Privacy Policy

1. Who We Are

The Dream Work ("we", "us", "our") operates the platform at thedream.work — a job matching service connecting software engineers with technology companies. For data protection purposes, we are the data controller.

2. Data We Collect

Candidates: Name, email address, professional headline, years of experience, technology skills, salary expectations, work type preference, region, work history, and education — all provided during profile setup. We also store your application history and match scores computed from your profile.

Companies: Company name, website, industry, size, description, and the email address of the account owner. We store job listings you create and your billing history (payment metadata only — card details are held by Stripe).

All users: Login credentials (email + hashed password), session data, and activity logs for security and fraud prevention.

3. How We Use Your Data

We use your data to operate the matching service, present relevant job opportunities to candidates, present relevant applicants to companies, process payments, send transactional emails (verification, password reset, connection notifications), and maintain platform security.

We do not sell your data to third parties. We do not use your data for advertising.

4. When Candidate Identity Is Shared

Candidate profiles are anonymous to companies until both parties mutually agree to connect. A company sees only your professional headline and match score until you accept a connection request. Upon accepting, your name and email address are shared with that company so they can contact you directly. You control this by accepting or declining connection requests.

5. Legal Bases (GDPR)

We process your data on the following legal bases: contract performance (to provide the service you signed up for); legitimate interests (platform security, fraud prevention, abuse detection); legal obligation (tax and billing records); and consent where specifically requested.

6. Third-Party Processors

We use the following sub-processors: Hetzner (server infrastructure, EU-based); Stripe (payment processing); Resend (transactional email delivery). Each processes only the data necessary for their function.

7. Data Retention

Active account data is retained while your account exists. If you delete your account, your profile and application history are soft-deleted and no longer accessible. Billing records may be retained for up to 7 years for legal and tax compliance. Activity logs are retained for 90 days.

8. Your Rights

Under GDPR and applicable law, you have the right to: access your data (use the Export feature in your account settings); correct inaccurate data (edit your profile); delete your account and associated data (available in account settings); withdraw consent where processing is consent-based; and lodge a complaint with your local data protection authority.

9. Security

We apply technical controls including HTTPS-only access, HSTS, secure session cookies, CSRF protection, password hashing, rate limiting, and audit logging. No system is completely risk-free and we cannot guarantee absolute security.

10. Contact

For privacy questions or data requests, email privacy@thedream.work.