GDPR Compliant

Privacy Policy

Last updated: November 20, 2025

Table of Contents

Introduction

standout ("we," "our," or "us") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ai-powered job search platform.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you consent to the data practices described in this policy.

Data We Collect

Information You Provide

  • Account information (name, email address, password)
  • Profile information (avatar, professional details)
  • Resume data (work history, education, skills)
  • Job application data (companies, positions, status)
  • Calendar events and reminders
  • Notes and activity logs

Automatically Collected Information

  • Device information (browser type, operating system)
  • Log data (IP address, access times, pages viewed)
  • Usage data (features used, interaction patterns)
  • Aggregated analytics events (page views, button clicks) captured through Umami

Third-Party Data

  • OAuth provider information (when using Google login)
  • Public company information (for job tracking)

Google User Data

When you sign in with Google, we collect and use your data in strict compliance with Google API Services User Data Policy, including the Limited Use requirements:

  • We only request basic profile information: name, email address, and profile picture
  • We do NOT access your Gmail, Drive, Calendar (except when explicitly enabled), or other Google services
  • Your Google data is used solely for authentication and account creation
  • We do NOT share your Google data with any third parties
  • We do NOT use your Google data for advertising or any purposes other than providing our Service
  • We will never sell your Google data

standout's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Cookies and Similar Technologies

We use cookies for essential functionality only:

  • Authentication cookies: Secure httpOnly cookies to maintain your login session (essential for service functionality)
  • CSRF tokens: Security cookies to prevent cross-site request forgery
  • No tracking cookies: We do not use advertising or third-party tracking cookies

You can disable cookies in your browser settings, but this will prevent you from using authenticated features. Our analytics are powered by Umami, which is cookieless, respects Do Not Track, and does not track individuals across sites.

How We Use Your Data

Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract: To provide our services and fulfill our agreement with you
  • Legitimate Interests: To improve our services and ensure security
  • Consent: For marketing communications and optional features
  • Legal Obligations: To comply with applicable laws and regulations

Purposes of Processing

  • Provide and maintain our services
  • Process and store your job applications and resumes
  • Send notifications and reminders
  • Improve and personalize your experience
  • Analyze usage patterns and optimize performance
  • Communicate service updates and changes
  • Prevent fraud and ensure security
  • Comply with legal obligations

Automated Decision Making

We do not use your data for automated decision-making or profiling that produces legal effects or similarly significantly affects you. All AI-powered features (such as resume optimization suggestions) are assistive tools that require your review and approval before any changes are made.

Data Protection

Security Measures

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure password hashing (bcrypt)
  • Access controls and authentication
  • Secure cloud infrastructure

Data Retention

We retain your data for as long as necessary to provide our services:

  • Active account data: Retained while your account is active
  • Account deletion: When you delete your account, we immediately remove all your personal data, job applications, and resumes. Some anonymized analytics data may be retained for service improvement. Deletion is permanent and cannot be undone.
  • Expired file access records: Automatically cleaned up through scheduled maintenance
  • Legal and financial records: Retained as required by applicable laws and regulations

Data Sharing

We do not sell your personal data. We may share data with:

  • Essential service providers who operate our infrastructure (hosting, analytics via Umami, transactional email) and only process data on our behalf
  • Legal authorities (when required by law)
  • Business transfers (mergers, acquisitions)
  • With your explicit consent

Each service provider is contractually required to protect your information and use it solely to deliver standout services.

Data Breach Notification

In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR. The notification will include the nature of the breach, potential consequences, and measures we have taken or will take to address the breach.

Browser Extension

standout snapshot Extension

Our official browser extension ("standout snapshot") helps you save job postings directly to your standout account. The extension operates with strict privacy principles:

Data Collected by Extension

  • Job posting content: Only when you actively click to save a job, the extension captures publicly visible job information (title, company, description, salary, location) from supported job boards
  • Authentication data: Your standout account credentials and session tokens to connect the extension to your account
  • Current tab URL: Only to determine if you're on a supported job board page (the URL itself is not stored or transmitted unless saving a job)

Data NOT Collected

  • Browsing history or activity on non-job board sites
  • Personal information from job board accounts
  • Data from other browser tabs or windows
  • Keystrokes, mouse movements, or general browsing behavior
  • Any data when the extension is not actively used

How Extension Data is Used

  • Job posting content is transmitted securely to your standout account for organization and tracking
  • Authentication tokens maintain your secure connection between the extension and your account
  • No extension data is used for advertising, sold to third parties, or used for purposes unrelated to the core job-saving functionality

Extension Permissions

The extension requests only essential permissions:

  • Storage: To save your authentication tokens locally
  • Tabs: To detect when you're on a supported job board
  • Identity: To enable secure Google Sign-In if you choose that authentication method
  • Host permissions: To communicate with standout servers

Supported Job Boards

The extension currently works with:

  • LinkedIn
  • Indeed
  • Glassdoor
  • jobs.ch
  • Xing
  • Kariera.gr
  • EURES (European job portal)

Privacy by Design: The extension only activates when you explicitly click its icon on a job posting page. It never runs in the background, never tracks your browsing, and only processes the specific job posting you choose to save.

Your Rights

Under GDPR and applicable laws, you have the following rights:

Right to Be Informed

Receive clear, transparent information about how your data is collected, used, and shared (fulfilled by this Privacy Policy)

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Restrict Processing

Request limitation of how we process your data

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or direct marketing

Rights Related to Automated Decision-Making and Profiling

Not be subject to decisions based solely on automated processing that produces legal or significant effects, and request human intervention

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Age Restrictions

Our services are not intended for individuals under 16 years of age (or the minimum age of digital consent in your country). We do not knowingly collect personal data from children.

If we learn that we have collected personal data from a child without parental consent, we will delete that information immediately. If you believe we have collected data from a child, please contact us at [email protected].

International Transfers

Your data is primarily processed within the European Economic Area (EEA) on servers located in Germany. However, some data may be transferred internationally through our third-party service providers:

  • Google OAuth authentication services (United States)
  • Resend email delivery service (United States)
  • Umami Cloud analytics service (various regions)

For all international transfers, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) for transfers outside the EEA
  • Adequacy decisions where applicable
  • Additional security measures for international transfers

Contact Us

For privacy-related questions or to exercise your rights:

Email: [email protected]

You also have the right to lodge a complaint with your local data protection authority.

Policy Updates

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or through the platform.