Matchboks

Your Data at Matchboks

Last updated: April 10, 2026

This page explains exactly what personal data Matchboks collects, why we collect it, how long we keep it, and what control you have over it. We believe in full transparency. If we collect it, you should know about it.

Our Data Principles

  • We only collect data necessary to provide our matching service
  • Every piece of data we collect has a clear, stated purpose
  • You can view, correct, or delete your data at any time
  • All data is encrypted in transit and at rest
  • We never sell your personal data to third parties

Data We Collect

Account Data

Information needed to create and maintain your account.

  • Full name: to identify you on the platform
  • Email address: for login, notifications, and account recovery
  • Password: stored encrypted (hashed), never in plain text
  • Profile photo: optional, to help employers recognise you
  • Social login provider (Google, Apple, LinkedIn): if you choose social sign-in, we receive your name and email from the provider

Legal basis: Contract performance (GDPR Art. 6(1)(b)), necessary to provide the service you signed up for.

Candidate Professional Profile

Information you provide to build your professional profile. All fields are voluntary. You choose what to share.

  • Professional headline and bio
  • Skills with proficiency levels
  • Work experience (employers, titles, dates, descriptions)
  • Education (institutions, degrees, fields of study)
  • Certifications and professional licences
  • Languages spoken
  • Years of experience and career stage
  • Salary expectations (min–max range)
  • Location and willingness to relocate
  • Remote work preference
  • Availability and notice period

Legal basis: Contract performance. This is the core data our matching service uses to find relevant opportunities for you.

Company Profile

Information companies provide about themselves and their open positions.

  • Company name, logo, and description
  • Mission statement and values
  • Culture description and honest workplace insights
  • Job listings with requirements, salary ranges, and benefits
  • Team members and contact persons

Legal basis: Contract performance, necessary for companies to use the recruitment service.

Matching and Interaction Data

Data generated as you use the platform.

  • Swipe actions (like, pass, bookmark): to learn your preferences and create matches
  • Match scores and breakdowns: calculated from your profile data
  • AI-generated match insights: created from professional data only
  • Profile views: so you can see who has viewed your profile

Legal basis: Contract performance and legitimate interest, necessary to operate the matching service and improve recommendation quality.

Messages and Communication

When you match with someone and start a conversation, we store your messages to enable the chat feature.

  • Chat messages between matched candidates and companies
  • Support chat messages with our team
  • Notification preferences and push notification tokens

Legal basis: Contract performance, necessary to provide the messaging feature you are using.

Technical and Usage Data

Data collected automatically when you use the app.

  • Device type and operating system: for app compatibility
  • IP address: for security and fraud prevention
  • Crash reports and error logs: to fix bugs (sent to Sentry, anonymised)
  • Anonymous page views and performance metrics: via Vercel Analytics (web only)
  • App version: to ensure you have the latest features and fixes

Legal basis: Legitimate interest (GDPR Art. 6(1)(f)), necessary for platform security, stability, and improvement.

Documents

Files you upload to the platform.

  • CV/Resume: optional upload for AI-powered profile enhancement. Our system can extract skills and experience from your CV to populate your profile. The original file is stored securely and can be deleted at any time.

Legal basis: Consent. You choose whether to upload documents.

Honest Descriptions

Both candidates and companies can provide honest, structured answers about work preferences, strengths, and growth areas. These responses are private and never shared with other users. They are used exclusively by the AI to improve match quality.

Important: Your honest answers are never shown to other users. They are only used to inform the AI matching system. Companies cannot see your honest self-assessment, and candidates cannot see a company's honest culture insights.

Legal basis: Consent. You choose whether to provide this information, and it is used solely to improve your match recommendations.

Who Has Access to Your Data

We share data with the following service providers, all under strict data processing agreements:

  • Supabase (US): database hosting, authentication, file storage. All account and profile data is stored here.
  • OpenAI (US): generates profile embeddings and match insights. Receives only structured professional data (skills, job title, experience level, location). Never receives your name, email, phone number, or photo.
  • Vercel (US): web application hosting. Processes page views, performance metrics, and IP addresses.
  • Sentry (US): error monitoring. Receives crash reports with anonymised user identifiers. No personal profile data is sent.
  • Firebase/Google Cloud (US): push notifications for mobile apps. Receives device tokens and notification content only.
  • Apple/Google: app distribution and in-app purchases. Standard app store data collection applies.

As these providers are based in the US, your data may be transferred outside the EEA. All transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.

We do not sell, rent, or trade your personal data. We do not use your data for advertising. We do not share your data with any parties other than those listed above.

How Long We Keep Your Data

  • Active account: Your data is retained for as long as your account is active.
  • After account deletion: Personal data is removed within 30 days. Encrypted backups may contain your data for up to 90 days before being purged.
  • Anonymised data: Aggregated, non-identifiable statistics may be retained indefinitely for service improvement.
  • Messages: Retained for the duration of your account. When you delete your account, your messages are deleted.
  • Error logs: Retained for 90 days, then automatically purged.
  • Legal obligations: Certain data may be retained longer if required by Norwegian law.

Your Rights

Under the GDPR and the Norwegian Personal Data Act, you have the following rights:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): Correct inaccurate data. You can update most data directly in your profile settings.
  • Right to erasure (Art. 17): Delete your account and all associated data. Available in Settings > Delete Account, or by emailing hei@matchboks.no.
  • Right to restrict processing (Art. 18): Limit how we use your data. You can set your profile to hidden or block specific companies.
  • Right to data portability (Art. 20): Receive your data in a machine-readable format. Contact hei@matchboks.no to request an export.
  • Right to object (Art. 21): Object to processing based on legitimate interest.
  • Right to withdraw consent: Where processing is based on consent (e.g., honest descriptions, CV upload), you can withdraw it at any time by deleting the relevant data.
  • Right to lodge a complaint: Contact the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no if you are unsatisfied with our handling of your data.

To exercise any of these rights, email hei@matchboks.no. We will respond within 30 days.

Children and Minimum Age

Matchboks is a professional recruitment platform intended for users aged 16 and above. We do not knowingly collect data from anyone under 16. If you believe a minor has created an account, please contact us immediately at hei@matchboks.no.

How We Protect Your Data

  • All data is encrypted in transit (TLS/HTTPS) and at rest
  • Row-level security policies ensure users can only access their own data
  • Authentication tokens are stored in encrypted device storage (iOS Keychain / Android Keystore)
  • Passwords are hashed. We never store or see your plain-text password
  • Access controls limit which team members can access production data
  • Regular security audits identify and address vulnerabilities

Questions?

If you have any questions about your data, contact us:

Matchboks