GitAJob Logo GitAJob Git A Job →

Privacy Policy

Last Updated: 1 April 2026

Effective Date: 1 April 2026

1. Data Controller

The data controller for GitAJob is Altuvia, a sole proprietorship (eenmanszaak) registered in Amsterdam, the Netherlands (KvK: 95706704; BTW: NL005169967B09).

Registered address: Zeeburgerpad 183, 1018 AJ Amsterdam, the Netherlands.

For all privacy and data protection enquiries, including exercising your GDPR rights, contact our data protection contact at:

By accessing or using the Service, you consent to the collection, use, and disclosure of your information in accordance with this Privacy Policy. If you do not consent, please do not access or use the Service.

2. What Data We Collect

2.1 Account Information (provided by you)

When you create an account, we collect:

  • Email address
  • First and last name
  • Country (optional)
  • Password (hashed and salted — we never store plaintext passwords)

2.2 Subscription and Payment Data

If you subscribe to a paid plan:

  • Stripe Customer ID and Subscription ID
  • Subscription tier, status, and billing period

We do not store credit card numbers, bank account details, or other payment credentials. All payment information is processed and stored by Stripe.

2.3 Usage Data (collected automatically)

When you use GitAJob, we automatically collect:

  • Search queries and job search history
  • Application preferences, saved searches, and personalisation settings
  • Pages visited, features used, and time spent on the platform
  • Browser type, operating system, and screen resolution
  • IP address and approximate location (derived from IP)
  • Referral source (how you found GitAJob)

2.4 Job Interaction Data

When you interact with job listings:

  • Saved and bookmarked job posts
  • Search filters and preferences

3. Why We Process Your Data (Purpose and Legal Basis)

Under the General Data Protection Regulation (GDPR), we process personal data only when we have a valid legal basis. Below is a summary of each purpose and its corresponding legal basis under Article 6(1) GDPR:

  • Provide and operate the Service (account creation, search, preferences) — Legal basis: Performance of a contract (Art. 6(1)(b))
  • Process payments and manage subscriptions — Legal basis: Performance of a contract (Art. 6(1)(b))
  • Send essential service communications (account verification, security alerts, subscription changes) — Legal basis: Performance of a contract (Art. 6(1)(b))
  • Analyse usage patterns and improve the Service (product analytics via PostHog) — Legal basis: Legitimate interest (Art. 6(1)(f)) — our legitimate interest is to understand how the Service is used so we can improve the user experience
  • Detect and prevent fraud, abuse, and security incidents — Legal basis: Legitimate interest (Art. 6(1)(f))
  • Place non-essential cookies (analytics) — Legal basis: Consent (Art. 6(1)(a)), obtained via our cookie consent banner
  • Comply with legal obligations (tax records, law enforcement requests) — Legal basis: Legal obligation (Art. 6(1)(c))

4. Cookies and Tracking Technologies

4.1 Essential Cookies

We use strictly necessary cookies for authentication, session management, and security. These cookies are required for the Service to function and cannot be disabled.

4.2 Analytics Cookies

We use PostHog for product analytics. PostHog sets cookies to track page views, feature usage, and session behaviour. These cookies are only placed after you provide consent via our cookie consent banner.

If you decline analytics cookies, PostHog operates in cookieless mode with in-memory storage only, meaning no persistent identifiers are stored on your device.

4.3 Managing Cookies

You can manage your cookie preferences at any time using the cookie consent banner or through your browser settings. Blocking essential cookies may impair the functionality of the Service. For full details, see our Cookie Policy.

5. Data Retention

  • Account data: Retained for as long as your account is active
  • Search history and preferences: Retained while your account is active; deleted with your account
  • Payment records: Retained for 7 years after the last transaction to comply with Dutch tax law (Algemene wet inzake rijksbelastingen)
  • Analytics data: Aggregated and anonymised within 90 days
  • Deleted accounts: Personal data is permanently deleted within 30 days of account deletion, except where retention is required by law

6. Sub-Processors and Third-Party Services

We share personal data with the following sub-processors, each of which is bound by a Data Processing Agreement (DPA):

  • Supabase — Database hosting and user authentication (EU region)
  • Stripe — Payment processing (EU/US — certified under the EU-US Data Privacy Framework)
  • PostHog — Product analytics (EU region)
  • Cloudflare — Content delivery, DDoS protection, and web application hosting (global network with EU processing)
  • Scaleway — Backend API hosting (EU — Paris, France)
  • Google Cloud Platform — Embedding computation for semantic search (EU region)
  • Sentry — Error monitoring and crash reporting (EU region)

We do not sell, rent, or trade your personal data to any third party.

We require each sub-processor to use the personal data we transfer to them only for the purpose for which it was transferred and not to retain it for longer than is required for fulfilling that purpose.

We may also disclose your personal data: (1) to comply with applicable law, regulation, court order, or other legal process; (2) to enforce our agreements with you, including this Privacy Policy and our Terms of Service; or (3) to respond to claims that your use of the Service violates any third-party rights. If GitAJob or Altuvia is merged or acquired by another entity, your information will be one of the assets transferred to the new owner.

7. International Data Transfers

GitAJob is operated from the Netherlands. Most of our sub-processors store and process data within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, to the United States via Stripe or Cloudflare), we ensure appropriate safeguards are in place, including:

  • EU-US Data Privacy Framework certification (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission for the recipient country

8. Data Security

We implement technical and organisational measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS) for all connections
  • Secure password hashing using industry-standard algorithms
  • Role-based access controls and row-level security on all database tables
  • Regular security reviews and dependency audits
  • Infrastructure hosted on enterprise-grade, ISO 27001-certified providers

No system is completely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.

9. Your Rights Under the GDPR

As GitAJob is operated from the Netherlands, all users benefit from the protections of the General Data Protection Regulation (GDPR). You have the following rights:

  • Right of access (Art. 15) — Request a copy of the personal data we hold about you
  • Right to rectification (Art. 16) — Request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17) — Request deletion of your personal data (“right to be forgotten”)
  • Right to restriction of processing (Art. 18) — Request that we limit how we use your data
  • Right to data portability (Art. 20) — Receive your data in a structured, commonly used, machine-readable format
  • Right to object (Art. 21) — Object to processing based on legitimate interests, including profiling
  • Right to withdraw consent (Art. 7(3)) — Withdraw consent at any time where processing is based on consent (e.g., analytics cookies), without affecting the lawfulness of processing before withdrawal
  • Right not to be subject to automated decision-making (Art. 22) — You will not be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our search ranking uses automated systems to order results by relevance, but no automated decisions are made about your employment, creditworthiness, or legal standing.

How to Exercise Your Rights

To exercise any of these rights, contact us at gdpr@gitajob.io. We will respond to your request within one month, as required by the GDPR. In complex cases, this may be extended by a further two months, in which case we will inform you of the extension and the reasons for the delay.

You may also manage certain rights directly through your account settings (e.g., updating your profile, deleting your account, or exporting your data).

Please note that if you do not allow us to collect or process the required personal information, or if you withdraw your consent to process the same for the required purposes, you may not be able to access or use the services for which your information was sought.

Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. For the Netherlands, this is the Autoriteit Persoonsgegevens (AP):

https://autoriteitpersoonsgegevens.nl
Postbus 93374, 2509 AJ Den Haag, the Netherlands

10. Children’s Privacy

GitAJob is not intended for users under 16 years of age, in accordance with Article 8 of the GDPR as implemented by Dutch law (UAVG). We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact us at gdpr@gitajob.io and we will delete it promptly.

11. Data Breach Notification

In the event of a personal data breach, we will comply with Articles 33 and 34 of the GDPR:

  • We will notify the Autoriteit Persoonsgegevens within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to your rights and freedoms
  • If the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay
  • Notifications will describe the nature of the breach, the likely consequences, and the measures taken or proposed to address it

12. Automated Decision-Making and Profiling

GitAJob uses automated systems to:

  • Rank job listings by semantic relevance to your search queries
  • Personalise search results based on your preferences
  • Detect and prevent fraudulent or abusive activity

These automated processes assist in presenting relevant results but do not make decisions that produce legal effects or similarly significantly affect you. You always have the ability to refine your search, change preferences, or contact us if you have concerns about how results are presented.

13. Third-Party Links

Our Service may contain links to other websites that are not operated by us. This Privacy Policy does not address the privacy practices of any third parties, including any website or service accessible via a link on the Service. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

14. Changes to This Policy

We may update this Privacy Policy from time to time without prior notice. When we make material changes, we will:

  • Post the updated policy on this page and update the “Last Updated” date
  • For significant changes that affect your rights, make reasonable efforts to notify you (e.g., via email or in-app notification)

The revised Policy will be effective 180 days from when the revised Policy is posted on the Service. We encourage you to review this page periodically. Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

15. Grievance / Data Protection Officer

If you have any queries or concerns about the processing of your information, you may contact our Grievance Officer at gdpr@gitajob.io. We will address your concerns in accordance with applicable law.

16. Contact

For questions about this Privacy Policy, your personal data, or to exercise your GDPR rights:

Altuvia
Data Protection Contact: gdpr@gitajob.io
Phone: +31 6 24462122
General Support: support@gitajob.io
Address: Zeeburgerpad 183, 1018 AJ Amsterdam, the Netherlands
KvK: 95706704
BTW: NL005169967B09

By using GitAJob, you acknowledge that you have read and understood this Privacy Policy.