Privacy Policy

Last Updated: July 6, 2025

Introduction

Welcome to Goodfit ("Goodfit", "we", "us", or "our"). Protecting your privacy is central to our mission of connecting talent with opportunity. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit https://www.goodfit.so (the "Site") or use any of our web, mobile, or integrated recruitment services (together, the "Services"). We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR, and all other applicable privacy laws. Please read this Policy carefully to understand our practices.

Scope of This Policy

This Policy applies to anyone who accesses or uses the Services, including:

Jobseekers creating profiles or applying for positions;

Employers or recruiters posting roles or reviewing talent; and

Visitors browsing the Site without creating an account.

This Policy does not apply to third‑party websites or services that may be linked from our platform.

Key Definitions

Personal Data – any information relating to an identified or identifiable natural person.

Processing – any operation performed on personal data (for example, collection, storage, use, deletion).

Controller – the entity that determines the purposes and means of processing personal data.

Processor – the entity that processes personal data on behalf of the Controller.

EEA – the European Economic Area (EU Member States plus Iceland, Liechtenstein, and Norway).

Who We Are (Data Controller)

Legal entity: Goodfit Software LLC.

Registered address: 254 Chapman Road, Ste 208 #23129, Newark, Delaware 19702.

Email: support@goodfit.so.

Data Protection Officer (DPO): Soubhagya, soubhagya@goodfit.so

In certain scenarios (for example, when Goodfit processes candidate data solely on behalf of an employer), we act as a Processor and the employer is the Controller. Such processing is governed by a Data Processing Agreement (DPA).

Information We Collect

a. Information You Provide Directly

Full name, email address, and phone number.

Location (city, region, country).

Professional details such as CV, work history, education, skills, and salary expectations.

Account credentials and communication preferences.

Content of messages or interviews conducted via the platform.

b. Information Collected Automatically

IP address, browser type, and device identifiers.

Date/time stamps, pages viewed, and referring URLs.

Interaction data such as clicks, scrolls, and search queries.

Cookies, software development kit (SDK) events, and analytic tags (see Section-10).

c. Information from Third Parties

Publicly available professional profiles that you link or import (for example, LinkedIn).

Background‑check or reference data supplied by verification vendors (with your authorisation).

Referrals or invite tokens supplied by partners.

We do not intentionally collect any special‑category data (for example, health or religion) unless you voluntarily provide it and we have a lawful basis to process it.

Legal Bases for Processing

We rely on the following lawful bases under Article-6 of the GDPR:

Consent – for example, sending marketing emails or storing cookies that require opt‑in.

Contract – creating and managing your account, matching candidates with job openings, and facilitating interviews.

Legitimate interests – improving and securing the Services, preventing fraud, and performing internal analytics.

Legal obligation – complying with labour, tax, or regulatory requirements and responding to lawful requests.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

How We Use Personal Data

Provide and maintain the Services, including account creation and candidate–employer communication.Improve, personalise, and develop features through usage analytics and user feedback.Send transactional communications such as account alerts, interview reminders, and password resets.Send marketing communications if you have opted in.Prevent fraud and ensure platform security by monitoring suspicious activity and verifying identities.Comply with legal obligations such as tax filings and lawful data‑access requests.We do not engage in automated decision‑making that produces legal or similarly significant effects without human involvement.

Sharing and Disclosure

We disclose personal data only as described below:

Employers or recruiters you choose to engage with (for example, when you apply for a role).

Service providers that perform functions on our behalf (cloud hosting, email delivery, analytics) under contractual confidentiality and security obligations.

Professional advisors such as lawyers or accountants where necessary to protect our legal interests.

Authorities or regulators when legally required or to protect rights, property, or safety.

Successors in the event of a merger, acquisition, or asset sale (we will notify you of any change of ownership).

We never sell personal data to third parties.

International Data Transfers

We operate globally and may transfer personal data to countries outside the EEA or UK. When we do so, we rely on appropriate safeguards such as EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or an adequacy decision by the European Commission or UK Government.

Cookies and Similar Technologies

We use cookies, web beacons, SDKs, and local storage to:

Maintain session state and authentication.

Remember your preferences.

Measure Site performance and usage analytics.

Deliver personalised content or advertising if you opt in.

You can control or disable cookies via your browser settings. Some features may not function properly without cookies.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including to:

Provide the Services while your account is active.

Honour opt‑out requests and enforce platform rules.

Comply with legal, tax, or regulatory requirements.

When retention is no longer required, we will delete or irreversibly anonymise the data.

Data Security

We employ technical and organisational measures to protect personal data, including:

TLS/HTTPS encryption in transit.

AES‑256 encryption at rest for sensitive stores.

Routine security audits and penetration testing.

Strict role‑based access controls and multi‑factor authentication for internal systems.

Incident‑response procedures aligned with ISO-27001.

No internet transmission is completely secure; you use the Services at your own risk.

Your Rights

Subject to conditions and exceptions in applicable law, you have the right to:

Access – obtain a copy of your personal data.

Rectify – correct inaccurate or incomplete data.

Erase – request deletion of data no longer necessary ("right to be forgotten").

Restrict processing.

Object to processing based on legitimate interests or direct marketing.

Data portability – receive data in a structured, machine‑readable format.

Withdraw consent at any time where processing is consent‑based.

Lodge a complaint with a supervisory authority.

To exercise any right, email support@goodfit.so. We will respond within 30-days.

Children's Privacy

The Services are not directed to anyone under 18-years of age. We do not knowingly collect personal data from children. If we learn that we have done so, we will delete it promptly.

Third‑Party Links

Our Site may contain links to external websites or integrations whose privacy practices we do not control. We encourage you to review their privacy policies before providing personal data.

Changes to This Policy

We may update this Policy from time to time. When we do, we will post the revised version on this page, update the "Last updated" date, and notify registered users by email or in‑app notice if changes are material. Your continued use of the Services after such changes constitutes acceptance of the updated Policy.

Contact Us

If you have questions, concerns, or wish to exercise your rights, please contact: support@goodfit.so