.2 Payment Processing
We use Stripe for payment processing. Stripe’s privacy policy: https://stripe.com/privacy
6.3 Email Services
We use AWS SES for transactional emails. Data is processed within the EU.
6.4 Job Sites
When you connect job site accounts, we store encrypted credentials to apply on your behalf. We do not share this data with any third parties.
7. International Data Transfers
Your data is primarily processed within the EU. AI processing via OpenAI may involve data transfer to the USA under Standard Contractual Clauses (SCCs). Only redacted, non-personal career data is transferred (see Section 3.4).
8. Content Removal / Opt-Out
Companies, job platforms, or individuals who wish to have content removed from MisuJob can submit a request at /legal/opt-out/ or email team@misujob.com. Requests are processed within 5 business days (24 hours for emergencies).
9. Children’s Privacy
MisuJob is not intended for users under 16 years of age. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via email or through our platform.
11. Contact and Complaints
Data Protection Contact: Email: team@misujob.com
Supervisory Authority: If you believe we have violated your data protection rights, you can file a complaint with:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach Germany Website: https://www.lda.bayern.de
© 2024 - 2026 MisuJob / Fodoj GmbH
