Last updated 28 April 2026

Privacy Policy

This policy explains how Career in Coffee handles personal data for candidates, employers, and site visitors during the public beta. It is intended to be clear and practical, but it should be legally reviewed before a wider commercial launch.

Career in Coffee is the controller for the platform data described here. For privacy requests, contact privacy@careerincoffee.com.

Summary

We collect what the service needs

Account, candidate, employer, application, and technical security data.

We use it for recruitment

To run profiles, adverts, applications, alerts, account security, and support.

You stay in control

You can request access, correction, export, deletion, restriction, or objection where rights apply.

Account and access data

  • Email address, password hash, account type, verification status, login/session records, refresh tokens, and security events.
  • Messages you send to us about your account, support requests, privacy requests, or reported issues.

Candidate data

  • Profile details such as name, contact details, location, headline, work preferences, right-to-work responses, experience, skills, certifications, equipment, and languages.
  • CVs, photos, application details, cover letters, saved jobs, saved searches, notification preferences, and application status history.

Employer data

  • Company profile details, trading name, company type, business type, locations, contact details, social links, logos, and public company content.
  • Job adverts, applicant review activity, notes, shortlisting or rejection decisions, and communications connected with applications.

Technical and operational data

  • IP address, browser/device data, request logs, error logs, rate-limit events, audit logs, and backup records needed to run and secure the service.
  • Email delivery status for account, verification, password reset, job alert, and application messages.

How we use data and our lawful bases

Providing the recruitment service

We use candidate and employer data so users can create accounts, manage profiles, publish adverts, search jobs, apply for roles, and manage applications.

Lawful basis: Contract or steps before entering into a contract; legitimate interests where needed to operate the marketplace.

Account security and abuse prevention

We use authentication, audit logs, rate limits, security checks, and service logs to protect accounts, investigate misuse, and keep the platform reliable.

Lawful basis: Legitimate interests and, where required, legal obligation.

Service communications

We send essential account, verification, password reset, application, and service messages. Job alerts or marketing-style updates should only be sent where the user has enabled or agreed to them.

Lawful basis: Contract, legitimate interests, and consent where a message is optional.

Legal, compliance, and user requests

We keep records where needed to respond to data rights requests, enforce terms, resolve disputes, protect users, or comply with applicable law.

Lawful basis: Legal obligation and legitimate interests.

Who we share data with

  • Candidates: profile and application information is shared with the employer connected to a role when you apply or otherwise choose to make that information available.
  • Employers: public company profile and job advert information is visible to site visitors and registered users where published.
  • Service providers: hosting, database, email, backup, security, monitoring, and development providers may process data for us under appropriate instructions and safeguards.
  • Legal and safety: information may be shared if required by law, court order, regulator request, fraud prevention, security incident response, or to protect users and the service.

Cookies, local storage, and analytics

We use essential authentication storage so users can sign in and keep sessions secure. We are not currently running advertising cookies or third-party analytics in public beta. If optional analytics or marketing cookies are added later, this page and the consent flow should be updated first.

Automated decisions

Career in Coffee does not currently make solely automated decisions that produce legal or similarly significant effects. AI-assisted CV or matching features are not part of the current public-beta focus and should be covered by an updated notice before being enabled for users.

Retention

We keep personal data for as long as needed to provide the service, protect users, meet legal obligations, resolve disputes, and maintain security records. Account, profile, CV, application, advert, audit, and backup records may have different retention periods. If you delete your account, we aim to remove or anonymise account-linked data unless we need to retain limited records for legal, security, audit, or dispute reasons.

Your rights

Depending on the data and lawful basis, you may have the right to:

  • access the personal data we hold about you;
  • ask us to correct inaccurate or incomplete data;
  • ask us to delete data where there is no good reason for us to keep it;
  • ask us to restrict or object to certain processing;
  • ask for a portable copy of data you provided to us where the right applies;
  • withdraw consent at any time where processing depends on consent.

You also have the right to object to processing based on legitimate interests. To exercise rights, contact privacy@careerincoffee.com or use account deletion/export tools where available.

Security

Passwords are stored as hashes, account sessions use short-lived access tokens with refresh-token rotation, and production traffic is served over HTTPS. Access to production systems is limited to authorised operators and administrators.

International transfers

The current production service is intended to operate from UK-controlled infrastructure. Some service providers, email systems, development tools, or future analytics providers may process data outside the UK. Where that happens, we should use appropriate transfer safeguards and update this notice with clearer provider details.

Contact and complaints

Contact us at privacy@careerincoffee.com. If you are unhappy with how we handle your request, you can complain to the UK Information Commissioner's Office.

This privacy policy may change as the beta develops. Material changes should be communicated through the site or account email where practical.