GDPR Compliant

Privacy Policy

Last updated: March 25, 2026

Table of Contents

Introduction

standout ("we," "our," or "us") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered job search platform.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you consent to the data practices described in this policy.

Data We Collect

Information You Provide

  • Account information (name, email address, password)
  • Profile information (avatar, professional details)
  • Resume data (work history, education, skills)
  • Job application data (companies, positions, status)
  • Calendar events and reminders
  • Notes and activity logs

Automatically Collected Information

  • Device information (browser type, operating system)
  • Log data (IP address, access times, pages viewed)
  • Usage data (features used, interaction patterns)
  • Aggregated analytics events (page views, button clicks) captured through Umami

Third-Party Data

  • OAuth provider information (when using Google login)
  • Public company information (for job tracking)

Google User Data

When you sign in with Google, we collect and use your data in strict compliance with Google API Services User Data Policy, including the Limited Use requirements:

  • We only request basic profile information: name, email address, and profile picture
  • We do NOT access your Gmail, Drive, Calendar (except when explicitly enabled), or other Google services
  • Your Google data is used solely for authentication and account creation
  • We do NOT share your Google data with any third parties
  • We do NOT use your Google data for advertising or any purposes other than providing our Service
  • We will never sell your Google data

standout's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Cookies and Similar Technologies

We use cookies for essential functionality only:

  • Authentication cookies: Secure httpOnly cookies to maintain your login session (essential for service functionality)
  • CSRF tokens: Security cookies to prevent cross-site request forgery
  • No tracking cookies: We do not use advertising or third-party tracking cookies

You can disable cookies in your browser settings, but this will prevent you from using authenticated features. Our analytics are powered by Umami, which is cookieless, respects Do Not Track, and does not track individuals across sites.

How We Use Your Data

Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract: To provide our services and fulfill our agreement with you
  • Legitimate Interests: To improve our services and ensure security
  • Consent: For marketing communications and optional features
  • Legal Obligations: To comply with applicable laws and regulations

Purposes of Processing

  • Provide and maintain our services
  • Process and store your job applications and resumes
  • Send notifications and reminders
  • Improve and personalize your experience
  • Analyze usage patterns and optimize performance
  • Communicate service updates and changes
  • Prevent fraud and ensure security
  • Comply with legal obligations

Automated Decision Making

We do not use your data for automated decision-making or profiling that produces legal effects or similarly significantly affects you. All AI-powered features (such as resume optimization suggestions) are assistive tools that require your review and approval before any changes are made.

Data Protection

Security Measures

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure password hashing (bcrypt)
  • Access controls and authentication
  • Secure cloud infrastructure

Data Retention

We retain your data for as long as necessary to provide our services:

  • Active account data: Retained while your account is active
  • Account deletion: When you delete your account, we immediately remove your personal data, job applications, resumes, and account content. To prevent abuse, we retain a pseudonymized (HMAC-hashed) record of your account email for 30 days. This temporary retention record does not contain your account content and is automatically deleted after the 30-day period.
  • Expired file access records: Automatically cleaned up through scheduled maintenance
  • Legal and financial records: Retained as required by applicable laws and regulations

Data Sharing

We do not sell your personal data. We may share data with:

  • Essential service providers who operate our infrastructure (hosting, analytics via Umami, transactional email) and only process data on our behalf
  • Legal authorities (when required by law)
  • Business transfers (mergers, acquisitions)
  • With your explicit consent

Each service provider is contractually required to protect your information and use it solely to deliver standout services.

Data Breach Notification

In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR. The notification will include the nature of the breach, potential consequences, and measures we have taken or will take to address the breach.

Browser Extension

standout snapshot Extension

Our official browser extension ("standout snapshot") helps you save job postings directly to your standout account. The extension operates with strict privacy principles:

Data Collected by Extension

  • Job posting content: Only when you explicitly trigger the extension on the current page, the extension captures a snapshot of that page for job parsing or saving. This may happen on supported job boards or, for eligible accounts, on other pages where you choose to use the extension
  • Authentication data: Local extension authentication state, install credentials, and related tokens used to connect the extension to your standout account
  • Current tab URL: Used to determine how the extension should handle the current page and included in parsing or save requests when you explicitly use the extension on that page
  • Extension settings and UI state: Settings such as selected API base URL, extension configuration, recent extension state, and UI preferences used to operate the extension

Data NOT Collected

  • Browsing history or activity from pages where you did not explicitly use the extension
  • Personal information from job board accounts
  • Data from other browser tabs or windows
  • Keystrokes, mouse movements, or general browsing behavior
  • Any data when the extension is not actively used

How Extension Data is Used

  • Job posting content and page context are transmitted securely to standout only to parse, review, and save jobs to your account
  • Authentication tokens maintain your secure connection between the extension and your account
  • Extension settings and local UI state are used only to operate the extension experience you choose to use
  • No extension data is used for advertising, sold to third parties, or used for purposes unrelated to the core job-saving functionality

Extension Permissions

The extension requests only essential permissions:

  • Storage: To store local authentication state, install credentials, extension settings, and in-progress extension state
  • Active tab: To access the current page when you explicitly trigger parsing, manual review, or job saving
  • Scripting: To inject packaged extension scripts on demand for page parsing, in-page review, and manual job entry on pages outside the static content script list
  • Host permissions: To complete standout sign-in flows and communicate with standout web and API endpoints

Supported Job Boards

The extension currently works with:

  • LinkedIn
  • Indeed
  • Glassdoor
  • jobs.ch
  • Xing
  • Kariera.gr
  • EURES (European job portal)

Privacy by Design: The extension only captures and sends data when you explicitly use it on the current page, such as clicking "Read job details," using "Add job manually," or clicking the on-page "Save to standout" button on supported job pages. It never tracks your general browsing and only processes the specific page you choose to act on.

Your Rights

Under GDPR and applicable laws, you have the following rights:

Right to Be Informed

Receive clear, transparent information about how your data is collected, used, and shared (fulfilled by this Privacy Policy)

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ("right to be forgotten"), subject to limited retention required for legal obligations and the short-term abuse-prevention controls described in this policy

Right to Restrict Processing

Request limitation of how we process your data

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or direct marketing

Rights Related to Automated Decision-Making and Profiling

Not be subject to decisions based solely on automated processing that produces legal or significant effects, and request human intervention

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Age Restrictions

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

If we learn that we have collected personal data from a child without parental consent, we will delete that information immediately. If you believe we have collected data from a child, please contact us at [email protected].

International Transfers

Your data is primarily processed within the European Economic Area (EEA) on servers located in Germany. However, some data may be transferred internationally through our third-party service providers:

  • Google OAuth authentication services (United States)
  • Resend email delivery service (United States)
  • Umami Cloud analytics service (various regions)

For all international transfers, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) for transfers outside the EEA
  • Adequacy decisions where applicable
  • Additional security measures for international transfers

Contact Us

For privacy-related questions or to exercise your rights:

Email: [email protected]

You also have the right to lodge a complaint with your local data protection authority.

Policy Updates

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or through the platform.