Privacy

Privacy Policy

Last updated: June 2026

Here we explain openly how we process and protect your personal data in line with the EU General Data Protection Regulation (GDPR). There's a lot of information, but we've tried to put it in plain language. Read at your own pace and reach out if you have any questions.

Important: do not enter sensitive data

Please do not enter the following into the platform:

  • Health data (illnesses, diagnoses, medications)
  • national or tax ID number
  • banking details (account numbers, cards, online-banking credentials)
  • passwords for other services
  • criminal-record information
  • political opinions, religion, ethnic origin
  • sexual orientation
  • trade-union membership.

You can safely provide:

  • Name and contact details
  • education and work experience
  • skills and languages
  • profession, qualifications, certificates
  • type of work permit (without document numbers).

If you accidentally entered sensitive data, remove it from your profile and write to us at info@gigamatch.ai — we will delete it from all systems.

1. Who processes your data

The controller of your personal data is Wojo Group OÜ (Estonia), registry code: 17051473. For privacy matters: info@gigamatch.ai

2. Why we collect data

Providing the platform (registration, profile, applications, job matching); enabling direct contact between job seeker and employer; user support and, for employers, invoicing; developing and improving the service; marketing — only with your consent.

Legal bases for processing: performance of a contract (terms of use), legitimate interest (service development and security), consent (marketing and non-essential cookies), legal obligation (compliance with applicable laws).

3. What data we collect

At registration (via email or Google/Apple): name, email, profile photo (if provided).

Data you provide yourself: profession, work experience, skills, languages, qualifications and certificates, type of work permit, phone number (optional).

Service usage data: applications and messages, activity history, payment data (for employers).

Technical data: IP address, browser and device type, cookies (with your consent).

4. Who sees your data

We do not sell your data. It can be accessed by:

The other side of the platform: when you apply, the employer sees your profile, and you see the employer's contact details — this is needed for direct contact between you.

Our processors (subcontractors) acting on our instructions:

  • Supabase (EU) — data storage
  • Hostinger — hosting and email delivery
  • Stripe — payment processing (we do not store card data)
  • OpenAI — data processing for AI matching
  • Google Analytics — web analytics (with consent)
  • TikTok Pixel — marketing analytics (with consent).

Other recipients: public authorities (where required by law), auditors.

Where data is stored: core processing takes place on servers in the EU (Supabase). Some services (Google/Apple authentication, analytics, marketing pixels) may transfer a limited amount of data outside the European Economic Area — only with your consent and based on EU-approved mechanisms (EU-US Data Privacy Framework or Standard Contractual Clauses).

5. AI matching and automated processing

GigaMatch uses automated matching (AI Match Score): the algorithm compares your profile with jobs by profession, experience, documents and location to show the most relevant results.

The AI only suggests options; it does not make legally significant decisions for you. The final hiring decision is made by the employer, and the decision to apply is yours. You have the right to object to automated processing and to request an explanation of its logic by writing to info@gigamatch.ai.

6. How long we keep data

Active accounts: as long as you use the service. Deleted accounts: removed within 30 days, backups within 90 days. Payment and accounting data: 7 years (legal requirement). Logs: 6 to 24 months. Marketing consents: until withdrawn.

7. How we protect data

We apply industry-level measures: encryption, EU-based servers, access controls, regular backups and security updates, staff confidentiality obligations, and prompt incident response. No method of transmitting data over the internet is completely secure, but we continuously improve our protection.

8. Your rights (GDPR)

At any time you can:

  • Obtain a copy of your personal data
  • correct inaccurate or incomplete data
  • delete your data ("right to be forgotten")
  • restrict processing
  • port your data in a machine-readable format
  • object to processing, including for marketing
  • withdraw consent given earlier
  • object to automated processing (the AI only suggests, it does not decide).

To exercise your rights, change your data in profile settings or write to info@gigamatch.ai. We will respond within 30 days.

9. Cookies

Essential cookies: login and security (always on). Analytics cookies (Google Analytics): only with your consent. Marketing cookies (TikTok Pixel): only with your consent. You can manage your choice via the cookie banner at the bottom of the page or in your browser settings. We do not use pre-ticked consent boxes.

10. Minors

The platform is intended for people aged 18 and over (or the minimum working age in your country). We do not knowingly collect data from minors. If we become aware of such data, we will delete it.

11. Right to complain

If you believe your data is being processed unlawfully, you have the right to lodge a complaint with the supervisory authority in your country. In Estonia this is the Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee).

12. Changes to this policy

We may update this Policy. We will notify you of significant changes in advance by email or via the site. The date at the top reflects the latest revision.

13. Contact

Privacy questions and rights requests: info@gigamatch.ai. We respond to privacy-related requests within 72 hours.

We value your privacy

We use cookies for analytics, marketing, and preferences. Privacy Policy