This Privacy Policy describes how Laidoffon(“we”, “us”) collects, uses and shares personal data of users of laidoffon.com. It is written to comply with the EU General Data Protection Regulation (GDPR).
1. Data controller
The data controller is Laidoffon, contactable at privacy@laidoffon.com.
2. Data we collect
- Account data: email, password (hashed), role.
- Profile data (job seekers): name, headline, bio, location, work locations, skills, experience, availability, CV (if uploaded), avatar, links (LinkedIn, GitHub, portfolio).
- Profile data (companies): company name, legal name, website, sector, size, contact person details, logo, description.
- Activity data: applications you make, messages you send/receive, job posts you publish, job alerts you save, notification preferences.
- Technical data: IP address, browser user-agent, request logs (kept briefly for fraud prevention and debugging).
3. Why we process your data (legal bases)
- Contract: creating your account, matching profiles with jobs, sending messages — necessary to provide the Service.
- Consent: sending optional notification emails (you can opt out at any time in Settings).
- Legitimate interest: security, fraud prevention, basic product analytics (aggregated, anonymised).
- Legal obligation: responding to lawful requests from authorities.
4. Who we share data with
- Other users: companies can see public profiles of job seekers; job seekers can see published job posts and company profiles. Direct messages are shared with the recipient only.
- Service providers (processors):
- Vercel (hosting, blob storage for uploads).
- Neon (PostgreSQL database).
- Resend (transactional email delivery).
- Authorities: when required by law.
We do not sell your personal data.
5. International transfers
Some of our processors are located outside the European Economic Area (EEA). Where applicable we rely on Standard Contractual Clauses (SCCs) and provider-side adequacy decisions to ensure an equivalent level of protection.
6. Retention
- Active account: as long as the account exists.
- After deletion: account data is removed within 30 days, except minimal information retained to prevent fraud or meet legal obligations (typically up to 12 months).
- Email logs: 90 days.
7. Your rights (GDPR)
You have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and data (“right to be forgotten”).
- Restrict or object to certain processing.
- Export your data in a portable format.
- Withdraw consent (e.g. unsubscribe from notification emails).
- Lodge a complaint with your local supervisory authority (in Italy, the Garante per la Protezione dei Dati Personali).
Most rights can be exercised directly from your Settings page. For everything else, write to privacy@laidoffon.com — we reply within 30 days.
8. Cookies
We use only strictly necessary cookies to keep you signed in. No third-party marketing or analytics cookies are set without your explicit consent.
9. Security
Passwords are stored hashed (bcrypt). Connections are encrypted in transit (HTTPS). Access to the production database is restricted and audited. Despite our efforts, no method of transmission or storage is 100% secure.
10. Children
The Service is not directed to children under 16. If we become aware that we have collected personal data from a child under 16, we will delete it.
11. Changes
We may update this policy from time to time. Material changes will be notified to registered users by email at least 14 days in advance.
