Privacy policy

Last updated 28 May 2026 · For RemoteJobs.team (remotejobs.team). Plain English. If anything's unclear, write us — we'll fix the wording.

1. What we collect

  • Account basics — display name, email address, password hash, the avatar you uploaded or that we auto-imported, your location text.
  • Profile data — bio, profile links, categories you picked, mentor topics, "looking for" notes.
  • Invite data — who invited you, who you invited (the connection graph), invite tokens you generated, the personal note you wrote on each invite.
  • Messages — every 1:1 chat message you send is stored on our server in plain text, indefinitely, until you delete the conversation or your account.
  • Job posts — title, body, compensation, region restrictions, apply link, who posted, expiry date.
  • Activity metadata — last login timestamp, last-active timestamp, message-read receipts.
  • Server-side logs — IP address, user-agent, timestamps, rate-limit counters. Rotated after 30 days.

2. Why we collect it

  • To run the product. Profile + connection + chat + jobs are the whole service.
  • To prevent abuse. Rate-limit counters and server logs let us block spam.
  • To send you transactional email. Invite acceptance, unread-message digest, account events.

We do not track you for advertising. There are no third-party trackers on the site. We do not sell, rent, or share your data.

3. Who sees it

  • Your profile — visible to all logged-in members of RemoteJobs.team. Not visible to the public web.
  • Your connection graph — your "invited by" line, your full connection list, and your connection count are visible to all members.
  • Your messages — only you and the other party in each conversation. Operators can read messages only if explicitly requested by one of the participants (e.g. an abuse report).
  • Your email address — visible only to you. Other members message you via the in-product chat, never your email.

4. How long we keep it

  • Active account: indefinitely.
  • Server logs: 30 days.
  • Soft-deleted account: identity fields cleared (name → "Former member", email/avatar/bio cleared); connections, messages, and job-post authorship rows remain. See Data protection.
  • Hard-purged account: row removed, foreign keys nulled. Permanent, irreversible.

5. Auto-import details

At signup we ask for one URL — typically your personal site, GitHub, Mastodon, or similar. Server-side we fetch that URL once and try to extract: name, bio, avatar, location, and outbound link list. Sources we try, in priority order: Open Graph meta tags, schema.org JSON-LD Person, GitHub/GitLab/Mastodon/Gravatar/dev.to APIs, h-card microformats.

We do not store the full HTML — only the structured fields we extracted. You see a preview, can edit anything, and can re-run the import any time. We never auto-refresh on a schedule.

The fetch is hardened against SSRF: only HTTP/HTTPS, no private IPs or localhost, DNS rebinding protection, max 5 redirects, 8-second timeout, 2 MB response cap.

6. Third parties

  • Pusher Channels (or its self-hosted alternative Soketi) — real-time message transport. They see encrypted channel names + ephemeral event payloads. No long-term message storage on their side.
  • Email delivery — the deployment-time choice of Postmark / Resend / Mailgun / Google Workspace / raw SMTP. The plugin uses standard wp_mail(), the delivery path is configurable per install.
  • Gravatar — only if you opt into Gravatar fallback. Email is hashed (md5) before being sent to Gravatar.
  • Hosting — server lives on the same operator-owned machine as other CRM tenants. Encrypted at rest, backed up daily.

We do not use Google Analytics, Meta Pixel, or any other analytics or advertising tracker.

7. Your GDPR rights

You have the right to access, correct, export, restrict, object to, and erase your personal data. We do all of this self-serve from the Data protection page — no email tickets, no waiting. For the formal text and the path to the Czech supervisory authority (ÚOOÚ), see that page.

8. Get in touch

Privacy-specific questions: privacy@remotejobs.team. Anything else: the contact form.

Operator + data controller: Roman Gam, Prague, Czechia. Full identification on the contact page.

Talk to us

Bug, idea, question — anything. We read every one.

No screenshots needed — we'll come back to you if we need them.