1. Who We Are
MatchMyJob ("we", "us", "our") is an AI-powered job search optimization platform operated by Liévin Kabamba Ilunga, 237a Wood Street, London, E17 3NT, United Kingdom. We are committed to protecting your personal data in accordance with the UK GDPR, the EU GDPR (Regulation 2016/679), and applicable data protection laws.
Contact for privacy matters: lievinkabamba1@gmail.com
2. Data We Collect
We collect the following categories of personal data:
Account data
First name, last name, email address, country, preferred language. Collected at registration.
CV and application documents
PDF or DOCX files you upload for optimization, extracted text content, and AI-generated optimized versions.
Usage data
Which AI features you use, timestamps, attempt counts, saved jobs. Used to power the Service and enforce plan limits.
Payment data
Payment processing is handled entirely by Stripe. We store only the Stripe customer ID and subscription status — never card numbers or banking details.
Technical data
IP address (for rate limiting only, not stored long-term), browser type via standard HTTP headers. We use Google Ads (gtag.js) for conversion measurement — see the Cookies section.
3. How We Use Your Data
We process your data for the following purposes:
- Service delivery — Processing CVs and job offers through AI, generating outputs, managing attempt balances. Legal basis: performance of contract.
- Account management — Authentication, profile settings, subscription management. Legal basis: performance of contract.
- Transactional emails — Welcome email, renewal reminders, subscription confirmations. Legal basis: legitimate interest / performance of contract.
- Security and fraud prevention — Rate limiting, detecting abuse. Legal basis: legitimate interest.
- Legal compliance — Retaining records as required by applicable law. Legal basis: legal obligation.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Third-Party Services
We use the following trusted third-party processors:
- Supabase (EU region — eu-west-1) — Database, authentication, and file storage. Privacy policy
- Google (Gemini AI) — AI processing of CV and job offer text. Your content is sent to Google's Gemini API for processing. Privacy policy
- Stripe — Payment processing. We never see your full card details. Privacy policy
- Resend — Transactional email delivery. Privacy policy
- RapidAPI / JSearch — Job listing aggregation. Job search queries may be processed by this service. Privacy policy
- Vercel — Hosting and edge infrastructure. Privacy policy
5. Data Retention
We retain your data for the following periods:
- Account data — Until account deletion, then purged within 30 days
- CV files — Until deleted by you or upon account deletion
- Usage logs — 12 months from the date of use
- Payment records — 7 years as required by accounting regulations
When you delete your account, all associated personal data is permanently deleted within 30 days, except data we are legally required to retain (e.g., payment records).
6. Data Security
We implement appropriate technical and organizational measures to protect your data:
- All data is encrypted in transit (HTTPS/TLS) and at rest
- Row-Level Security (RLS) on all database tables — each user can only access their own data
- API keys are never exposed to the browser — all AI and payment calls are server-side only
- Authentication is handled by Supabase with industry-standard practices
- File uploads are validated for type and size before processing
7. Your Rights (GDPR)
If you are located in the European Economic Area, you have the following rights regarding your personal data:
- Right of access — Request a copy of the data we hold about you
- Right to rectification — Request correction of inaccurate data
- Right to erasure — Request deletion of your data ("right to be forgotten")
- Right to portability — Receive your data in a structured, machine-readable format
- Right to object — Object to processing based on legitimate interest
- Right to restriction — Request that we limit how we use your data
- Right to withdraw consent — Where processing is based on consent, you may withdraw at any time
To exercise any of these rights, email us at lievinkabamba1@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
8. Cookies
We use only strictly necessary cookies:
- Authentication cookies — Set by Supabase to maintain your session. Essential for the Service to function.
- Locale cookie (
NEXT_LOCALE) — Stores your language preference (EN/FR). No personal data.
We also use Google Ads (gtag.js / AW-18271370953) for conversion measurement. This may set cookies for ad tracking purposes. If you are in the European Economic Area, this processing is based on your consent where required by applicable law.
9. International Data Transfers
Your data is primarily stored in Supabase's EU (eu-west-1) region. When data is processed by Google (Gemini AI) or other US-based providers, it is transferred under appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms) in compliance with UK GDPR and GDPR Chapter V.
10. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you become aware that a child has provided us with personal data, please contact us at lievinkabamba1@gmail.com and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the changes take effect. The "last updated" date at the top of this page indicates when the most recent revision was made. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
12. Contact
For any privacy-related questions or to exercise your rights:
- Email: lievinkabamba1@gmail.com
- Address: Liévin Kabamba Ilunga, 237a Wood Street, London, E17 3NT, United Kingdom