Job Boardly Privacy Policy

Version 1.0 — Effective as of 6 May 2026

At Job Boardly, we care deeply about your privacy. This Privacy Policy explains how we collect, use, store and protect your personal information when you use our services.

By using Job Boardly, you agree to this policy.

1. Who we are

We are Glacier Systems Pty Ltd (ABN 47 687 105 184), an Australian company based in Brisbane, Australia. Our platform allows users to create and manage job boards online. In this policy, “we” or “Job Boardly” means Glacier Systems Pty Ltd. “You” means you as a user of our website, platform or services.

2. What this policy covers

This Privacy Policy covers personal information we collect when you:

Sign up for or use our services
Create or manage a job board
Visit our website
Communicate with us

It also covers information you collect from job seekers or employers through your job board, although you are primarily responsible for handling that data in accordance with applicable privacy laws.

This policy applies to all users globally. If you are located in the European Economic Area (EEA) or United Kingdom (UK), additional rights and protections apply under the General Data Protection Regulation (GDPR) and UK GDPR respectively — see Section 14 for details.

3. The information we collect

We collect personal information directly from you when you use our platform. This includes:

a. Information you provide to us

Your name, email address and contact details
Account login details
Payment and billing details (via Stripe)
Profile or job board information (e.g. board name, logo, custom domain)
Support queries or feedback

b. Information we collect automatically

IP address, browser type and settings
Device information
Usage data and analytics
Log data (like pages viewed and features used)

c. Information collected from others

If someone else (e.g. your employer or client) invites you to a board, we may receive your email and access level from them.

4. How we use your information

We use your personal information to:

Provide and maintain our services
Set up and manage your account
Process payments and renewals
Respond to support queries and feedback
Improve and personalise your experience
Communicate with you about updates or changes
Detect and prevent fraud or misuse

We may also use de-identified data for internal research and product development.

5. Legal grounds for using your information

The legal basis for processing your personal information depends on your location.

Under the Privacy Act 1988 (Cth) (Australian users):

You’ve given consent
It’s necessary for providing our services
We have a legitimate interest in operating and improving our platform
We’re legally required to (e.g. for tax or regulatory reasons)

Under the GDPR and UK GDPR (EU/EEA and UK users):

Contract — processing is necessary to perform our contract with you (e.g. providing the Services, billing, account management)
Legitimate interests — we have a legitimate interest in operating, securing and improving our platform (e.g. fraud prevention, analytics, product development). We have assessed these interests against your rights and they do not override them
Legal obligation — processing is required to comply with applicable law (e.g. financial record-keeping)
Consent — where we rely on consent (e.g. marketing communications), you may withdraw it at any time without affecting the lawfulness of prior processing

We do not sell your personal information. We only share it with:

Sub-processors who help us operate Job Boardly — a current list is available at jobboardly.com/sub-processors
Professional advisors (e.g. legal, accounting, technical support)
Regulators or law enforcement, where required by law
Other parties, if you’ve given us clear consent

We ensure that all sub-processors are bound by appropriate data protection obligations.

7. International data transfers

Job Boardly is headquartered in Australia. Some of our sub-processors are located in the United States or other countries outside your jurisdiction. When we transfer personal data internationally, we ensure appropriate safeguards are in place.

EU/EEA users: Transfers of personal data from the EEA to Australia and to our US-based sub-processors are protected by the Standard Contractual Clauses (SCCs) adopted by the European Commission under Decision 2021/914. Our Data Processing Agreement incorporates these clauses.

UK users: Transfers of personal data from the UK are protected by the International Data Transfer Agreement (IDTA) issued by the UK Information Commissioner’s Office, or by SCCs supplemented by the UK Addendum where applicable.

Transfers via our EU/EEA and UK representative: Where personal data is transferred from our representative DataRep (in the EU or UK) to us in Australia in connection with correspondence you have sent to DataRep, those transfers rely on the derogations in Article 49 GDPR (and the equivalent provisions in UK GDPR) — specifically your inferred consent in submitting the request, the necessity of the transfer to perform a contract in your interest (the exercise of your rights), and important reasons of public interest in the operation of the legal representative regime.

Australian users: We take reasonable steps to ensure that overseas recipients of your personal information provide protections comparable to the Australian Privacy Principles.

8. Managing your information

You can access, correct, or delete your personal information anytime by logging into your account or contacting us.

You can also:

Update your email preferences
Delete your account
Opt out of marketing communications

If you collect data from users on your job board, you are responsible for ensuring that you meet your own privacy obligations as a data controller.

9. Cookies and similar technologies

We use a small number of cookies and similar storage technologies on jobboardly.com.

The cookies and technologies we use fall into the following categories:

Strictly necessary — required for the site to work (keeping you logged in, security tokens, load balancing, bot protection, and the cookie itself that remembers your consent choice).
Functional — set only when you actively choose them (currently: your language preference).
Analytics — cookieless analytics that help us understand how people use the site. These do not set cookies or access terminal storage and run without consent.
Marketing — affiliate referral tracking and tag management. These set cookies and are only active after you consent via the cookie banner.

Our cookie banner

When you first visit, you will see a cookie banner. What it shows depends on where you are visiting from:

EU, EEA, UK, Switzerland, Brazil, and Quebec: the banner asks you to opt in. You can choose Accept all, Reject all, or Customise — these options are presented with equal prominence. No cookies beyond strictly necessary are set until you make a choice. Closing the banner is not treated as consent.
California, Colorado, Virginia, Connecticut, Utah, Texas, Oregon, and Montana: you can opt out of any non-essential cookies and exercise your right to opt out of the “sale” or “sharing” of personal information.
Everywhere else: a brief notice on first visit.

Global Privacy Control

We honour the Global Privacy Control (GPC) browser signal automatically. If your browser sends a GPC signal, we treat it as a refusal of all non-essential cookies and as an opt-out of any “sale” or “sharing” of personal information, without you needing to interact with the banner.

Changing or withdrawing your choice

You can change your choice at any time through the Cookie settings link in the footer of every page.

Our consent record

When you make a choice, we keep a short record so we can demonstrate that we asked for and obtained (or did not obtain) your consent in line with Article 7 of the GDPR. The record contains a pseudonymous ID, a timestamp, your truncated IP address (last octet removed), your browser user-agent string, the version of the banner you saw, and the choice you made. We retain consent records for 24 months from the date of the choice.

10. Security

We use industry-standard security measures to protect your data, including encryption, access controls, and secure servers.

However, no system is 100% secure — so we encourage you to use a strong password and keep your login details safe.

11. Job board owner responsibilities

If you create a job board on Job Boardly, you are the data controller for any personal information collected via your board (e.g. from job seekers, employers, or applicants). You’re responsible for:

Complying with applicable privacy laws — including GDPR and UK GDPR if your job board serves users in the EU or UK
Providing a privacy notice to your users
Handling requests from data subjects (e.g. access, correction, deletion)

We process that data solely on your behalf as your data processor. Our obligations as data processor are set out in our Data Processing Agreement.

12. Retention

We retain your personal information for the following periods:

Data type	Retention period
Account data (customer / operator)	Deleted within 90 days of account closure. Dormant lifetime plan accounts (no activity for 24 months) are deleted after a 30-day warning
Job seeker application data	12 months from submission, or until deleted by the job board operator
Billing and financial records	7 years (as required by Australian tax law and accounting standards)
Support correspondence	3 years after last interaction
Marketing consent records	Until consent is withdrawn, plus 3 years
Server and access logs	90 days
Error tracking data	30 days

After the applicable retention period, data is securely deleted or anonymised.

13. Your rights

All users have the right to:

Request access to your personal information
Ask us to correct inaccurate data
Delete your account and associated data

EU/EEA and UK users additionally have the right to:

Erasure — request deletion of your personal data (subject to legal exceptions)
Data portability — receive your data in a structured, machine-readable format
Restriction — ask us to restrict processing of your data in certain circumstances
Object — object to processing based on legitimate interests
Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at hello@jobboardly.com. We will respond within 30 days (or sooner where required by law).

If you are an Australian user and are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

14. EU and UK users

This section provides additional information for users in the EEA and UK.

Applicable law

If you are in the EEA, your rights are governed by Regulation (EU) 2016/679 (GDPR). If you are in the UK, your rights are governed by the UK GDPR as incorporated into UK law by the European Union (Withdrawal) Act 2018, together with the Data Protection Act 2018.

EU/EEA Representative

As Glacier Systems Pty Ltd is established in Australia, we have appointed DataRep as our representative in the EU/EEA under Article 27 GDPR. You may contact our EU/EEA representative directly with any data protection queries or complaints relating to our processing of your personal data:

DataRep
Email: datarequest@datarep.com (please quote “Job Boardly” in the subject line)
Online webform: www.datarep.com/data-request
Postal address (Ireland — head office): DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

DataRep has locations in each of the 27 EU countries, and in Norway and Iceland in the European Economic Area (EEA). A full list of country-specific addresses is available on request from datarequest@datarep.com or at www.datarep.com.

When mailing inquiries to any DataRep address, please mark your letter for “DataRep” (not “Job Boardly”) and refer clearly to Job Boardly in your correspondence.

UK Representative

We have appointed DataRep as our representative in the United Kingdom under Article 27 UK GDPR. You may contact our UK representative directly with any data protection queries or complaints:

DataRep
Email: datarequest@datarep.com (please quote “Job Boardly” in the subject line)
Online webform: www.datarep.com/data-request
Postal address: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

When mailing inquiries, please mark your letter for “DataRep” (not “Job Boardly”) and refer clearly to Job Boardly in your correspondence.

Supervisory authority

You have the right to lodge a complaint with your national data protection supervisory authority:

EU users: Contact your local authority — a full list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en
UK users: Contact the Information Commissioner’s Office (ICO) at https://ico.org.uk

15. California residents

If you are a California resident, you may have additional rights under California privacy law. Job Boardly does not currently meet the thresholds that trigger obligations under the California Consumer Privacy Act (CCPA). We will update this section as our obligations under California privacy law evolve. For any privacy-related queries, please contact us at hello@jobboardly.com.

16. Changes to this policy

We may update this Privacy Policy from time to time. If the changes are significant, we’ll notify you by email or through the platform.

The latest version will always be published at:
https://www.jobboardly.com/privacy-policy

17. Contact us

Have questions or concerns about your privacy? Get in touch:

Glacier Systems Pty Ltd
Email: hello@jobboardly.com
ABN: 47 687 105 184