Introduction

Welcome to nPloy’s Privacy Policy. We are committed to protecting your personal data and processing it in compliance with all applicable privacy laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant global data protection frame works. This Policy explains how we collect, use, store, and share your information when you use our globally distributed job board platform. It also outlines your rights and how you can exercise them. We prioritize privacy-by-design and ad here to transparency, security, and accountability in all our data practices.

By using nploy.net you agree to the practices described in this Privacy Policy. If you do not agree with these practices, please do not use our services. We may update this Policy periodically to reflect changes in legal requirements or our services, with updates posted on this page and, when required, notified to you via email or in-platform notification. The “Last Updated” date at the top indicates when the latest changes became effective.

Data we collect

Personal Data Categories: We collect various types of personal information to provide and improve our services:
‍
- Account Information: When you register, we collect information like your name, email address, and phone number, and you create login credentials (username and password). Employers creating accounts provide contact details, company name, and role/title.

- Profile Data: You may choose to add details to your profile such as your resume/CV, professional experience, education, skills, languages, location (city, country), and a profile photo. Providing additional profile information is optional but can enhance job matching (for example, seeing more suitable jobs, and helping employers find you based on your skills).
   
- Sensitive personal data (e.g., racial or ethnic origin, political opinions, religious beliefs, or health information) should only be included if you consent to its processing and display. We advise against posting sensitive data on public profile sections.

- Job Application Data: When you apply for jobs through our platform, we collect the information in your application: your resume/CV, cover letters, answers to application or screening questions, assessment or test results, interview scheduling and feedback, and any other data you submit as part of the application process. We also keep records of your application status (e.g., whether you were interviewed, hired, or rejected).

- Employer Provided Data: Employers may upload or input information about job listings and, in some cases, notes about candidates. If you are an employer representative, we collect your business contact details and any verification information needed (such as business registration or tax ID).

- Usage Data: We automatically collect data about how you use our platform. This includes device information (e.g., device type, operating system), browser type, IP address, dates/times of access, and activity logs (e.g., pages viewed, clicks, search queries)​ We may also collect general location data from your IP address for fraud prevention and to show relevant job postings.

- Cookies and Tracking Data: Through cookies and similar technologies, we collect information about your interactions with our site (see our Cookie Policy below for details). This data may include your browsing behavior on the platform, preferences (such as language or saved jobs), and referrals from marketing campaigns​

- Third-Party Integrations: If you choose to integrate or log in via third-party services (for example, signing in with LinkedIn or Google), we receive certain profile information from those services, like your name, email, and public profile, as permitted by the third party and authorized by you. We also receive data when you link your account to other services (such as an Applicant Tracking System or calendar for scheduling interviews).

- AI-Processed Data: To improve matching and recommendations, your experience and various processes in job search, we may use AI tools to analyze profile and job data. This could include parsing resumes to extract skills or using algorithms to suggest jobs or candidates. Any AI processing is subject to human oversight, especially for significant decisions, as explained in the Automated Decision-Making section below.

We do not intentionally collect data from children under 16. Our services are intended for adult job seekers and employers. If we learn that a child under 16 has provided personal data, we will delete it unless a parent or guardian consents, in compliance with laws like GDPR and COPPA (Children’s Online Privacy Protection Act).

How we collect data

We collect personal data through several methods: 
-Directly from You: Most data is provided by you. For example, you enter information during account registration, profile setup, or when applying to a job. You also directly give us data when you communicate with us (e.g., contacting support or completing surveys).
‍
- Job Applications: When you apply to a job posted on our platform, you submit personal information which we forward to the employer. If the application is hosted on our site, we collect the data you input. If we redirect you to an employer’s site, we may record that the click happened for our analytics, but further details are collected by the employer directly.

- User Communications and Chats: Our platform offers in-app messaging between candidates and employers. These communications are stored and monitored to ensure policy compliance and to facilitate your ongoing discussions about job opportunities.

- Automated Technologies (Cookies & Similar): We use cookies, web beacons, and similar tracking technologies to collect usage data when you visit our site​. Cookies help us recognize you, remember your preferences, and understand how you navigate through the site (see Cookie Policy for more details). We also use these tools for analytics (to see how many users visit certain pages, for instance) and for advertising (to show relevant job ads on our site or     partner sites).

- Third-Party Sources: We may obtain information from third parties. For example, if an employer uses a third-party background check or assessment service as part of hiring, they may share the results with us. Or, if a job seeker’s profile is public on an external professional network and marked as open to job opportunities, we might collect that data to suggest our platform to them (where permitted by law). We ensure any third-party data is gathered with a lawful basis and that you’re informed via this Policy or at the time of collection.

- AI and Automated Collection: We deploy automated systems to gather and analyze certain data. For example, we might use algorithms to scan job descriptions for keywords to improve search results or to analyze resumes for matching to job criteria and automated profile completion. These systems may collect metadata (like how many times a certain skill appears in a resume or job post).

Purpose of processing

We process personal data for the following purposes, and we always ensure that we have a valid legal basis (explained in the next section) for each:

- Job Search and Matching: To enable you to search for jobs, be discovered by employers, and receive job recommendations. For candidates, this means using your profile, search history, and preferences to suggest relevant jobs. For employers, this means using job posting details to match with suitable candidates. We also use personal data to power features like saved searches, job alerts, and matching notifications.

- Job Applications: To facilitate the job application process. We use your data to send your applications to employers, track application status, and notify you of updates (interview requests, job offers, etc.). We may also analyze application data to improve our services (for instance, to suggest resume improvements or to help employers identify qualified applicants).

- User Account Management: To create and maintain your account, authenticate you when you log in, and provide you with customer service. This includes remembering your settings and preferences (like preferred language, notification choices) and enabling features like account recovery, two-factor authentication, and profile visibility controls.

- Communications: To send administrative information, such as confirmations, technical notices, updates, security alerts, and support messages. We also send you marketing communications as you have opted in during registration or if it’s within our legitimate interests under applicable law (such as career     advice newsletters, relevant job openings, or employer updates). You can opt out of marketing emails at any time. Transactional and service messages (like application status updates or changes to our terms) are sent as needed.

- Platform Improvement and Analytics: To monitor, maintain, and improve our platform and services. We analyze how users interact with the site, which features are used or ignored, and where users encounter errors. This helps us debug issues, design better user experiences, and create new features. Data is often aggregated or anonymized for these purposes. For example, we might track the number of job applications submitted per month or how many users use a new search filter, without directly identifying individuals in such analysis.

- Personalization: To personalize your experience. This could involve customizing the content you see, such as jobs recommended for you, showing relevant candidates to employers, or pre-filling forms with your information. We might also use cookies to remember your preferences (e.g., dark mode, font size).

- Fraud Prevention and Security: To keep our platform safe. We use personal data (like device information, IP addresses, and behavioral signals) to detect and prevent fraudulent activity, spam, abuse, or other policy violations. This may include verifying user identities, blocking suspected malicious logins, detecting fake accounts or multiple accounts, and ensuring real humans are using the service (not bots).

- Legal Compliance: To comply with legal obligations to which we are subject. This includes adhering to employment laws, data protection laws, and cooperating with lawful requests from authorities. For instance, we might retain certain data to comply with financial reporting requirements or respond to a subpoena or valid law enforcement request​. We also process data to exercise or defend legal claims, such as keeping records of consent or     communications in case of disputes.

- Service Providers and Integrations: To use third-party services that support our operations (detailed in “Data Sharing” below). For example, we use cloud storage to host data, analytics providers to understand platform performance, and communication tools to send emails or texts. We share the necessary data with these providers so they can perform services on our behalf, and we ensure any processing by them is solely for our purposes and under our instructions.

- Marketing and Advertising: Where permitted, to show you relevant advertisements and measure their effectiveness. This might include using cookies to deliver job ads on our site or third-party sites related to your interests or using limited personal data to reach you with ads on social media (only in jurisdictions where appropriate consent or legal basis is obtained). We do not sell your personal data for money. If we ever consider “sharing” data in     the context of targeted advertising (as defined by laws like CPRA), we will provide a clear opt-out mechanism (such as a “Do Not Sell or Share My     Personal Information” link for California residents).

- Research and Development: To conduct research, including analysis of the labor market or improving artificial intelligence algorithms. Any published insights or reports will use aggregated or anonymized data unless we have your consent for identifiable data. If we test new technologies (like new matching algorithms or AI assessments), we may use some real user data under strict controls and, where feasible, additional anonymization/pseudonymization.

- Process optimization and automation: To provide you with a better user experience in the platform and automate certain processes, such as creating a profile with professional experience for example.
‍

Legal Bases for Processing (GDPR-specific)

Under GDPR, we must have a valid legal basis for processing your personal data. Depending on the context, one or more of the following bases apply:

-  Contract Performance: Much of our data processing is to fulfill our contract with you - i.e., the Terms of Service you agree to by using our platform. When you create an account and use our services (or when an employer posts jobs and reviews candidates), we process your data as necessary to provide those services. For example, transmitting a job application to an employer, or displaying your profile to matched employers, is done to perform the job-matching services you requested. Without this data, we cannot provide core features of our platform.

- Legitimate Interests: We process certain data as needed for our legitimate interests (or those of third parties), provided those interests are not overridden by your data protection rights. We rely on legitimate interests for purposes such as: improving and securing our platform, preventing fraud, personalizing user experience, and sharing data within our corporate family to enhance services. When we rely on this basis, we carefully consider and balance any potential impact on your rights. For example, it’s in our legitimate interest to analyze site usage to improve functionality, and we ensure this does not unduly infringe on user privacy (often by using aggregated data). You have the right to object to processing based on legitimate interests (see User Rights below), and we will honor such objections unless we have compelling grounds or legal reasons to continue.

- Consent: We ask for your consent for certain processing activities when required. For instance, we obtain your consent to use certain non-essential cookies (analytics/advertising cookies). If we introduce features like AI-driven assessments or personality tests, we would seek your consent before you participate. Where consent is our legal basis, you have the right to withdraw consent at any time (with effect going forward), and we will stop that     processing. Withdrawing consent won’t affect the lawfulness of processing done before the withdrawal.

- Legal Obligation: Some data processing is required to comply with our legal obligations. This can include keeping transaction records for tax/regulatory purposes, responding to valid data subject requests under GDPR/CCPA/PIPEDA, or honoring opt-out signals (like “Do Not Sell/Share” requests in     California). If authorities lawfully require us to retain or share certain data (for example, under employment equity laws or in response to a court order), we process data under this basis. We only fulfill government or law enforcement requests where we’re legally compelled to do so, or where disclosure is necessary to prevent crime or harm, in line with applicable law.

- Public Interest (if applicable): If at any point we handle data as part of a task in the public interest (like a research initiative in collaboration with a governmental body or for statistical purposes mandated by law), we would rely on this basis. Currently, our processing is primarily based on the bases above (Contract, Legitimate Interests, Consent, Legal Obligation).

For California Residents: We ensure that our legal basis equivalents under CPRA are met. For example, if we use your data for what CPRA calls “business purposes,” it often aligns with Contract or Legitimate Interests. If we ever were to engage in practices considered a “sale” or “sharing” of personal data under California law, we would do so only if you have not opted out after clear notice. We do not sell personal data for monetary value. If we provide targeted advertising, it’s under an appropriate basis and with the required opt-outs(see User Rights).

‍For Canadian Users: We obtain “meaningful consent” for data collection, use, and disclosure under PIPEDA, except where an exception applies. By using our service and providing personal information, you imply consent for us to use the data to fulfill the identified purposes of the service. Where required (for sensitive information or new purposes), we will seek express consent. You have the right to withdraw consent as noted above, though this may limit our ability to provide certain services (we will inform you of such consequences if you withdraw consent).

Data Retention

We retain personal data only as long as necessary to fulfill the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Retention periods can vary based on the type of data and user (candidate vs. employer), as well as legal obligations in different jurisdictions:

- Active Accounts: If you have an active account, we retain your account data, profile, and posted content for as long as you maintain the account. We consider the account lifetime to cover the duration of our relationship with you.

- Job Applications: Application data (your resumes, cover letters, answers) is generally retained as long as needed for the job process and any related legal periods. We typically keep application data for 6 months after the application (As per GDPR law). This allows employers to review past candidates if similar roles open and allows us to provide you with feedback or referrals. However, if an application was sent to an employer, that employer may retain a copy independently (see Employer Access below).

- Employer Data: Employers may have access to candidate data for a limited time through our platform (e.g., the duration of a job listing plus a short period after for hiring). We may limit how long employers can view your profile or application through our site (for example, an employer loses access to candidates’ data 6 months after the application took place, to encourage data minimization). Nevertheless, if employers have downloaded or copied data externally, they become independent data controllers of those copies and are responsible for their own retention practices. We contractually oblige employers to comply with privacy laws, which typically require them not to keep personal data longer than necessary. If you are to delete your account in     nploy.net, we inform all employers that have had access to your personal data that you have withdrawn your consent for data processing and they     should proceed to delete your data from any external sources they have stored it in. We cannot guarantee that they will comply with this and it is outside of our control, however we always inform them to do so.

- Communication Records: If you’ve communicated through our platform (messages between candidates and employers, or with support), we retain those communications for at least as long as your account is active and thereafter as needed for troubleshooting, record-keeping, or legal purposes.  

- Legal Requirements and Backup: We may retain certain information for longer if required by law (for example, some financial transaction records might be kept for 7 years for tax/regulatory audits). Additionally, data might persist in secure backups for a short duration beyond the active retention period, but we have processes to purge or anonymize data from backups once it’s no longer needed. Backup data is protected and used only for disaster recovery.

- Deletion and Anonymization: When data is no longer needed, we either delete it or anonymize it. Deletion involves securely erasing data from our systems. Anonymization means we strip personal identifiers so that data can no longer be linked to an individual - we might do this for statistical analyses or to improve our services without keeping identifiable records.

- Retention Extensions: In some cases, users ask us to retain data longer (e.g., a candidate may want their profile on file even if not active in job searching, or an employer might have ongoing candidate pools). With consent, we will adjust retention accordingly. Conversely, if you want your data deleted sooner,     you have the right to request deletion (as described in User Rights) and we will honor such requests in line with applicable law.

Data Sharing and Third-Party Disclosures

We respect your privacy and share personal data only in ways described in this Policy, mainly to operate the job board and comply with legal obligations. Key scenarios where we share data:

- With Employers (Job Applications): If you are a job seeker and apply to a job or “match” with an employer on our platform, your personal data will be shared with that employer. Before a mutual interest (“match”), other users (employers) can typically see only limited profile information (e.g., your work experience summary or skills, without your name or contact info). Once you express interest in an employer and they reciprocate (or you submit an application), the information you’ve provided (full profile, resume, contact details, application answers, etc.) becomes visible to that employer​. Employers will use this data to evaluate your candidacy and communicate with you. Important: Employers are separate entities; while we contractually require them to handle your data lawfully and securely, any information they download or retain becomes part of their own records. If you wish to have your data removed by an employer, you should contact them directly. However, you can delete your account in our platform, which will prevent further access through our interface (though it won’t retract emails or files already in the employer’s possession).

- With Candidates (Employer Profiles): If you are an employer user, the information you add to job postings and company profiles (company description, job details, location, etc.) will be visible to job seekers. Personal contact info of employer representatives is generally not public on job posts (unless you choose to include it). Candidates may see your name or work email only after an application progresses or through direct communication.

- Service Providers (Processors): We use trusted third-party service providers to help run our business. These include hosting providers (for data storage and backend services), email/SMS delivery services, analytics providers (to help us analyze usage), payment processors (if applicable for any paid services on the platform), customer support tools, marketing and advertising partners, and security services (like cloud-based firewalls or fraud detection services). We share only the data necessary for them to perform their functions. For example, our email service gets your email address and name to send     account alerts; our analytics provider gets pseudonymized identifiers and usage events. All service providers are bound by contracts that require them to only use the data per our instructions and to protect it in line with this Policy and applicable laws​. When these providers are outside your country, we ensure lawful cross-border transfer mechanisms (see International Data Transfers below).

- Affiliates and Related Companies: If nploy.net is part of a group of companies or has subsidiaries, we may share data within that corporate family to streamline operations and improve services. For instance, if we have affiliate job platforms in other regions, sharing data can help connect you to opportunities on those platforms. All affiliated entities will uphold privacy protections equivalent to those described here. If any affiliate has access to EU     personal data, they will abide by GDPR and (if outside the EU) appropriate transfer safeguards.

- Third-Party Integrations: When you choose to use integrations, we share data at your direction. For example, if you decide to auto-import your profile from a third-party resume builder or export your data to a career service, we will send data with your consent. If an employer uses an external Applicant Tracking System (ATS) integrated with our platform, applicant data may be sent directly into that ATS. In such cases, the ATS’s privacy policy may also apply. We strive to work only with partners that meet high privacy standards.

- Legal and Safety Disclosures: We may disclose personal data when required by law or necessary to protect rights and safety. This includes responding to lawful requests by public authorities (such as subpoenas, court orders, or government demands under applicable law)​. We will carefully review each request and only comply if required and appropriate. We may also share information when we believe it’s necessary to investigate or prevent illegal activities, suspected fraud, situations involving potential threats to anyone’s physical safety, violations of our Terms of Service, or as evidence in litigation in which we are involved. For example, if we detect a scam job posting deceiving candidates, we may report relevant information to law enforcement.

- Business Transfers: If nploy.net is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your data may be transferred as part of that transaction. We would ensure the new owner continues to honor  this Privacy Policy or provides a comparable level of protection. You will be notified via email and/or a prominent notice on our site of any change     in ownership or use of your personal data, as well as any choices you may have regarding your personal data.

- Aggregate or De-Identified Data: We may share data that has been aggregated or anonymized, so it no longer identifies you personally. For example, we might publish reports on job market trends (e.g., “X% increase in tech job postings in Canada this year”) or share statistics with advertisers and partners. Such information does not contain personal data and is not subject to this Policy in the same way, because it cannot be traced back to an individual.

Cross-Border Data Sharing: Because the platform operates globally, data may be accessed by employers or service providers in various countries. Whenever personal data moves from one jurisdiction to another, we take appropriate steps to ensure it remains protected.

We do not sell your personal information to third parties for profit. In the context of CCPA/CPRA, “sell” and “share” have specific definitions (selling is transferring data for monetary or other valuable consideration; sharing is disclosing for targeted advertising purposes). We do not engage in selling your data for money. We may engage in limited “sharing” for targeted advertising (to show you relevant job ads), but only in compliance with law and providing applicable opt-outs. If you opt out, we will cease such activities for your data.

International Data Transfers

nPloy is accessible worldwide. By using our services, your personal data may be transferred to and processed in countries other than your own. We know that different countries have different data protection laws, so we implement safeguards when transferring data internationally:

- European Economic Area (EEA), UK, and Switzerland: If you are in these regions, your personal data may be transferred to countries outside the EEA/UK/Switzerland. When we transfer data out of these regions, we ensure a legal transfer mechanism is in place. Typically, we use the European Commission’s Standard Contractual Clauses (SCCs), which are contractual commitments between our entities or between us and our service providers to protect your data according to EU standards. These clauses bind the recipient of the data to protect it and give you enforceable rights. In some cases, transfers may be justified by an adequacy decision (for example, transfers to Canada’s private sector under PIPEDA are permitted because the EU deems Canada’s laws adequate) or other safeguards allowed by GDPR (like binding corporate rules, if applicable).

- Cloud Providers: Many of our service providers operate globally. We contractually require them to apply consistent protections. For instance, if we use a U.S.-based cloud service to host data, that provider either has SCCs or another mechanism in place and is often certified under frameworks like the Data Privacy Framework, committing to EU-level privacy standards.

- Your Responsibilities: If you as a user are transferring data (for example, if an EU employer downloads a U.S. candidate’s resume), you become an independent controller of that data. It’s your responsibility to handle that data lawfully (for instance, EU employers should treat that resume according to GDPR even if the candidate is abroad). We encourage all our users to respect privacy and use the data obtained through our platform only for the intended job-search purposes.

By using our site, you understand that your data may be stored on servers located in different countries. However, no matter where your data is processed, we employ the same protections described in this Policy, and we comply with all applicable data transfer laws to safeguard your information.

Data Security

We take data security seriously and have implemented a variety of technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include:
‍
- Encryption: We enforce HTTPS (TLS encryption) for all data transmissions on our site, ensuring that any data you input (like login credentials or application details) is encrypted in transit. Sensitive fields (passwords, certain personal identifiers) are stored in encrypted or hashed form in our database. For example, passwords are salted and hashed, not stored in plain text.

- Access Controls: We limit access to personal data strictly to employees and contractors who need it to operate, develop, or improve our services. Access is controlled through role-based access control, multi-factor authentication for our internal systems, and logging of administrative access. Staff are trained in confidentiality and data handling.

- Network & System Security: Our servers are protected by firewalls and monitoring systems. We regularly update and patch software to address security vulnerabilities. We use intrusion detection and prevention systems to alert us of suspicious activities. If we store data with cloud providers, we leverage their     advanced security features as well (like cloud-based firewalls, DDoS protection, etc.).

- Testing and Audits: We perform security testing, including vulnerability scanning and penetration testing, on our applications. We may also engage independent security experts to audit our practices. Any findings are promptly addressed. We maintain compliance with industry standards and best practices.

- Data Minimization: We collect only the data that’s needed for the purposes described, and we retain it only as long as necessary (as detailed in Data Retention). By minimizing what we store and how long we keep it, we reduce the risk associated with your data. When data is no longer needed, we dispose of it securely.

- Physical Security: Our data centers (through our cloud providers or hosting facilities) have strong physical security controls. This may include 24/7 monitoring, controlled access, biometric locks, secure off-site backups, and redundancy to protect against hardware failures or disasters.

- Monitoring and Incident Response: We continuously monitor for potential security breaches and have an incident response plan in place. If we detect a security incident that affects personal data, we will act swiftly to mitigate it, secure the system, and investigate. In the unfortunate event of a data breach     involving your personal data, we will notify you and relevant authorities as required by law, and provide information on steps we are taking and any steps you should take to protect yourself.

- User Responsibilities: You also play a role in keeping your data safe. We urge you to use a strong, unique password for our platform and to keep your login credentials confidential. Beware of phishing attempts - nPloy will never ask for your password via email. Always ensure you log out of shared devices and update your password if you suspect any unauthorized access to your account.

- PCI Compliance (if applicable): If at any point we handle credit card information (e.g., for employers purchasing services), we will comply with the Payment Card Industry Data Security Standard (PCI-DSS) to protect payment information. Currently, if payments are involved, we rely on certified third-party payment processors, so we do not store full credit card details on our systems.

- No Guarantee: While we are dedicated to protecting your information, no system is 100% secure. However, our commitment is to constantly improve and make every reasonable effort to protect your data. We also will never ask for highly sensitive personal data that is irrelevant to job searching (like social security numbers, financial account info for job seekers, etc.) on our platform - if you encounter any suspicious requests purporting to be from us, please report them.

User Rights

Depending on your region, you have specific rights regarding your personal data. nPloy extend score privacy rights to all users globally, and we specifically ensure compliance with GDPR for EU users, CCPA/CPRA for California users, and PIPEDA for Canadian users. Your principal rights include:

- Right to Access: You can request confirmation if we are processing your personal data, and if so, request access to that data. This includes the categories of data, purposes of processing, any third parties we’ve shared it with, and a copy of the actual personal data we hold about you​. For EU users, this aligns with GDPR Article 15. For California users, this is the “Right to Know” about personal information collected, used, or disclosed. Canadian users similarly have access rights. We will provide this information free of charge, within one month (or the legally allowed timeframe) of verifying your identity. If additional time is needed or the request is complex, we will inform you of the extension.

- Right to Rectification (Correction): If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction​. This includes updating outdated info or completing incomplete info. For instance, if your name is misspelled or you want to update your contact number, you can do so in your account settings or by contacting us. You can edit personally any personal data that we store about you in the platform. We encourage you to keep your profile information up-to-date for optimal service. Under CPRA, Californians have an explicit right to correct inaccurate personal data. We will correct the information or, if necessary, provide an explanation if we cannot fulfill a request (for example, if we dispute the accuracy and have lawful grounds to maintain the data as is, which is rare).

- Right to Deletion: You may request that we delete your personal data​. For EU users, this is the “right to be forgotten” (with limitations if the data is still needed or     we have a legal obligation to keep it). California users can request deletion of the personal information we collected from them. Canadian law (while not having an absolute deletion right) allows withdrawal of consent which leads to us removing data that is no longer necessary, and the     Office of the Privacy Commissioner in Canada supports the ability to remove online info. If you request deletion, we will remove or anonymize your data in our systems, and instruct service providers to do the same, subject to any legal retention requirements.

- Important: Deleting your data means we will also need to close your account, and you will lose access to our services (including your profile, application history, etc.). We will notify you of this outcome, and you can choose to sign up again later as a new user if you wish. Some data cannot be fully erased -     for example, data you shared in a job application may reside with the employer, and we cannot force them to delete it. Also, certain logs or records may be kept to comply with law or for security (we’ll inform you if any such exceptions apply).

- Right to Data Portability: For EU users (GDPR Article 20) and similarly under CPRA for Californians (as part of access requests), you can request a copy of your personal data in a common, machine-readable format. This typically includes the data you provided us (e.g., your profile info, resumes, cover letters, etc.) and data generated by your activity (to the extent required by law). We will provide this either through a downloadable file or via your account     interface. This allows you to reuse your data elsewhere if you want (for instance, to upload your profile to a different service).

- Right to Object / Opt-Out: In certain cases, you have the right to object to our processing of your data. For EU users, you can object to processing based on legitimate interests or for direct marketing. If you object to marketing, we will stop sending it (also achievable simply by unsubscribing). If you object     to processing based on legitimate interests, we will evaluate if we have compelling grounds to continue; otherwise we will cease the processing in     question. For example, you can object to profiling used for personalization - if not compelling, we will stop using your data for that purpose. Under CPRA, California residents have the right to opt out of the “sale or sharing” of personal data. Additionally, CPRA gives the right to opt out of automated decision-making technology; while regulations on this are evolving, we will treat verified requests to opt out of any purely automated processing that has legal or similarly significant effects on you in accordance with the law.

- Right to Restrict Processing: EU users have the right to restrict processing in certain circumstances (for example, if you contest the accuracy of data or have objected, and we’re verifying whether our grounds override yours). While restricted, we will store the data but not use it until resolved. If you request restriction, we’ll let you know if it’s feasible or if we must refuse (and reasons).

- Right to Withdraw Consent: If we process your data based on consent, you can withdraw that consent at any time. For example, you can withdraw consent for marketing emails by unsubscribing, or for cookies by adjusting your cookie preferences (see Cookie Policy). Withdrawal does not affect the lawfulness of processing done prior, and if you withdraw consent for a service that requires it (like location-based job suggestions), you might lose access to that feature.

- Right to Non-Discrimination (CCPA/CPRA): California users exercising their privacy rights (access, deletion, opt-out, etc.) are entitled to non-discriminatory treatment. This means we will not deny you services, give you a different quality of service, or charge you differently simply because you exercised your privacy rights. However, note that some functionality that requires your data may not work if you request deletion or opt out of certain processing (for instance, if you ask us to delete all your data, we cannot provide job matching to you).

- Right to Limit Use of Sensitive Personal Information (CPRA): If we collect “sensitive personal information” (SPI) about California residents (such as precise geolocation, race, union membership, etc.), CPRA allows users to limit our use of that information to only what is necessary to provide services. We generally do not collect most types of SPI, but for any we do (e.g., you voluntarily providing demographic info for diversity purposes), we will only use it for the purpose collected (improving inclusive hiring, etc.).

- Automated Decision-Making: For users in jurisdictions with rights around automated decisions (EU GDPR Article 22, and similar rights under CPRA to opt out of automated decision-making technology), you have the right not to be subject to a decision based solely on automated processing that significantly     affects you. nPloy does not make any hiring decisions - those are made by employers. Some features like matching algorithms or automated screening     may be used, but they do not make final decisions with legal effect.  

- Right to Lodge a Complaint: If you believe we have infringed your data protection rights, you have the right to complain to a supervisory authority. EU users can contact their country’s Data Protection Authority (DPA) or our lead DPA if one is specified (we will provide relevant contacts upon request). UK users can reach out to the ICO; Canadian users can contact the Office of the Privacy     Commissioner of Canada (OPC); California users can reach the California Privacy Protection Agency or the state Attorney General’s office. We     encourage you to contact us first, so we can address your concerns directly - we are committed to resolving privacy issues amicably and swiftly.

- Right to Challenge Compliance (Canada): PIPEDA provides the right for individuals to challenge an organization’s compliance with the law. You can do this by contacting our Data Protection Officer or privacy team (contact info below). We will investigate all complaints and respond.

How to Exercise Your Rights: You can typically exercise many rights through your account settings (e.g., accessing and editing your profile, downloading your resume data, deleting your account). For more formal requests (access, copy, detailed disclosure, etc.), or if you don’t have an account, please contact us (see Contact Information). To protect your privacy, we will need to verify your identity before fulfilling certain requests. For example, we might require you to use your account email to send the request or provide information that matches our records.

We will respond to requests within the timeframes required by law (generally within 30 days for GDPR, 45 days for CCPA which can be extended, etc.). If we need more time or cannot fulfill a request, we will explain the reason (e.g., the request is excessive, or fulfilling it would infringe on another’s rights).

No Fee in Most Cases: You won’t have to pay a fee to exercise your rights. However, if a request is manifestly unfounded or excessive (e.g., repetitive), we may charge a reasonable fee or refuse to act on it, as permitted by law - but we’ll provide an explanation in such cases.

Your privacy and control over your data are important to us. We have built tools and processes to uphold these rights and will continue improving them as privacy laws evolve.

Automated Decision-Making and AI Processing

We leverage automated systems and AI to enhance our job board services, but we do so thoughtfully and in compliance with laws regulating automated decision-making and profiling. Here’s how we use these technologies and what it means for you:

- AI-Driven Job Matching: Our platform may use algorithms to match job seekers with job listings. This can involve analyzing your profile, resume, or site activity to predict which jobs you might be interested in, and conversely analyzing job requirements to identify suitable candidates. For example, if you list     “Python programming” as a skill, our system might recommend programming jobs to you or highlight your profile to employers seeking that skill. These recommendations are automated, but they do not make final decisions - they assist you and employers. You always have control to apply (or not) to suggested jobs, and employers make the ultimate choice whom to interview or hire.

- Resume Parsing: When you upload a resume, we may use AI to parse the document and extract structured data like education, work experience, skills). This makes it easier to fill out your profile and helps with matching. We strive for accuracy, but if any parsed information is incorrect, you can manually correct your profile. Resume parsing algorithms are regularly tested to improve precision.

- Automated Screening: Employers might use our platform’s tools to automatically screen applications (for instance, through knock-out questions like “Do you have a valid driver’s license?” or through our integrated assessment tests). If you answer “no” to a required question, the system might mark your application as not meeting basic criteria. Some employers also use AI-based assessments (e.g., coding challenges, personality quizzes scored by algorithms). When these are part of our platform, we ensure transparency - you will be informed and often given your results. No automated rejection is final; employers have the ability to review all applications. If you feel an automated filter wrongly excluded you, you can contact us or the employer to request reconsideration.

- Profile Analytics: We analyze user profiles and behavior to improve our services and for research (e.g., understanding what job skills are most associated with getting interviews). This may involve profiling - for instance, users who complete certain profile sections may have better outcomes, so we might prompt others to do the same. However, this kind of analysis does not produce effects that significantly affect individuals beyond offering suggestions.

- Targeted Advertising: We may use automated profiling to show you targeted ads (for our services or for third-party opportunities, where lawful). For example, if you search for marketing jobs, you might see ads for a marketing course. This profiling is done via cookies or similar tracking (see Cookie Policy) and is subject to your consent where required. You can opt out of targeted advertising as noted in User Rights.

- Fairness and Bias: We are committed to avoiding discriminatory effects in our algorithms. We do not use sensitive personal attributes like race, religion, or gender in any algorithm that would result in less favorable treatment. In fact, if we ever collect demographic data (e.g., for diversity analytics), it’s used     only in aggregate to help monitor fairness.  

- Right to Human Review: In jurisdictions granting the right not to be subject to purely automated decisions with legal or similar effects (like GDPR’s Article 22), we ensure that either (a) such decisions are not made on our platform, or (b) where they are (for example, an employer using an fully automated AI     interview scoring tool), it’s with your explicit consent or necessary for a contract. Generally, hiring decisions remain human-driven.  

- Transparency: We aim to be transparent about when AI is involved. If an assessment is AI-scored, we’ll tell you the nature of it. If your profile visibility is boosted by an algorithm (like being a “top match” for a job), we’ll let you know how you can improve your profile for better matches. We also publish resources or FAQs about our use of AI (available on our site) to help users understand these features.

Our goal with automation is to enhance efficiency and user experience, not to replace human judgment inappropriately. We continuously monitor regulatory guidance on AI (such as EU’s draft AI Act, CPRA regulations on automated decision-making) and will adjust our practices to remain compliant and user-centric.

Children’s Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from anyone under 16 years old. If you are under 16, please do not use nPloy or provide any personal information to us.

- 16 and Above: In most jurisdictions, 16 is a common minimum age for providing consent under GDPR without parental approval. Our Terms of Service require users to be at least 18 or the age of majority in their country to create an account, as our platform is designed for professional use. We also take measures to avoid posting jobs targeted at minors. If you are 16 or 17 and looking for employment, ensure you have parental guidance, and note that some features may be restricted due to age (for example, we might prevent 16-17-year-olds from viewing certain content, or require additional consent).

- COPPA (Children’s Online Privacy Protection Act): We comply with COPPA for U.S. users. We do not knowingly collect information from children under 13. If in the future we offer any educational or junior career features for younger teens, we will do so with COPPA-compliant verifiable parental consent mechanisms.

- Parental/Guardian Actions: If you believe that a child under the relevant age (16 in EU/Canada, 13 in U.S., or applicable age in your country) has provided us with personal data, please contact us immediately. We will take steps to delete the data as soon as possible, unless we are required by law to retain it. If deletion is not feasible (for example, if it’s stored in backup archives), we will isolate and secure the data and prevent any further use until deletion is possible.

- Teen Employment Laws: Note that even for older teens (16+), employers have legal obligations (like work permits, limited hours, etc.). However, those are outside the scope of our data policy and are handled directly by employers. We do not specifically solicit data about age except as part of optional profile info or if you volunteer it (like saying you are a student or in a graduation year). We advise minors to exercise caution online and to involve a parent/guardian when interacting with professional platforms.

In summary, if you are not an adult, please do not use this site without appropriate consent and supervision. We focus on adult employment and professional networking.

Changes to the Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will:

- Post the updated Policy on this page with a new “Last Updated” date at the top.

- For significant changes (especially any that materially affect your rights or how we use data), we will provide a more prominent notice. This may include emails to registered users or in-app notifications, and/or banners on our website, at least 30 days prior to the changes taking effect, as required by law or our internal policies.

- If we were to use your personal data in a materially different way than stated at the time of collection, we would obtain your consent where legally required. For example, if in the future we introduce a new feature that collects health data for wellness offerings (just a hypothetical example), we would update the Policy and seek consent.

- We encourage you to review this Policy periodically to stay informed about how we are protecting your data. If you continue to use nPloy after a Policy update, it will signify acceptance of the changes to the extent allowed by law.

In case a user does not agree with the changes in the Privacy Policy, they should deactivate their account and stop using our services. We will always indicate the effective date of the most recent changes for transparency.

For reference or historical purposes, we may keep prior versions of this Policy archived (and will provide them upon request where required, like to regulators or users for comparison).

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you can contact us in the following ways:

- Email: office@nploy.net - Please use this to request data access, deletion, or to ask any questions about your data.

- Data Protection Officer (DPO): We have appointed a DPO in the EU, as required by GDPR Article 37. You can reach the DPO at dpo@nploy.net. Please     mention that your inquiry is for the DPO. We will respond to your inquiry as soon as possible, typically within 30 days. If you are contacting to exercise as specific right, please provide enough information for us to verify and process your request (as mentioned in User Rights).

Your trust is paramount to us, and we appreciate you entrusting your personal data to nPloy. We are always here to answer your questions and address your concerns.

Introduction to Cookies

What are Cookies? Cookies are small text files that websites place on your device (computer, smartphone, tablet) when you visit. Cookies are widely used to make websites work efficiently, remember your preferences, and gather information about how you interact with the site. They can be “first-party” (set by us) or “third-party” (set by others), as explained below in Third-Party Cookies. We also use related technologies like web beacons (tiny graphic images in emails or on pages that track if an email is opened or a page is viewed) and local storage (which can store data in your browser).

Why do we use cookies? We use cookies to ensure our website functions properly, to improve your user experience, to analyze our traffic, and to deliver targeted content/ads. Some cookies are strictly necessary for the site to operate (like keeping you logged in), while others are optional and only set with your consent (like analytics or marketing cookies). We strive to be transparent about the cookies in use and give you control over non-essential cookies.

Types of Cookies We Use

We categorize the cookies on our site in to the following categories:

1. Essential Cookies (Strictly Necessary): These cookies are necessary for the website to function and cannot be switched off (without affecting site functionality). They are usually set in response to your actions on our site, such as logging in, setting your privacy preferences, or filling out forms. Essential cookies do not require consent under most laws (GDPR ePrivacy directive, etc.). Without these cookies, services you’ve asked for (like adding jobs to a     favorites list, or keeping you logged in during your session) can’t be provided.  
‍
      - Examples: Session cookies that keep you logged in as you navigate pages; security cookies that detect authentication abuses; load balancing cookies that ensure the website loads efficiently. These cookies typically last only for a session or have a short lifespan. They do not gather information for marketing or tracking.  
‍
    - Specific names: e.g., session_id      (to identify your session), XSRF-TOKEN (security token to prevent cross-site request forgery), cookie_consent (to remember your cookie preferences so we don’t ask every time).
‍
     - Expiry: Most essential cookies are session-based (gone when you close your browser) or last a few days to remember preferences.


2. Functional Cookies (Preferences): These cookies enable enhanced functionality and personalization. They     remember choices you make on our site (such as your preferred language, region, or display settings) and provide features to improve your experience. While not strictly necessary, they are important for a more seamless experience. If you disable these, some preferences (like auto-filled search fields or UI customizations) won’t be remembered.

     - Examples: A cookie that remembers your language or that you’ve dismissed a tutorial pop-up so it doesn’t show again. If we have a chatbot or support widget, a cookie might remember your last interaction. For employers, a cookie might remember filter settings in the candidate dashboard.  

      - Specific names: e.g., lang (stores language preference), theme (stores light/dark mode selection),      job_alert_dismissed (notes that you closed a prompt to set up job alerts).  

     - Expiry: These may persist longer  than session cookies, often for several days, weeks, or even months, so      your preferences are remembered on future visits. For example, a “remember me” login cookie might last 30 days (if you opt for it), or a language cookie might last 1 year.  

      - We treat these similarly to essential cookies in terms of privacy impact (they aren’t used to track you on other sites, only to remember our site’s settings for you). However, where required by law, we will include them in our consent management (some jurisdictions consider them strictly necessary if they improve user experience, others might still want user consent).

3. Analytics Cookies (Performance/Statistics): These cookies collect information about how visitors use our website, to help us understand traffic patterns and improve the site’s performance. They tell us things like which pages are popular, how long users stay on pages, how users move around the site, and if they encounter errors. The information is typically aggregated and anonymous. We might use third-party analytics tools (like Google Analytics) which set their own cookies to provide these insights.  

       - Examples: Google Analytics (_ga, _gid, etc.) to track page views and user interactions. We might also use a tool like Hotjar or similar to see how users interact (though if so, we ensure it doesn’t record any personal info or we get consent). These cookies might log an anonymized identifier for your browser, but not information like your name.  

       - Specific names: e.g., _ga (Google Analytics ID to distinguish users), _gat (Google Analytics throttle request rate), _hjid (Hotjar user ID for session consistency).  

       - Expiry: Depends on the cookie - e.g., Google Analytics cookies can last from the session up to 2 years. For instance, _ga often lasts 2 years unless deleted, allowing recognition of repeat visitors (we use it to see, for example, if site changes lead to more return visits over time).  

        - Consent: In jurisdictions like the EU, we will only set analytics cookies if you consent (through our cookie      banner or settings). If you opt out, your site usage will not be tracked in our analytics tools. We respect “Do Not Track” signals for analytics where feasible.

        - We use data from these cookies solely to improve our website - e.g., to see which features are used or to troubleshoot performance issues. We also might see overall metrics like total users per month, which help in our business decisions and capacity planning.


4. Marketing Cookies (Advertising/Targeting): These cookies are used to deliver content (including ads) that is more relevant to you and your interests. They may be set by us or by our advertising partners. They record that you have visited our site and may track your browsing habits or profile (often by uniquely identifying your browser and internet device). This information can be used to:

         - Show you targeted ads on our site or on other sites (for example, if you searched for “designer jobs” on our platform, you might see an ad for designer jobs on a partner site).  

         - Limit the number of times you see an ad (frequency capping).  

         - Measure the effectiveness of ad campaigns (e.g., to see if someone who saw an ad later signed up). These cookies typically involve third-party advertisers or social media networks, which may use the information about your visit to show you ads on other platforms.  

         - Examples: Facebook Pixel or LinkedIn Insight might set cookies so that if you visit our site, we can later show you ads on Facebook or LinkedIn (“retargeting”). Google Ads may set a cookie to understand if you reached our site via an ad and to optimize advertising. If we have affiliate partnerships, a cookie might track that you came from a partner link.

         - Specific names: e.g., fr (Facebook cookie for logged-in user tracking), _fbp (Facebook Pixel identifying      browser for ads), IDE (Google’s DoubleClick advertising cookie), li_oatml (LinkedIn Ads cookie).  

         - Expiry: These vary widely. Some advertising cookies last for the session, but many persist for 3 months, 6 months, or even up to 2 years, to facilitate long-term advertising campaigns or recognize returning visitors. For example, a retargeting cookie might last 90 days to allow us to show you nPloy ads on other sites for that period before it expires.  

         - Consent/Opt-Out: We will only set marketing cookies if you opt in. You can manage these in our cookie      settings. Additionally, you can use industry opt-out mechanisms (like the Digital Advertising Alliance’s opt-out site) to opt out of targeted ads from participating networks.  

        - If you decline these cookies, you will still see ads (possibly on our site if we display third-party ads, or elsewhere), but they will be less relevant to you because they won’t be based on your interests or past usage of our site.

5. Other Technologies:
        - Web Beacons/Pixels: As mentioned, these are tiny images or scripts that track whether an email is opened or a web page is viewed. Our marketing emails may contain a beacon (so we know if you found the email interesting or not). On our site, pixels from ad networks (like the Facebook Pixel) help with conversions tracking. These often work in tandem with cookies. For instance, if you allow marketing cookies, the Facebook Pixel will associate your visit with your      Facebook account (if you have one) to allow us to advertise.  

         - Local Storage: We might use browser local storage for certain functions (like caching interface settings or keeping temporary data to improve performance). Local storage data remains on your browser and is not transmitted to us unless used in combination with cookies or scripts. It’s typically used for strictly necessary purposes (so that the site feels fast and remembers some info locally).

        - Session Storage: Similar to local storage, but clears when you close the browser. We might use this for short-term data like form inputs (to prevent losing data if you refresh the page accidentally).

Cookie List: For transparency, we provide a constantly updated list of specific cookies in use on our site and their purposes on our website:

Performance cookies

Targeting cookies

User Consent and Managing Cookie Preferences

Consent Banner: When you first visit our site (from jurisdictions where consent is required, like the EU), you will see a cookie banner or pop-up explaining that we use cookies and giving you the option to accept or manage your preferences. We do not set non-essential cookies (analytics, marketing, etc.) until you make a choice. Essential cookies, as noted, might be set right away as they’re needed for site function.

Cookie Preferences Center: We provide a Cookie Preference Center (or similar interface) accessible at any time (often via a link in the footer of our site like “Cookie Settings” or through the banner until it’s addressed). Here, you can see the categories of cookies, toggle them on or off (except strictly necessary cookies which are usually fixed “Always Active”), and save your preferences. If you change your mind later, you can revisit this center and adjust your consent.

Implied Consent (if applicable): In some regions, continuing to use the site might be considered consent. Our banner will clarify this (e.g., “By continuing to browse, you accept cookies…”). However, we prefer explicit opt-in where legally required or feasible. If you simply ignore the banner and keep using the site, we will assume consent for allowed categories per local law, but you can always opt out later.

Withdrawal of Consent: If you initially accepted cookies but later decide to withdraw consent, you can do so through our preference center or by deleting cookies(details below). Withdrawing will stop new cookies from being set and we will disable related functionalities (e.g., turning off analytics tracking for your browser moving forward). It won’t remove cookies already set; you will need to clear those from your browser manually (as described in the next section).

Global Privacy Controls: We are attuned to emerging standards like the Global Privacy Control (GPC) signal. If your browser is set to send a “Do Not Sell or Share” or similar privacy signal, our site will treat that as an opt-out of marketing cookies for California residents (as required by CPRA) and as a general opt-out of targeted advertising where applicable. We are updating our systems to recognize and honor such signals to the extent required or to be courteous to user privacy preferences globally.

Third-Party Cookies

What are third-party cookies? These are cookies set by someone other than nPloy. On some pages, we may include content from third-party services which can set their own cookies. Common examples include:

- Analytics Services: As noted, Google Analytics sets cookies to gather stats on site usage. These are third-party because the data goes to Google’s servers (though we are the clients).

- Advertising Partners: If we display ads or use ad tracking, cookies from networks like Google Ads, Facebook,     LinkedIn, or others may be placed when you visit. These allow those companies to recognize your device and over time perhaps display relevant ads to you on other websites.

- Social Media Integrations: If we have social media sharing buttons (like a Facebook “Like” or Twitter “Tweet” button on a job posting), those platforms may set cookies. Similarly, if we embed a YouTube video, YouTube might set cookies on its playback.

- Other Integrations: Sometimes we integrate third-party tools for functionality, like a chat support widget, or a CAPTCHA (e.g., Google reCAPTCHA) to prevent spam. These services may set cookies for security or to remember user interactions.

We do not control third-party cookies- their operation is governed by the privacy/cookie policies of the third parties. However, we do vet our partners and endeavor to only use third-party scripts that respect privacy and have data protection commitments. We also list these third parties in our cookie details page so you know who they are.

Examples of Third-Party Cookies on nPloy:

- Google Analytics: As mentioned,     sets _ga, _gid etc. (Google’s Privacy Policy and Opt-Out Browser Add-on). We have configured Google Analytics to anonymize IP addresses (which means Google truncates your IP in the EU) to enhance privacy.

- Google Ads / DoubleClick: Might set IDE, DSID for advertising if we run ad campaigns. (Users can opt out via Google Ad Settings).

- Facebook: If we use Facebook Pixel, sets _fbp and maybe fr cookies to help deliver our ads on FB/Instagram. (See Facebook’s Data Policy).

- LinkedIn: For tracking signups or ad performance via LinkedIn, sets cookies like AnalyticsSyncHistory, li_sugr.

- Cloudflare: Cloudflare or similar CDN security might set a cookie like __cfduid or __cf_bm to manage bot traffic. These are technically third-party if the domain is not ours (e.g., a Cloudflare subdomain). They are considered necessary for     security.

- reCAPTCHA: If we use Google reCAPTCHA on forms, Google sets some cookies (_GRECAPTCHA) to perform risk     analysis.

- Hotjar

Cross-Site Tracking: Some third-party cookies (especially marketing ones) may track you across different websites. For example, the same ad network cookie might see you visited site A (our site) and site B (some other site), building a profile of your browsing. We use these third-party services to help reach people who might be interested in our platform or to analyze aggregate behavior, but we understand if you prefer to avoid cross-site tracking. That’s why we provide consent controls and why browsers allow blocking of third-party cookies (more below).

We honor Do Not Track (DNT) signals for analytics/advertising where possible. However, many third-party services may not respond to DNT. Using our cookie settings or browser settings to block these cookies is more effective.

Cookie Retention Periods

Each cookie has its own lifespan. Some expire when you close your browser (session cookies), others remain for a set period unless deleted (persistent cookies).We outlined examples above.

To give a general idea:
- Essential session cookies: Duration: session (gone on browser close) or a few minutes/hours.

- Essential persistent cookies: maybe a few days to a year (e.g., a cookie to remember cookie consent might last 6 months to a year so we don’t bother you repeatedly).

- Functional cookies: often persist for weeks or months (depending on the preference they store, e.g., a language preference might last a year).

- Analytics cookies: Google Analytics’ main cookie (_ga) lasts 2 years if not cleared. Others vary from session up to 24 months.

- Marketing cookies: widely vary, common ones last between 3 months and 1 year. (Advertising networks often choose these durations to balance remembering users vs. privacy concerns).

Our Cookie Details page lists the specific retention of each cookie. For instance, it might show: “Cookie _ga: Expiry 2 years; Cookie _gid: Expiry 24 hours; Cookie csrftoken: Expiry 12months” etc.

‍Control & Persistence: Remember, you have control. Even persistent cookies will reside on your machine only until their expiry or until you delete them. If you clear cookies via your browser, you’ll remove those persistent cookies immediately (and they’ll only come back if you visit again and consent again where needed).

Local storage/session storage data tends to persist until cleared (local storage) or until session ends (session storage). These are not easily listed like cookies, but they are under your control via browser settings.

We periodically review our cookies and purge or update any that are no longer needed. If we stop using a certain third-party service, we’ll ensure its cookies are no longer set on new visits.

How to Disable or Delete Cookies

You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences in the following ways:

On Our Site (Preference Center): As mentioned, use the cookie consent banner or the preferences link to accept/decline categories of cookies. This is the easiest way to manage cookies specific to our site.

‍Via Your Browser Settings: Most web browsers allow you to control cookies through their settings preferences. You can usually: (a) Clear existing cookies from your browser, and (b) Set rules to block cookies (all cookies or cookies from specific sites or third parties).

You can typically find these under the “Privacy” or “Security” section of your browser’s settings or preferences menu.

‍Blocking Cookies: If you block all cookies from nPloy, our website might not function properly. For example, you may not be able to log in or apply to jobs, because the site relies on session cookies for such actions. We recommend at least allowing essential cookies. If you block third-party cookies, that is generally fine for functionality (you’ll mainly lose tracking and ads), and many browsers default to blocking third-party cookies now.

Deleting Cookies: It’s a good practice to clear cookies periodically if you have privacy concerns. Keep in mind, clearing cookies logs you out of sites and resets preferences. When you come back to our site after clearing cookies, you’ll see the cookie banner again to set your preferences anew.

‍Opt-Out of Analytics: Apart from using our preferences or browser settings, you can use specific opt-out tools: Google Analytics Opt-out Browser Add-on:

- Google offers an add-on to prevent your data from being used by Google Analytics on any site.

- Advertising industry opt-outs: NAI Opt-Out or DAA WebChoices     let you opt out of many ad cookies centrally. Note: you may need to do     this for each browser and device.

Mobile Apps: If you use the nPloy mobile app, cookies per se may not apply, but similar tracking can occur via SDKs. Both iOS and Android allow limiting ad tracking(via “Limit Ad Tracking” on iOS or “Opt out of Ads Personalization” on Android). And you can usually clear app data to reset any stored identifiers.

Please note that disabling cookies does not delete existing cookies; you have to clear them. Conversely, deleting cookies does not prevent new ones from being set unless you also block them.

Changes to the Cookie Policy

We may update this Cookie Policy to reflect changes in the cookies we use or for other operational, legal, or regulatory reasons. Therefore, please re-visit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.

If we make material changes (for example, introducing new cookie categories or significant new third-party services that change how cookies are used), we will notify you either via a prominent notice on our site or through other communication (like email, if applicable). The “Last Updated” date at the top indicates when the policy was last revised. Any changes will become effective when we post the revised Cookie Policy on our website.

If the changes require obtaining new consent (e.g., we start using cookies for a new purpose), we will do so via the cookie banner or preferences center.

Contact Information (Cookie Questions)

For any questions or concerns about our use of cookies, you can contact us using the methods provided in the Privacy Policy’s Contact section. You can also reach out specifically to our privacy team at office@nploy.net

If you’re in the EU and have specific queries about cookies in context of GDPR, our Data Protection Officer can assist (contact via dpo@nploy.net)

Additionally, if you feel we have not addressed your cookie-related data concerns, you have the right to lodge a complaint with a supervisory authority (like the Data Protection Authority in your country or the CNIL in France for cookie issues, etc.), or with the UKICO, or Ireland’s DPC if we have an establishment there. For U.S. concerns, you can contact the FTC or state AG. However, we encourage you to contact us first, as we are committed to resolving any privacy issues.

By continuing to use our website with cookies enabled, you consent to our use of cookies as described in this policy. We appreciate your understanding and hope this policy provides clarity on our cookie practices.