Privacy Policy

Controller: Benic Oy · Y-tunnus 2204104-9
Tehtaankatu 8 A 6, 00140 Helsinki · hello@pathfin.fi
Last updated: 25 May 2026


1. What data we collect

DataPurposeLegal basis
Email addressAuthentication, transactional emailContract (Art. 6(1)(b) GDPR)
Name, work history, education, skillsGenerating your CV and cover lettersContract
Job postings you addGenerating cover letters, tracking applicationsContract
Subscription and billing info (via Stripe)Processing paymentsContract
Usage statistics (PostHog)Improving the productLegitimate interest

We do not collect payment card numbers — Stripe handles those directly.


2. How long we keep it

  • Account data: for as long as your account is active, plus 30 days after deletion.
  • Billing records: 7 years (Finnish Accounting Act requirement).
  • Usage analytics: 12 months rolling.

3. Who we share it with

We share data only with the sub-processors below, under GDPR-compliant data processing agreements:

Sub-processorPurposeLocation
SupabaseDatabase and authenticationEU (AWS eu-north-1)
AnthropicAI text generationUSA (SCCs in place)
StripePayment processingUSA/EU (SCCs in place)
VercelHostingUSA/EU (SCCs in place)
ResendTransactional emailUSA (SCCs in place)
PostHogProduct analyticsEU (EU Cloud)
SentryError trackingUSA (SCCs in place)

We do not sell your data.


4. Your rights

Under GDPR you have the right to:

  • Access your personal data
  • Rectify incorrect data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability — export your data via Settings → Export

To exercise any right, email hello@pathfin.fi. We respond within 30 days.

You can also lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).


5. Cookies

We use one functional cookie (Supabase session) and one analytics cookie (PostHog). No advertising cookies. You can opt out of analytics in your browser settings.


6. Changes

We will notify you by email if we make material changes to this policy.