Skip to main content

🌸Spring Sale30% Off Everything! Use code SPRINGSALE at checkout🌸

Skip to main content
AI Job Checker logoAI Job Checker
Back to home

Privacy Policy

Last updated: March 2, 2026

1. Introduction

AI Job Checker is operated by Peritus slf., a company registered in Reykjavik, Iceland ("we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at aijobchecker.com.

We are subject to the General Data Protection Regulation (GDPR) and Icelandic data protection law. We take our obligations under these frameworks seriously and have designed the Service to collect only the minimum data necessary to provide our features.

2. Information We Collect

Information you provide

Free analysis (no account required): When you use the free AI impact analysis, we receive only the job title you search for. No account is created, no user profile is stored, and you are not required to provide any personal information.

Registered accounts and purchases: When you create an account or purchase a report, we collect your email address. Payment details (card numbers, billing addresses) are handled entirely by Paddle, our Merchant of Record — we never receive or store your payment card information.

Subscribers: If you hold an active subscription, we additionally store your monitored job list (the job titles you have selected for ongoing monitoring), your digest delivery history, your alert notification preferences, and your subscription status and billing period.

Information collected automatically

Hashed IP addresses for rate limiting: To prevent abuse of the free analysis, we apply rate limiting using a salted SHA-256 hash of your IP address. The hash is stored in a rolling 60-second window in Upstash Redis and is not persisted beyond that window. We never store your raw IP address, and the hash cannot be reversed to recover your original IP.

Report access logs: For purchased reports accessed via token URL, we log access events (timestamp, hashed IP, token identifier) for security auditing. These logs are retained for 90 days.

We do not collect device type, browser type, page view analytics, or any behavioural tracking data.

3. How We Use Your Information

  • Service delivery: To run AI impact analyses and return results for the job title you searched.
  • Report fulfilment: To generate your purchased report, send the report delivery email with your unique access link, and enforce the 6-month access window for non-subscribers.
  • Account management: To authenticate you, manage your subscription, and allow you to manage your monitored job list.
  • Subscription features: To send monthly digest emails, breaking-change alert emails, and updated action plan notifications.
  • Fraud and abuse prevention: To detect misuse of the free analysis via rate limiting using hashed IPs.
  • Transactional communications: To send purchase confirmations and subscription renewal notices via Resend.

We do not sell your personal data. We do not use your data for advertising or behavioural profiling.

4. Legal Basis for Processing

Under the GDPR, we process personal data on the following legal bases:

  • Contract performance (Article 6(1)(b)): Processing your email address, job selections, and report access data is necessary to deliver the products and services you have purchased or signed up for.
  • Legitimate interests (Article 6(1)(f)): Rate limiting via hashed IPs protects the free analysis from abuse. Security logging of report access events protects the integrity of our access controls. These interests are not overridden by your privacy rights given that raw IPs are never stored.
  • Consent (Article 6(1)(a)): For optional communications beyond transactional emails (such as product updates), we rely on consent. You can withdraw consent at any time by contacting us or using the unsubscribe link in any such email.
  • Legal obligation (Article 6(1)(c)): Payment records are retained as required by applicable tax and financial regulations, managed by Paddle as our Merchant of Record.

5. Third-Party Data Processors

We use the following third-party processors. Each processes data only as directed by us, under a data processing agreement, and is GDPR-compliant:

Paddle — Merchant of Record and payment processor. Paddle is the legal seller for all AI Job Checker purchases. They receive your payment card details, billing email, and billing country to process payments, issue VAT-compliant receipts, calculate and remit sales tax, and handle refund requests. We do not receive your card details. Paddle operates under its own privacy policy and acts as an independent data controller for payment data.

Supabase — Authentication and database. Supabase stores your account email address, hashed password (if using email/password auth), auth session tokens, monitored job selections, subscription status, digest history, and alert preferences.

Resend — Transactional email delivery. Resend receives your email address and the content of transactional emails (report delivery links, subscription notifications, digest emails, alert notifications) in order to deliver them to your inbox.

Vercel — Application hosting. Vercel hosts and serves the AI Job Checker web application. Vercel may process request metadata (such as request paths and response codes) in the normal course of serving web traffic and may retain access logs according to their own data retention policies.

Upstash Redis — Rate-limit storage. Upstash stores hashed IP values within a rolling 60-second rate-limit window. No raw IP addresses are transmitted to or stored by Upstash. Values expire automatically after the window closes.

6. Information We Do NOT Collect

To be explicit, the following data is not collected by AI Job Checker:

  • Raw IP addresses (only salted SHA-256 hashes, not reversible)
  • Advertising or third-party tracking cookies
  • Analytics cookies or pixel trackers (we use Vercel Analytics, which is cookie-free and privacy-friendly)
  • Phone numbers
  • Physical postal addresses
  • Payment card numbers or CVV codes
  • Government identification numbers
  • Browser fingerprints or device identifiers
  • Behavioural profiling data (session recordings, heatmaps, or individual user tracking)

7. Data Retention

  • Rate-limit hashes: Retained for a rolling 60-second window in Upstash Redis. Not persisted to our database at any point.
  • Report access logs (hashed IP + token + timestamp): Retained for 90 days, then automatically deleted.
  • Account data (email, monitored jobs, digest history, preferences): Retained while your account is active. Upon a verified deletion request, account data is deleted within 30 days, except where retention is required by law.
  • Payment records: Retained by Paddle as required by applicable tax and financial regulations (typically 7 years). We retain only the Paddle subscription and transaction identifiers needed to manage your account; we do not retain payment card details.
  • Report content: Generated reports are retained to enable report access via token URL. Non-subscriber report access links remain active for 30 days from generation. Active subscribers retain access to their reports for the duration of their subscription.

8. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access (Article 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17): Request deletion of your personal data ("right to be forgotten"), subject to our legal retention obligations.
  • Right to restriction of processing (Article 18): Request that we limit processing of your data in certain circumstances.
  • Right to data portability (Article 20): Request a machine-readable copy of personal data you have provided to us.
  • Right to object (Article 21): Object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at privacy@aijobchecker.com. We will respond within 30 days. You will not be charged for exercising your rights.

You also have the right to lodge a complaint with the Icelandic Data Protection Authority (Persónuvernd) at personuvernd.is.

9. Cookies

We use one category of cookies only: Supabase auth session tokens. These are essential cookies that are set when you sign in to your account. They are required for the Service to recognise your authenticated session and cannot be disabled without logging you out.

We do not set or permit:

  • Advertising or remarketing cookies
  • Analytics cookies (we use Vercel Analytics, which is cookie-free and does not track individual users)
  • Third-party tracking or social media pixels
  • Persistent user-tracking identifiers of any kind

If you use the free analysis without signing in, no cookies are set.

10. Security

We implement the following security measures to protect your data:

  • TLS encryption for all data in transit between your browser and our servers (enforced by Vercel).
  • Row-Level Security (RLS) on all database tables in Supabase, ensuring users can only access their own data.
  • Hashed IP addresses: IP addresses are hashed using salted SHA-256 before any storage or comparison. Raw IPs are never written to disk or transmitted to third-party systems.
  • Timing-safe comparison: Webhook signature verification and secret comparisons use constant-time algorithms to prevent timing-based attacks.
  • Rate limiting: The free analysis endpoint is rate-limited (one request per IP hash per 60 seconds) to prevent abuse, using Upstash Redis.
  • Report access tokens: Reports are accessed via cryptographically generated unique token URLs, not via predictable IDs.

While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. If you become aware of a security concern, please contact us immediately at privacy@aijobchecker.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, applicable law, or our data practices. Material changes will be communicated by email to registered users at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

Continued use of the Service after the effective date of a change constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy, wish to exercise your GDPR rights, or have concerns about our data practices, please contact us:

Peritus slf.
Reykjavik, Iceland
Email: privacy@aijobchecker.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Icelandic Data Protection Authority:

Persónuvernd (Icelandic Data Protection Authority)
personuvernd.is