This Privacy Policy describes how JobMentis collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
1. Data Controller
The data controller for your personal data is:
Sylvain Querné (on behalf of JobMentis)
Via Veneto 11, 20068, Peschiera Borromeo (MI), Italy
VAT ID: 14107420961
Contact: support@jobmentis.com
2. Why We Collect Data
At JobMentis, our core philosophy is transparency and data minimization. We only collect the data absolutely necessary to provide you with personalized, AI-driven career coaching, resume optimization, and job tracking tools. We believe you should always know exactly what information we hold and how it is utilized to empower your career growth.
3. Data Collection Summary
To make things clear and readable, here is a summary of the data we collect, why we collect it, and our legal basis for doing so:
| Category of Data | What We Collect | Why We Collect It | Legal Basis |
|---|---|---|---|
| Account & Identity | Name, email address, profile picture. | To create and manage your account, provide secure login, and communicate updates. | Contract |
| Professional Profiles | Resumes (CVs), target roles, work history, and skills. | To power our AI agent, analyze your applications, and generate tailored career advice. | Contract |
| App Data (Jobs) | Saved jobs, interview schedules, app activity. | To provide a comprehensive job tracking dashboard and coaching tools. | Legitimate Interest |
| Technical & Usage | IP address, browser type, device info, navigation patterns. | To ensure site security, analyze usage via product analytics, and improve the platform. | Consent & Legitimate Interest |
| Payment Data | Billing details, subscription status. | To manage your premium features. We do not store full credit card details. | Contract |
4. Data Processors and Tech Stack
To deliver a highly responsive and secure service, JobMentis relies on a modern technology stack. The following trusted third-party companies act as our data processors:
| Company (Data Processor) | Purpose / Service Provided |
|---|---|
| Vercel Inc. | Hosting, Edge Deployment, and infrastructure. |
| Supabase, Inc. | Relational database storage and architecture. |
| Google LLC | User authentication (Firebase Auth), document database (Firestore), and AI processing (Gemini API) via enterprise agreements. |
| OpenAI OpCo, LLC | AI CV analysis and career coaching processing via Enterprise API. Your data is NEVER used to train these models. |
| Anthropic PBC | AI CV analysis and career coaching processing via Enterprise API. Your data is NEVER used to train these models. |
| Stripe, Inc. | Secure payment processing and subscription management. |
| Sendinblue SAS (Brevo) | Transactional and marketing email delivery, contact list management. |
| Resend, Inc. | Transactional email delivery. |
| PostHog, Inc. | Product analytics and user behavior insights. |
| Inngest, Inc. | Background job orchestration (notifications, scheduled maintenance, AI processing queues). |
| Meta Platforms Ireland Ltd. | Advertising measurement and audience building via the Meta Pixel and Conversions API. Only loaded after you accept cookies; personal identifiers (email, name) are SHA-256 hashed before transmission and used to attribute conversions and build retargeting audiences. Configurable per tenant. |
5. Advertising & Conversion Tracking
On tenants that have enabled it, JobMentis loads the Meta Pixel (Facebook Pixel) and sends server-to-server events through Meta's Conversions API to measure the performance of advertising campaigns and to build retargeting audiences. Specifically:
- What is sent: page-view events (which pages you visit), and conversion events for sign-up (CompleteRegistration), purchase (Purchase), and lead-form completion (Lead). Conversion events include your SHA-256 hashed email and, where available, name and IP/user-agent — never the plain values.
- When it loads: only after you click "Accept" on the cookie banner. If you decline, neither the pixel nor the Conversions API fire.
- Retention: Meta retains advertising event data for up to 180 days per its policies. Outbound transmission stops immediately if your tenant disables Meta tracking in the admin settings.
- Opt-out: withdraw cookie consent at any time via the cookie banner; you may also exercise additional controls in Meta's Ad Settings or contact Meta directly via their privacy portal for data deletion requests.
6. International Transfers
Some of our providers are based in the United States or other regions. Data transfers to these countries are conducted under the EU-US Data Privacy Framework (DPF) or using Standard Contractual Clauses (SCCs) to ensure an adequate level of protection for your personal data.
7. Automated Decision Making & AI
Our platform heavily utilizes Artificial Intelligence to analyze CVs and provide interview coaching. While these processes are automated, they act strictly as decision-support tools for you. We do not engage in fully automated decision-making that produces legal effects or materially impacts you without human intervention.
8. Data Security
We implement rigorous technical and organizational measures to protect your data, including SSL/TLS encryption for all data in transit, PostgreSQL Row-Level Security (RLS) policies to enforce tenant isolation, and regular security audits of our infrastructure. All consent events are logged with the specific policy version accepted, ensuring a complete audit trail.
9. Your Rights
Under the GDPR, you have the right to:
- Access your data and receive a copy.
- Rectify inaccurate or incomplete data.
- Delete your data (the "right to be forgotten"). We operate an automated, manifest-driven deletion service that removes your data across all systems — databases, file storage, and external services — upon request.
- Restrict or object to the processing of your data.
- Portability: Receive your data in a structured, commonly used format.
- Withdraw consent at any time via your account settings.
To exercise these rights or ask any questions about your privacy, please contact us at support@jobmentis.com. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).