[privacy] / datenschutz

LAST · UPDATED · 2026-05-21

we collect the minimum data needed to match you with relevant swiss jobs. no advertising, no data sales. we use one optional analytics tool (google analytics) which only loads if you consent. this page explains what we collect, why, and what you can do about it.

the controller responsible for processing your personal data is:

hired
auwiesenstrasse 38
9030 abtwil st. gallen, switzerland

data protection contact:  hello@gethirednow.ch

we collect only the personal data necessary to operate the service:

• [ ]account data: email address, password hash, account creation date, plan tier
• [ ]cv data: the pdf file you upload, plus the structured fields we extract from it (skills, job titles, languages, work history, education, location preferences). we do not extract or store contact details for your past employers' staff.
• [ ]preference data: saved filters, notification settings, jobs you've clicked or saved
• [ ]payment data (pro tier only): your stripe customer id and a tokenized payment method reference. we never see your full card number. invoicing data (name, billing address) for tax compliance.
• [ ]technical data: ip address, browser user-agent, timestamps of requests, error logs. we retain these for 90 days for security and debugging.

we have no advertising business model and no incentive to collect data beyond what the service needs. we explicitly do not collect:

• [ ]browsing history outside this site
• [ ]device fingerprints or advertising cookies
• [ ]your social media profiles or contacts
• [ ]location data beyond the city you tell us in your profile
• [ ]hiring manager or recruiter personal data from the job postings we ingest — we strip these fields before they reach our database

we process your data on the following legal bases:

• [ ]contract performance (fadp art. 31 / gdpr art. 6(1)(b)): we use your account data, cv data, and preferences to deliver the matching service you signed up for. this is the core processing.
• [ ]legitimate interest (fadp art. 31 / gdpr art. 6(1)(f)): we keep limited security logs to prevent abuse and debug errors. our interest in operating a secure service is balanced against minimal data collection.
• [ ]legal obligation (gdpr art. 6(1)(c)): we keep payment records as required by swiss tax law (10-year retention).
• [ ]consent (gdpr art. 6(1)(a)): optional features (analytics cookies, marketing emails about product updates, beta features) are based on consent you can withdraw at any time. see section 10 for how to withdraw analytics consent.

we use a small number of third-party processors. each one has signed a data processing agreement with us. we do not sell or transfer your data for marketing purposes.

• [ ]hosting: netcup GmbH, germany — servers in the eu
• [ ]email delivery: resend, inc., 2261 market street #5039, san francisco, ca 94114, usa — used to send you match notifications and account emails
• [ ]payment processing (pro tier only): stripe payments europe ltd, ireland — handles your subscription billing
• [ ]ai processing for cv extraction: microsoft azure openai service (gpt-5-mini) hosted in switzerland north within our own azure tenant. your cv content is processed inside this tenant. it is not used to train models, not shared with openai, and not transferred outside switzerland. microsoft is our data processor under a signed data processing addendum.
• [ ]analytics (consent-based only): google ireland limited, ireland — google analytics collects anonymized page-view and interaction data. only activated if you accept the cookie banner. google acts as our data processor under their standard data processing terms. data is processed in the eu.
• [ ]job data ingestion: apify technologies s.r.o., czech republic — we use apify to run our public-api ingestion pipeline. apify processes data about jobs (not about you).

we do not transfer your personal data outside switzerland or the european economic area. all processing happens with providers operating servers in switzerland and/or the eu.

• [ ]account data: as long as your account exists
• [ ]cv file and extracted fields: as long as your account exists, deleted within 24 hours of account deletion request
• [ ]preferences and saved jobs: as long as your account exists
• [ ]payment records: 10 years (swiss tax law, art. 958f or)

we use automated systems to match jobs to your profile. specifically:

• [ ]cv extraction: an llm reads your cv and produces structured fields. you can review and correct these fields before any matching happens.
• [ ]job-to-profile matching: we score jobs against your profile using a combination of taxonomy mapping (isco occupation codes) and embedding similarity. the score determines whether you receive a notification, not whether you can see the job — all matched jobs remain visible in your dashboard.
• [ ]cv–role matching: an ai model evaluates how well your cv matches a specific job listing and provides suggestions on what to improve to be a stronger candidate. the analysis helps you understand fit and tailor your application — it does not restrict access to any job.
• [ ]ai cover letter generation (bewerbungsschreiben): when you request it, an llm drafts a cover letter based on your cv data and the target job description. this is entirely opt-in — nothing is generated or sent without your explicit action. you can edit the output before using it.

these decisions do not have legal or similarly significant effects on you (we don't deny anyone access to jobs based on the matching). you can opt out of automated matching by switching to the manual "browse all" mode in your account settings.

under fadp and gdpr, you have the right to:

• [ ]access the personal data we hold about you (fadp art. 25)
• [ ]rectify inaccurate data
• [ ]delete your account and associated data (fadp art. 32)
• [ ]export your data in a portable format (gdpr art. 20)
• [ ]object to processing based on legitimate interest
• [ ]withdraw consent at any time for consent-based processing
• [ ]lodge a complaint with the swiss federal data protection and information commissioner (fdpic / edöb), feldeggweg 1, 3003 bern, www.edoeb.admin.ch. eu residents may also complain to their local supervisory authority.

to exercise any of these rights, email hello@gethirednow.ch. we respond within 30 days as required by law.

we use the minimum number of cookies needed to operate the service:

• [ ]session cookie (strictly necessary): a single httponly cookie holding your login session. required to keep you signed in. expires when you sign out or after 30 days of inactivity.
• [ ]csrf token cookie (strictly necessary): prevents cross-site request forgery on form submissions. session-lived.
• [ ]cookie-consent (strictly necessary): stores your cookie consent choice in local storage so we don't ask you again. persists until you clear it.

analytics (optional, consent-based)

if you accept analytics cookies via the consent banner shown on your first visit, we load google analytics (measurement id: G-FDSQFZD7MP) to understand aggregate usage patterns — which pages are visited, how users navigate the site, and approximate geographic regions. google analytics sets its own cookies (primarily _ga and _ga_*) with a 2-year expiry.

we configure google analytics with ip anonymization enabled, so your full ip address is never stored by google. we do not enable advertising features, user-id tracking, or data sharing with other google products. the data is used solely to improve the service.

legal basis: consent (fadp art. 31 / gdpr art. 6(1)(a)). analytics cookies are only loaded after you click "accept" in the cookie banner.

how to opt out or withdraw consent

click cookie settings in the footer of any page (or right here) to reopen the consent banner. choose "decline" to remove analytics cookies and prevent future tracking. if you haven't made a choice yet, the full banner is shown automatically on your first visit.

we do not use advertising cookies, retargeting pixels, or any other third-party trackers beyond the analytics described above.

we may update this policy as the service evolves. material changes will be communicated by email to registered users at least 14 days before taking effect. the "last updated" date at the top of this page reflects the most recent change.