Privacy Policy
Last updated: February 3, 2026
1. Introduction
Welcome to NextRole ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our job application tracking service, including our website and browser extension (collectively, the "Service").
NextRole is operated from France and complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our Service, you agree to the collection and use of information in accordance with this policy.
2. Data Controller
The data controller responsible for your personal data is:
NextRole
Email: privacy@nextrole.app
Location: France
If you have any questions about this Privacy Policy or our data practices, please contact us at the email address above.
3. Data We Collect
3.1 Information You Provide
- Account Information: When you create an account, we collect your email address and password (encrypted). If you sign in with Google, we receive your name and email from Google.
- Job Application Data: Job titles, company names, job URLs, locations, salary information, application status, notes, job description (if you save it), and dates you save or apply to jobs.
- Subscription Information: If you upgrade to a paid plan, we collect billing information through our payment processor (Stripe). We do not store your full credit card number.
3.2 Information Collected Automatically
- Usage Data: We collect information about how you use our Service, including pages visited, features used, and actions taken.
- Device Information: Browser type, operating system, device type, and screen resolution.
- Log Data: IP address, access times, and referring URLs.
- Cookies: We use cookies and similar technologies as described in our Cookie Policy below.
3.3 Browser Extension Data
- Job Page Content: When you save a job, our extension may read the job title, company name, location, salary, and job description from the job posting page. This data is only processed when you click "Save Job."
- Page URLs: We store the URL of job postings you save to allow you to return to them later.
- Local Storage: The extension temporarily stores session data locally on your browser for authentication purposes.
4. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the Service | Contract performance |
| Process payments and subscriptions | Contract performance |
| Send service-related communications | Contract performance |
| Improve and personalize the Service | Legitimate interest |
| Analyze usage and trends | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Send marketing communications (if opted in) | Consent |
5. Data Sharing and Third Parties
We do not sell your personal data. We share your data only with the following categories of recipients:
5.1 Service Providers
- Supabase (Database & Authentication): Stores your account and job data. Supabase is GDPR-compliant and offers EU data residency. Supabase Privacy Policy
- Stripe (Payment Processing): Processes subscription payments. Stripe is PCI-DSS compliant and GDPR-compliant. Stripe Privacy Policy
- Netlify/Vercel (Hosting): Hosts our web application. Netlify Privacy Policy
5.2 Legal Requirements
We may disclose your data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
6. Data Storage and Security
6.1 Data Location
Your data is primarily stored in the European Union through our service provider Supabase. Some data may be processed in the United States by our payment processor (Stripe), which complies with EU-US data transfer mechanisms.
6.2 Security Measures
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure password hashing (bcrypt)
- Row-level security (RLS) in our database
- Regular security audits and updates
- Access controls and authentication
6.3 Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Specifically:
- Account data: Retained until you delete your account
- Job application data: Retained until you delete it or your account
- Payment records: Retained for 7 years for tax and legal purposes
- Log data: Retained for 90 days
7. Your Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your data ("right to be forgotten").
- Right to Restrict Processing: Request limitation of how we use your data.
- Right to Data Portability: Request your data in a machine-readable format.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent).
To exercise any of these rights, please contact us at privacy@nextrole.app. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr
8. How to Delete Your Data
You can delete your data in the following ways:
- Individual jobs: Delete specific jobs from your dashboard.
- Account deletion: Go to Settings → Account → Delete Account. This will permanently delete all your data.
- Email request: Send a request to privacy@nextrole.app and we will delete your data within 30 days.
Note: Some data may be retained for legal or legitimate business purposes (e.g., payment records for tax compliance).
9. Children's Privacy
Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@nextrole.app.
10. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
- Binding corporate rules
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.
We encourage you to review this Privacy Policy periodically for any changes.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@nextrole.app
Response time: Within 30 days