Woodle Career← Back to home

Privacy Policy

Last updated: 29 May 2026

1. Who are we?

Woodle Career is an application published by Woodle Lab, accessible at woodlecareer.com. For general questions, write to us atcareer@woodlelab.com. For any question about your personal data or to exercise your GDPR rights:dpo@woodlelab.com.

2. Data we collect

Account data (required)

  • Full name
  • Email address
  • Password (hashed by Supabase — never accessible in plain text)

Profile data

  • Role sought, location, contract type, salary range
  • Notification and interface preferences

Application tracking data

  • Applications: company, role, status, salary, comments, URL, date, source
  • Interviews: date, time, location, type, preparation notes
  • Reusable application templates

Subscription data

  • Plan status (free / Pro) and renewal date
  • Stripe customer ID (payment data is managed exclusively by Stripe and is never transmitted to us)

Technical data

  • Access logs (IP address, browser) — hosted by Vercel, kept for 90 days

3. Purposes and legal bases (GDPR art. 6)

PurposeLegal basis
Providing the service (authentication, applications, interviews)Performance of contract (art. 6.1.b)
Interview and follow-up reminders by emailPerformance of contract (art. 6.1.b)
Monday weekly digestConsent (art. 6.1.a) — explicit opt-in in settings
Billing and subscription management via StripePerformance of contract (art. 6.1.b)
Service improvement and abuse detectionLegitimate interest (art. 6.1.f)

4. Sub-processors and recipients

Your data may be shared with the following sub-processors, bound by a GDPR-compliant data processing agreement. Transfers outside the EU rely on the European Commission's standard contractual clauses (SCC).

Sub-processorRoleLocation
SupabaseDatabase and authenticationAWS eu-west-1 (Ireland, EU)
StripePayment and subscription managementIreland (EU subsidiary)
ResendTransactional email sendingUnited States (SCC)
VercelApplication hostingUnited States (SCC)
SentryTechnical error monitoring (anonymised logs)United States (SCC)
AnthropicSirius AI service (Claude) — only for queries you initiateUnited States (SCC)
UpstashRate limiting (temporary IP storage)AWS eu-west-1 (Ireland, EU)

5. Retention period

  • Account and application data: kept for the duration of account activity, then permanently deleted within 30 days of a deletion request.
  • Billing data: kept for 10 years in accordance with legal accounting obligations (French Commercial Code art. L123-22).
  • Technical logs: 90 days maximum.

6. Your rights (GDPR)

In accordance with Regulation (EU) 2016/679 (GDPR), you have the following rights:

  • Right of access — obtain a copy of your personal data.
  • Right of rectification — correct inaccurate data from your profile.
  • Right to erasure — delete your account and all your data from Settings → Danger zone, or by contacting dpo@woodlelab.com.
  • Right to data portability — download all your data (profile, applications, interviews, messages, etc.) as a ZIP/JSON archive from Settings → My data. Free, available to all users.
  • Right to object — object to processing based on legitimate interest.
  • Withdrawal of consent — at any time from your Settings: unsubscribe from the weekly digest, disable the Sirius Daily Brief, adjust school sharing (Campus), disable push notifications.

To exercise your rights: dpo@woodlelab.com. You also have the right to lodge a complaint with the CNIL (French data protection authority).

7. Data security

  • Access to data strictly limited to your account via Supabase Row-Level Security (RLS) — no other user can access your applications.
  • Communications encrypted in HTTPS / TLS across the entire service.
  • Passwords hashed (bcrypt via Supabase Auth), never stored in plain text.
  • Administrative access restricted, only for resolving technical incidents.

8. Cookies

Woodle Career only uses cookies strictly necessary for the service to function (Supabase authentication session). No advertising, third-party tracking or profiling cookies are set. No cookie consent banner is required.

9. Security incidents (data breach)

In the event of a personal data breach likely to result in a risk to your rights and freedoms,Woodle Career notifies the CNIL within 72 hours of becoming aware of it, in accordance with GDPR article 33. If the risk is high, you are also notified personally by email (article 34). An internal incident register is maintained. To report a suspected breach: dpo@woodlelab.com.

10. Contact

General questions: career@woodlelab.com
GDPR questions and rights requests: dpo@woodlelab.com