Privacy Policy

1. Who We Are

RemoteStack is We operate the job board at remotestack.in and the AutoApply subscription service at remotestack.in/autoapply. For privacy-related matters, contact us at legal@remotestack.in.

2. Data We Collect

Job board visitors (free users):

• Email address and department preferences, if you subscribe to the weekly digest.
• Standard server logs including IP address, browser type, and pages visited — retained briefly for security and debugging.
• Analytics data (aggregate, anonymised) about how pages are used, if analytics are enabled.

AutoApply subscribers:

• Name and email address.
• Resume content (PDF), uploaded at the time of subscription.
• Job preferences: target role, years of experience, skills, dream companies, dealbreakers.
• Application history: companies and roles applied to, application status, dates.
• Payment data: transaction reference and order ID. We do not store full card numbers or bank details — these are handled by our payment processor.
• Authentication data: email address used for magic link sign-in, managed via Supabase Auth.

3. How We Use Your Data

• To provide and improve the RemoteStack job board and AutoApply service.
• To send the weekly jobs digest to subscribers who have opted in.
• To process your AutoApply subscription, match you with relevant job opportunities, and track application history.
• To use AI processing (via Anthropic Claude) to analyse your resume and generate application materials and job match insights.
• To send transactional emails such as subscription confirmations, sign-in links, and application updates.
• To prevent fraud, enforce our Terms of Service, and comply with legal obligations.
• To communicate important changes to the service or these policies.

We do not sell your personal data to third parties. We do not use your data for advertising profiling or share it with data brokers.

4. Third-Party Services

We use the following third-party services to operate the platform. Each processes your data only to the extent necessary for its function:

• Supabase — database and file storage, hosted in Singapore. Your profile, resume, and application data is stored here. Supabase is GDPR-compliant. Cross-border data transfer from India to Singapore is governed by our agreement with Supabase.
• Vercel — website hosting and serverless function execution, hosted in the United States. Standard request and log data passes through Vercel infrastructure.
• Resend — transactional email delivery. Your email address and email content are processed by Resend when we send you emails.
• Anthropic Claude — AI model used to analyse resume content and generate job match insights and application drafts. Resume content and preference data is sent to Anthropic's API for processing. Anthropic's privacy policy governs this processing.
• Payment processor — your payment details are processed by our third-party payment provider. We do not store your full card or bank details.
• Logo.dev — used to display company logos on job listings. Company domain names may be sent to this service.

5. Data Retention

• Job digest subscriber emails: retained until you unsubscribe. Deleted within 24 hours of unsubscribe request.
• AutoApply subscriber profiles, resumes, and application history: retained for the duration of your subscription and for 90 days after cancellation, after which they are permanently deleted.
• Payment transaction references: retained for 7 years for accounting and tax compliance purposes.
• Server logs: retained for up to 30 days, then deleted.

6. Cookies

We use minimal cookies. The site uses cookies to store your theme preference (light or dark mode) locally in your browser. This cookie does not track you across sites and contains no personal information.

Supabase Auth uses secure, HTTP-only cookies to maintain your signed-in session on the AutoApply dashboard. These are strictly necessary for the service to function.

If we enable analytics in future, we will update this policy and seek your consent where required by law.

7. Your Rights

Depending on your location, you may have the following rights over your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data. We will comply within 30 days, subject to legal retention obligations.
• Portability: Request your data in a structured, machine-readable format.
• Withdrawal of consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Objection: Object to processing of your data in certain circumstances.
• Complaint: Lodge a complaint with your local data protection authority. For EU/EEA users, this is your national supervisory authority. For Indian users, this is the Data Protection Board of India (once constituted under the DPDPA 2023).

To exercise any of these rights, email us at legal@remotestack.in. We will respond within 30 days.

8. India: Digital Personal Data Protection Act 2023

We process personal data of Indian residents in accordance with the Digital Personal Data Protection Act, 2023 ("DPDPA"). We collect and process your data only for the purposes described in this policy, with your consent obtained at the time of registration or subscription.

As a data fiduciary, we implement reasonable security safeguards to protect your personal data and notify you in the event of a data breach that is likely to affect your rights. You may exercise your rights as a data principal by contacting us at legal@remotestack.in.

9. European Users: GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or applicable national equivalents. Our lawful basis for processing your data is:

• Contract: processing necessary to perform the AutoApply subscription service you have purchased.
• Consent: for email digest subscriptions and optional analytics.
• Legitimate interests: for fraud prevention and service security, where these are not overridden by your rights.

Data transfers to third parties outside the EEA (such as Supabase in Singapore and Vercel in the US) are governed by Standard Contractual Clauses or the third party's adequacy determination where applicable.

10. California Users: CCPA

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA). You have the right to know what personal information we collect, to request deletion of your personal information, and to opt out of the "sale" of your personal information.

We do not sell personal information as defined under the CCPA. To exercise your rights, contact us at legal@remotestack.in.

11. Children's Data

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at legal@remotestack.in and we will delete it promptly.

12. Security

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (HTTPS), row-level security on our database, and restricted access to production systems. However, no system is entirely secure, and we cannot guarantee absolute security. We will notify you promptly in the event of a data breach that affects your rights.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you by email. Continued use of the Services after changes constitutes acceptance of the updated policy.

14. Contact

For any privacy-related questions, requests, or complaints, contact us at legal@remotestack.in. Our registered address is Jodhpur, Rajasthan, India. We aim to respond to all requests within 30 days.