Privacy Policy / Datenschutzerklärung

Last updated: March 13, 2026  ·  Applies to swiftjob.de

1. Controller / Verantwortlicher

The controller responsible for data processing under Art. 4(7) GDPR is:

Steven Obst
IT-Dienstleistungen (Kleingewerbe)
Schnellerstraße 91 A
12439 Berlin, Germany
Email: info@fullcircle-solution.com

2. Data we collect

We collect the following categories of personal data:

  • Account data: email address, name, and authentication credentials (via Google or LinkedIn OAuth, or email/password through Supabase Auth).
  • Profile data: your CV/resume, target job titles, preferred locations, work preferences (remote/hybrid/on-site), and self-described skills.
  • Usage data: pages visited, features used, timestamps of interactions, collected via server logs.
  • Payment data: subscription plan, billing dates, and payment status. Credit card details are processed exclusively by Stripe and never stored on our servers.
  • Cookie consent preferences: stored locally in your browser (localStorage).

3. Purposes and legal bases

Providing the service (Art. 6(1)(b) GDPR): We process your account and profile data to deliver the service: AI job scoring, ATS resume analysis, interview preparation, cover letter generation, and job match tracking. Your CV and preferences are used solely to evaluate job fit and generate career insights.

Payment processing (Art. 6(1)(b) GDPR): We share necessary data with Stripe to process subscription payments.

Analytics and improvement (Art. 6(1)(f) GDPR): We use aggregated, non-personally-identifiable usage data to understand how the platform is used and to improve features. You may object at any time by contacting us.

Legal compliance (Art. 6(1)(c) GDPR): We retain invoicing records as required by German tax law (§ 147 AO).

4. Third-party processors

We use the following sub-processors. All are bound by data processing agreements:

  • Supabase (EU region): Authentication, database hosting, and file storage.
  • Anthropic (Claude API, USA): We use Anthropic's API for AI-powered career insights (job scoring, cover letters, interview prep). Before any data is sent to the API, all personally identifiable information (name, email, phone, address) is stripped server-side. The AI model only receives anonymized skills, experience descriptions, and job criteria. Data is processed per Anthropic's API data usage policy and is not used to train their models. Transfer basis: EU Standard Contractual Clauses (SCCs).
  • Stripe (USA/EU): Payment processing for subscriptions. We never store your card details.
  • Vercel (USA): Hosting and CDN. Transfer basis: EU Standard Contractual Clauses (SCCs).

5. International data transfers

Some of our processors (Anthropic, Vercel, Stripe) are based in the United States. We ensure appropriate safeguards through EU Standard Contractual Clauses (SCCs) as per Art. 46(2)(c) GDPR. You can request copies of these safeguards by contacting us.

6. Cookies and local storage

We use essential cookies for authentication (session management via Supabase). We store your cookie consent choice in localStorage. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can clear your browser's localStorage at any time to reset your preferences.

7. Data retention

We retain your personal data for as long as your account is active. If you delete your account, we erase your profile, CV, and job match data within 30 days. Invoicing records are retained for up to 10 years as required by German tax law (§ 147 AO). Anonymised usage statistics may be retained indefinitely.

8. Your rights (DSGVO/GDPR)

Under the GDPR you have the following rights:

  • Art. 15 — Right of access: Request a copy of the personal data we hold about you.
  • Art. 16 — Right to rectification: Correct inaccurate or incomplete data via your profile settings or by contacting us.
  • Art. 17 — Right to erasure: Request deletion of your account and personal data at any time via Settings → Delete Account.
  • Art. 18 — Right to restriction: Request that we temporarily restrict processing of your data.
  • Art. 20 — Right to data portability: Export a copy of your data in machine-readable format.
  • Art. 21 — Right to object: Object to processing based on legitimate interest at any time.
  • Art. 77 — Right to lodge a complaint: You may lodge a complaint with the competent supervisory authority. In Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10969 Berlin.

To exercise any of these rights, contact us at info@fullcircle-solution.com. We will respond within 30 days.

9. Data security

All data is transmitted over HTTPS/TLS. Database access is restricted to authenticated API endpoints. Authentication tokens use short-lived JWTs with automatic rotation. We do not store passwords in plain text; authentication is delegated to Supabase Auth (bcrypt hashing) or OAuth providers.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or a notice on the platform at least 14 days before they take effect.

Legal OverviewReturn to Home