Privacy Policy

Jobsesame (Pty) Ltd (“Jobsesame”, “we”, “us”, “our”) operates the platform at jobsesame.co.za. We are the responsible party (as defined under POPIA) for personal information collected through our platform.

For all privacy-related enquiries, contact us at: privacy@jobsesame.co.za

We collect the following categories of personal information:

• CV Data — name, email address, phone number, work history, education, skills, and any other information you include in your CV.
• Account Information — email address, authentication credentials, and profile details collected via Clerk authentication.
• Payment Information — billing details processed by Paystack. We never store your card details on our servers.
• Usage Data — pages visited, features used, click behaviour, and session information collected via cookies and analytics tools.
• Job Application History — jobs you have applied to, application status, and outcomes you share with us.
• Communications — messages you send to our support team.

We process your personal information on the following lawful bases:

• Contract performance — to provide the job matching and CV optimisation service you have signed up for.
• Legitimate interest — to process payments for subscriptions and credit packs via Paystack.
• Consent — to send you job alerts, marketing emails, and personalised recommendations. You may withdraw consent at any time by unsubscribing.
• Legitimate interest — to improve our AI matching algorithms using anonymised and aggregated data only. We never use identifiable CV data to train AI models without explicit consent.
• Legal obligation — to retain financial records as required by South African tax law.

• CV data is encrypted in transit (TLS 1.2+) and at rest using AES-256 encryption.
• We implement industry-standard security measures including access controls, audit logs, and regular security reviews.
• We never sell your personal data to third parties, advertisers, or data brokers.
• We never share your CV with employers without your explicit action (clicking Apply). Recruiters do not have access to your CV unless you send it to them.
• Access to personal data is restricted to authorised staff on a need-to-know basis.
• We conduct regular security assessments and respond to security incidents within 72 hours in line with POPIA requirements.

As a data subject under POPIA, you have the following rights:

• Right of access — request a copy of your personal data we hold. Email privacy@jobsesame.co.za.
• Right to correction — request correction of inaccurate or incomplete data.
• Right to deletion — request deletion of your personal data. Use our data deletion request form or email privacy@jobsesame.co.za. We will process requests within 30 days.
• Right to object — object to processing of your personal data for marketing or profiling purposes.
• Right to lodge a complaint — you may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

We share data with the following trusted third-party processors solely to provide our service:

• Clerk — authentication and user account management. Privacy policy: clerk.com/privacy
• Anthropic — AI-powered CV processing and rewriting. Your CV content is sent to Anthropic to provide this service. Privacy policy: anthropic.com/privacy
• Paystack — secure payment processing. We do not store card details. Privacy policy: paystack.com/privacy
• Resend — transactional email delivery. Privacy policy: resend.com/privacy
• Vercel — cloud hosting and infrastructure. Privacy policy: vercel.com/privacy

All processors are required by contract to process your data only on our instructions and in compliance with applicable data protection laws.

• Account data is retained for as long as your account is active.
• CV data is deleted within 30 days of account deletion.
• Payment records are retained for 5 years to comply with South African tax and financial reporting obligations.
• Marketing email consent records are retained for 3 years after unsubscribing.
• Upon account deletion, we will send you a confirmation email within 30 days confirming what data has been deleted.

We use the following types of cookies:

• Necessary cookies — required for authentication, security, and core platform functionality. These cannot be disabled.
• Analytics cookies — help us understand how users interact with the platform so we can improve it. Only set with your consent.
• Preference cookies — remember your settings and preferences.

You can manage your cookie preferences via the banner shown on first visit, or by adjusting your browser settings. Note that disabling necessary cookies may affect platform functionality.

If you are located in the European Union or European Economic Area, you have all POPIA rights listed above, plus the following additional rights under GDPR:

• Right to data portability — receive your personal data in a structured, machine-readable format and transfer it to another controller.
• Right to restrict processing — request that we restrict processing of your data in certain circumstances.
• Right not to be subject to automated decision-making — although our AI matching is automated, significant decisions about your employment are always made by employers, not by us.

To exercise any GDPR rights, contact us at privacy@jobsesame.co.za.

• Privacy enquiries: privacy@jobsesame.co.za
• Data deletion requests: jobsesame.co.za/delete-data
• Information Regulator South Africa: inforegulator.org.za
• Complaints to the Information Regulator can be submitted via their website or by post to: The Information Regulator, JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001