Legal

Privacy Policy

← Back

Last updated: 16 April 2026  ·  STOICNORD  ·  Estonia

1. Who we are

STOICNORD (stoicnord.com) is the data controller for personal data processed through this service. We are registered and operate in Estonia, European Union. Contact: [email protected]

2. Data we collect

Account data: username, email address, password (stored securely — never in plain text), optional profile fields (full name, phone, location, job title, LinkedIn, website, bio).

Job tracker data: job applications you create, including company, position, salary, contact details, and notes. Sensitive fields are encrypted at rest.

Resume data: content you enter into resumes and cover letters — work experience, education, skills, and other professional information.

Job board data: job postings you create as a recruiter, including company name, contact email, and job details.

Technical data: server logs may retain your IP address for up to 30 days for security and abuse prevention.

3. Legal bases (GDPR Art. 6)

  • Contract (Art. 6(1)(b)): processing necessary to provide the service you signed up for
  • Legitimate interest (Art. 6(1)(f)): server logs for security monitoring and fraud prevention
  • Legal obligation (Art. 6(1)(c)): payment and billing records as required by law

4. Third parties

Cloudflare: DNS, CDN, and DDoS protection. All traffic to stoicnord.com passes through Cloudflare's network. Cloudflare may process IP addresses and request metadata as part of this service. Cloudflare is certified under EU adequacy frameworks and compliant with GDPR.

Stripe: payment processing. Your card details go directly to Stripe — we never see or store them. Stripe's privacy policy applies to payment data. Stripe is EU-certified under adequacy frameworks.

Resend: transactional email (password reset, application notifications). Only the minimum data required to deliver the email is shared.

We do not use advertising networks, analytics platforms, or sell your data to any third party.

5. Data storage and security

Data is stored on a server in the EU (Hetzner, Germany). The database is encrypted at rest. Access is restricted to authorised personnel only. We apply technical and organisational measures in line with GDPR Art. 32.

6. Retention

Your data is retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days. Billing records may be retained for up to 7 years as required by Estonian accounting law.

7. Cookies

We use one session cookie to keep you logged in. No tracking cookies, no advertising cookies, no third-party cookies.

8. Your rights

Under GDPR you have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate data (most fields editable directly in your account)
  • Erasure — delete your account and all associated data
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — request we limit processing in certain circumstances
  • Objection — object to processing based on legitimate interest

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Complaints

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee) or the supervisory authority in your EU member state.

10. Changes

Material changes to this policy will be communicated by email or in-app notice at least 14 days before taking effect.

11. Contact

Data protection enquiries: [email protected]