Privacy Policy
At MyTrackia, protecting your personal data is a priority. This policy describes what data we collect, why, how we use it, and what your rights are.
Table of Contents
- Who are we?
- Data we collect
- MyTrackia Save browser extension
- How we use your data
- Legal basis for processing
- Data sharing
- International transfers
- Retention periods
- Your rights
- Cookies
- Data security
- Children
- Changes
- Contact
1. Who are we?
MyTrackia is a SaaS job application management application (CRM) accessible at mytrackia.com. The data controller is:
- Name:
- Thirisan Raveendran
- Status:
- Sole trader (Auto-entrepreneur)
- SIRET:
- 10214733700012
- Email:
- contact@mytrackia.com
- Address:
- Villiers-le-Bel, France
MyTrackia is a SaaS job application management application (CRM) that allows users to track their applications, manage follow-ups, save job offers and analyze their job search activity.
2. Data we collect
We collect only the data strictly necessary for the service to function.
2.1 Data provided directly by you
- •First and last name (optional)
- •Email address (required to create an account)
- •Password (encrypted, never stored in plain text)
- •Notification preferences and account settings
- •Application content: companies, positions, statuses, dates, personal notes
- •Saved job offers and tracked recruitment sites
- •Messages sent via the contact form
2.2 Data collected automatically
- •IP address (used for security and fraud detection)
- •Browser type and version
- •Operating system and device type
- •Pages visited and actions performed in the app (via Google Analytics — subject to your consent)
- •Error logs and performance data (via Sentry)
- •Authentication session data
2.3 Data via Google sign-in (OAuth)
If you choose to sign in with Google, we receive your email address and name from Google. We do not store your Google password. We do not access any other data from your Google account.
3. MyTrackia Save browser extension
The MyTrackia Save extension is available for Chrome, Firefox and Safari. It lets you save a job offer directly from your browser.
Data read by the extension
Only when you click the extension button (an explicit action on your part) does the extension read the following from the current page:
- •Job title
- •Company name
- •Salary (if displayed on the page)
- •Contract type (if displayed on the page)
- •Location (if displayed on the page)
- •Page URL
No background data collection
The extension does not collect any data without your action. It does not run in the background, does not monitor your browsing, and only accesses job offer pages you visit.
4. How we use your data
| Purpose | Legal basis |
|---|---|
| Creating and managing your account | Contract |
| Providing the service (application tracking, follow-ups, statistics) | Contract |
| Sending transactional emails (confirmation, follow-up reminders) | Contract |
| Responding to your support requests | Contract |
| Improving the service and usage analysis | Legitimate interest |
| Fraud detection and service security | Legitimate interest |
| Audience analytics (Google Analytics) | Consent |
| Error monitoring (Sentry) | Legitimate interest |
| Compliance with our legal obligations | Legal obligation |
We never use your application data for advertising purposes. We never sell your data to third parties.
5. Legal basis for processing
Under the GDPR (EU Regulation 2016/679), each processing of your data is based on one of the following legal grounds:
6. Data sharing
We do not sell your data. We only share it with sub-processors necessary to operate the service:
| Provider | Role | Location | Processing agreement |
|---|---|---|---|
| Supabase Inc. | Database (PostgreSQL) and authentication | Singapore / EU | DPA in place |
| Vercel Inc. | Hosting and deployment | United States | DPA in place |
| Resend Inc. | Transactional email delivery | United States | DPA in place |
| Sentry Inc. | Error monitoring and performance | United States | DPA in place |
| Cloudflare Inc. | Bot protection (Turnstile CAPTCHA) | United States | DPA in place |
| Google LLC | OAuth authentication + Analytics (with consent) | United States | DPA in place |
In the event of a merger, acquisition or sale of MyTrackia's assets, your data may be transferred. You will be notified in advance with the option to delete your account.
7. International data transfers
All our sub-processors are based in the United States. These transfers outside the European Economic Area (EEA) are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, in accordance with Article 46 of the GDPR. These safeguards ensure a level of protection equivalent to that in force within the EU.
For United Kingdom users (UK GDPR): the same safeguards apply via standard contractual clauses approved by the ICO.
For Canadian users (PIPEDA): your data is processed in accordance with the principles of Canadian personal information protection law.
8. Retention periods
| Data type | Retention period |
|---|---|
| Account data | Duration of active account + 30 days after deletion |
| Applications and business data | Duration of active account + 30 days after deletion |
| Security logs | 90 days |
| Payment data | 10 years (accounting and tax obligations) |
| Analytics cookies | 13 months maximum |
| Contact messages | 3 years |
After deleting your account via the application settings, all your personal data and application data are permanently deleted within 30 days.
9. Your rights
9.1 GDPR rights (EU, UK, EEA users)
9.2 CCPA rights (California users)
- •Right to know what personal information is collected
- •Right to delete your personal information
- •Right to opt out of the sale of your data (we do not sell your data)
- •Right to non-discrimination for exercising your rights
To exercise your rights, contact us at: contact@mytrackia.com. We will respond within one month. You can also delete your account and all your data directly from the application settings.
EU/FR users: you may lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) — www.cnil.fr — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07.
UK users: you may contact the ICO (Information Commissioner's Office) — ico.org.uk.
10. Cookies
We use cookies to ensure the service works, remember your preferences and, with your consent, analyze site usage. For more details, see our Cookie Policy.
On your first visit, a banner allows you to manage your preferences. You can change your choices at any time.
11. Data security
- ✓Data encryption in transit via HTTPS/TLS
- ✓Data encryption at rest (Supabase database)
- ✓Row Level Security (RLS): each user only accesses their own data
- ✓Hashed passwords (never stored in plain text)
- ✓Secure authentication via JWT (httpOnly tokens)
- ✓Bot protection via Cloudflare Turnstile
- ✓Rate limiting on all sensitive actions
- ✓Production data access restricted to the minimum necessary
In the event of a data breach likely to pose a risk to your rights and freedoms, we commit to notifying the CNIL within 72 hours and informing you as soon as possible.
12. Children
MyTrackia is not intended for persons under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at contact@mytrackia.com and we will delete it immediately.
13. Changes to this policy
We may update this privacy policy at any time. In the event of a material change, we will notify you by email or via an in-app notification. The last update date is always shown at the top of this document. Your continued use of the service after any change constitutes acceptance of the new policy.
14. Contact
For any questions about this policy or to exercise your rights:
Email: contact@mytrackia.com
Response time: 30 days maximum (as required by GDPR).
To delete your account and all your data: Settings → Account → Delete my account.